Kayz

Hi guys i have this form working, when somebody fills it out i receive the details fine, however they do not receive an automated response. I must be missing something so basic? Your expertise and help would be much appreciated. <?php //let's start our session, so we have access to stored data session_start(); $receiver = 'webmaster@mydomain.com'; $name = 'Submission Form'; $subject = 'Submission Form'; $header = "From: ". $name . " <" . $receiver . ">\r\n"; $fromemail = 'info@mydomain.com'; $fromname = 'Submission Form'; $fromsubject = 'Confirmation of Submission Form'; $headers = "From: ". $fromname . " <" . $fromemail . ">\r\n"; $arr= array(); // REMOVAL FROM $arr[0] = " Incident details: \r\n--------------- \n\n"; $arr[1] = "Date of Incident: "; $arr[2] = $_POST['Day']; $arr[3] = " "; $arr[4] = $_POST['Month']; $arr[5] = " "; $arr[6] = $_POST['Year']; $arr[7] = "\n\n Is this date accurate?: "; $arr[8] = $_POST['date_accurate']; $arr[9] = "\n\n Time of incident: "; $arr[10] = $_POST['hour']; $arr[11] = ":"; $arr[12] = $_POST['minute']; $arr[13] = " "; $arr[14] = $_POST['ampm']; $arr[15] = "\n\n Is this time accurate?: "; $arr[16] = $_POST['time_accurate']; $arr[17] = "\n\n First Name: "; $arr[18] = $_POST['Title']; $arr[19] = " "; $arr[20] = $_POST['fname']; $arr[21] = "\n\n Last Name: "; $arr[22] = $_POST['lname']; // REMOVAL TO $arr[23] = "\r\n\r\n\r\n\r\n Victims details: \r\n------------- \n\n"; $arr[24] = "Date of Birth: "; $arr[25] = $_POST['dobDay']; $arr[26] = " "; $arr[27] = $_POST['dobMonth']; $arr[28] = " "; $arr[29] = $_POST['dobYear']; $arr[30] = "\n\n House Name / No.: "; $arr[31] = $_POST['House_Name_No']; $arr[32] = "\n\n Address Line 1: "; $arr[33] = $_POST['Address_Line_1']; $arr[34] = "\n\n Address Line 2: "; $arr[35] = $_POST['Address_Line_2']; $arr[36] = "\n\n Post Code: "; $arr[37] = $_POST['PostCode']; $arr[38] = "\n\n Telephone No.: "; $arr[39] = $_POST['TelephoneNo']; $arr[40] = "\n\n Email Address: "; $arr[41] = $_POST['EmailAddress']; $arr[42] = "\n\n Name of Location: "; $arr[43] = $_POST['iLocationName']; $arr[44] = "\r\n\r\n\r\n\r\n Incident Location: \r\n------------------------------ \n\n"; $arr[45] = "Address Line 1: "; $arr[46] = $_POST['iAddress_Line_1']; $arr[47] = "\n\n Address Line 2: "; $arr[48] = $_POST['iAddress_Line_2']; $arr[49] = "\n\n Town / City: "; $arr[50] = $_POST['iTownCity']; $arr[51] = "\n\n Post Code: "; $arr[52] = $_POST['iPostCode']; $arr[53] = "\n\n Country: "; $arr[54] = $_POST['iCountry']; $arr[55] = "\n\n Incident Details: "; $arr[56] = $_POST['incident_details']; $arr[57] = "\r\n\r\n\r\n\r\n Reporting to the Police: \r\n------------------------------ \n\n"; $arr[58] = "Were the police informed?: "; $arr[59] = $_POST['police_informed']; $arr[60] = "\n\n Date informed: "; $arr[61] = $_POST['PDay']; $arr[62] = " "; $arr[63] = $_POST['PMonth']; $arr[64] = " "; $arr[65] = $_POST['PYear']; $arr[66] = "\n\n Station: "; $arr[67] = $_POST['station']; $arr[68] = "\n\n Station Tel no.: "; $arr[69] = $_POST['stationtel']; $arr[70] = "\n\n Officer Name: "; $arr[71] = $_POST['officername']; $arr[72] = "\n\n Crime no.: "; $arr[73] = $_POST['crimeno']; foreach ($arr as $i => $t) { if ( empty($t) ) { unset($arr[$i-1]); } } $content = implode('', $arr); mail("$receiver", "$subject", stripslashes("$content"), "$header"); header("Location: thankyou.html"); $message2 = " Dear $fname, Thank you for filling out this form and submitting incident details. "; mail("$EmailAddress", "$fromsubject", stripslashes("$message2"), "$headers"); header("Location: thankyou.html"); ?>

Thanks, i have had a quick read and it's pretty much something i am already aware of. The user managment script i am using already has sha1 implemented with salt i believe. Ideally i would have liked to used sha512 with salt and blowfish. But since it's still early stages i am trying to work with what i have before i embark on spending more time understanding hashing and then ultimately implementing a better hash.

Hi guys I have a script which i've been playing around with thanks to Spiderwell: http://www.phpfreaks.com/forums/index.php?action=profile;u=35078 I have sort of merged it with another 'member managment' script which is working great. Now i can't seem to correctly create a login page to pass the hashed password using (sha1). Now all i want to do is verify the username and the (hashed) password according to the database and allow the user in. The script i am using to check login works fine without a hashed password in the database. But ideally i'd like to use a hashed form of password. Can somebody show me what change i need to make in this script below in order to pass a sha1 hashed password? I'm guessing it's a really small change from the examples i've seen online, but i just cant seem to get mine to work. :| Your help would be much appreciated. Login Page PHP: <form name="login" method="post" action="check_login.php3"> <p><strong>Secured Area User Log-in</strong></p> <p>Username: <input name="bioname" type="text" id="bioname"></p> <p>Password: <input name="biopass" type="password" id="biopass"></p> <p> </p> <p><input type="submit" name="Submit" value="Login"></p> </form> Check Login Processor (which is the file i that needs the sha1 added somewhere i think) <?php require_once('config.php3'); // Connect to the server and select the database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db")or die("Unable to select database"); // $loginusername = false; $