php_novice2007

Hi all, I've made the following login system so far: a loginForm.html that accepts the user name and password. a loginck.php that verifies the user name and password. If successful, redirect to the menu page, if not, redirect back to loginForm.html. My question is.. if login was unsuccessful, how can I reload loginForm.html but with an error message as well? Currently the page just reloads and some users think that the login system is not working not realising that they have typed the wrong information. In an earlier version I had a message and a link back to loginForm.html displayed on loginck.php if login was unsucessful but it was annoying to have to click on the link all the time and thats why I made it redirect.. Any help is much appriciated. Thanks~!

oh wow~ Thanks so much! thats exactly what I want!

Are you saying that I can run php code inside JavaScript? I thought PHP is only done on the server side..

I think what I want to do is similar to when you view emails you can click on either "date" or "from" or "subject" etc and it sorts your emails for you according to what you choose. I want to do that to a table, the default is sorting by id, but if the user selects something from a drop down list (on the same page as the table) I want the table to change to have its rows sorted by what the user choose.

ohh so basically I have an onchange listener on the drop down list which calls up a javascript function which changes the address bar and get the page to reload? hm unfortunately the site you recommanded doesn't have anything that can change the address bar, and nothing useful is coming up on Google either.. one page actually said JavaScript can't change the address bar ???

would that produce the result in a new page?

Hi, I've got a mysql table called users with attributes "id", "name", "group", "last login". I've got a page where I first displays a HTML table containing all the users information followed by a form where each id is displayed and a check box is next to it. Currently I've just used a "select * from users" statement to extract all the users (ordered by id) and display their information on the HTML table. I've also saved the ids in a PHP array so that I can go through it and generate the form after displaying the table. Now I want to improve the display of the table. I want to add a drop down list on the page with options "id", "name", "group", and "last login" where depending on which one the user selects, the table will display the user information sorted by the option chosen. I'm not sure how to go about doing that.. I suppose I'll have to call a javascript function whenever the drop down option changed, and somehow redisplay the table. But how? I have to send another query to the database but I don't want to leave the page, and I need to keep at least the id sorted since I need it to generate the form.. Should I somehow form javascript objects (no idea how I would do that) and whenever the list changed write code to reorder the objects and then display the information? Thanks for any help~!

How do I prevent this? thanks~!

Hi, I'm not sure which forum this question belongs to.. not sure if this is a problem with the web server setting.. I'm developing a web site which allows users to log in and depending on what type of users they are, they get to access different pages of the site. Say theres a page: secureMenuAdmin.php, which can only be accessed by the administrator. When I open IE, and log in and get to secureMenuAdmin.php, I then open a new brower window, and copy the secureMenuAdmin.php into the address bar. On one computer it gives me the login page, and on another computer, it gives me secureMenuAdmin.php!.. Why is this the case?? I want to have the login page appear in the second brower. Similar problem is that for the first computer, I can have 2 IE browsers and be logged in with 2 different user names (i.e. see different menus), but on the second computer, I can only log in as 1 person at a time.. How do I make the second computer act like the first one? Thanks~!

By the way, if I have these code to stop SQL injection, does that mean a user name or password can't contain ` or ' s?

Hi, I've got something like this, is that the same as what you've got? $userid = $_POST['login']; $passWord = $_POST['password']; require("databaseInfo.php"); $dbtable = "users"; $link=mysql_connect("localhost", $username, $password) or die("Cannot connect to database"); //select database @mysql_select_db($database) or die("Unable to select database"); if(get_magic_quotes_gpc()) { $userid = stripslashes($userid); $passWord = stripslashes($passWord); } $query = sprintf("SELECT * FROM %s WHERE user_id = '%s'", $dbtable, mysql_real_escape_string($userid, $link)); $result=mysql_query($query, $link) or die("Unable to load selected table"); I think I copied the code from somewhere so not really sure what the magic_quotes_gpc do.. Do I still need your code to replace " ` " with " ' "? Thanks!

So if I add slashes to everything I'll be ok?

so therefore if I only use $POST and no $GET at all then I should be fine?

Hi, Does a MySQL injection attack only occur when the user is allowed to type something in which is used as part of a query? What about forms where the user can only select from radio buttons/checkboxes/drop down lists.. They can't really do the multiple SQL thing can they? Thanks~!

Hi guys, I'm just looking at the same topic.. at the moment I've got session_register('userid') in my loginCheck page, and then every other page I've got session_start(); if(session_is_registered('userid')){ session_regenerate_id(); ... } else { echo "You are not logged in"; } Is that doing the same as what darkfreaks's code is doing? I seem to remember being told elsewhere that "session_is_register" is not good to use, is that true?

+ restart Internet Explorer! Cool it works now Thanks~!

I dont think I'm using any cookies I did it anyway but its still not working

Hi all, I've modified my php.ini so I've got session.gc_maxlifetime = 60 and restarted my server so therefore my sessions should expires in 60 seconds right? its not.. .. I waited for 60 sec on the page and then tried to do something and it still works

Hi all, I have to do a presentation tomorrow on the website I've built and I'm worried about getting asked a question on the security of my system. For my website I'm using PHP sessions and at the beginning of each page I've got code to check if the session is registered. I want to ask: is this method secure? I know compared to cookies it is cos cookies are stored on the browser so you can 'easily' (thought I don't know how) change cookies variables. Is it true you can't change session variables? Also I've read that there are a few "security hole" to do with sessions. But I can't find any literature that talk about this. Can anyone help me? Thanks~!

well this is my way of doing the login page and it works In the validation page: //$match = 1 if the username and password matches if ($match == 0) { session_unset(); session_destroy(); echo "Invalid Login details <br><br>Please <a href=loginForm.html>go back</a> and try again"; } else { ini_set("session.gc_maxlifetime ", 60); //session expires after one min - doesn't actually work session_register('userid'); $_SESSION['user_name'] = $USERname; } And on all other pages which require a user to be logged in: //start the session session_start(); //check to make sure the session variable is registered if(session_is_registered('userid')){ $name = $_SESSION['user_name']; echo "Hi $name !"; // Rest of your code... } else { //the session variable isn't registered, send them back to the login page echo "You are not logged in, please go <a href=loginForm.html>here</a> to login"; } Hope this helps~!

Thanks guys for your input! Well I've heard of ASP, Perl and Python. Can I have 2 more examples? Please post the links if you do find them

Hi, I'm sure php is not the only programming language that supports mysql and thus allowing us to display database information onto a webpage. so... 1) What are some of the other languages available? 2) What advantages does PHP have over them? I'm asking because I have to justify why I wrote my webpage in PHP and not some other language. To be honest it was just suggested to me that I use PHP and so I did, didn't really look into whether its good or not. Luckily its great! Thanks for any suggestions~!

Hi all, I've got the following two tables schemas: emp(EMPNO, ENAME, JOB, MGR, HIREDATE, SAL, COMM, DEPTNO), primary key is EMPNO dept(DEPTNO, DNAME), primary key is DEPTNO DEPTNO is a foreign key in the Emp table. Anyway, the query is to find employees whose salary is greater than the average salary in their department. I've got a view created called empd(EMPNO, ENAME, JOB, SAL, COMM, DNAME). The answer for this query from my teacher is this: SELECT e1.ename, e1. dname, e1.sal FROM empd e1 where e1. sal > (SELECT avg(sal) FROM emp where e1.dname = dname) I have tried this query on the database and it does work, but I don't understand why it should work. In the inner query, I am assuming that "sal" and "dname" are columns of emp? If "dname" is an attribute of the emp table than the query makes sense, but it is not an attribute, so why does this query work? (I have sent an email to my teacher asking this but he hasn't replied and I've got a test tomorrow )

Hi, Is there any difference between the <>, !=, and ^= operator? They all just mean not equal to right? thanks

Hi, I've got the following code: HTML: <form name="myform1" action="b.php" method="POST"> <input type=radio checked name="CommandType" onclick="radioclick0();" value="0">Normal Command <input type=radio name="CommandType" onclick="radioclick1();" value="1">Put in Recovery Mode <input type="text" size=10 name=log_int value=5><br> </form> JS: function radioclick0() { document.myform1.log_int.disabled = "no"; } function radioclick1() { document.myform1.log_int.value = "0"; document.myform1.log_int.disabled = "yes"; } When the form is loaded, things are fine, as soon as I click on a radio button, the field is disabled, doesn't matter which button I click.... How do I fix it? Thanks~!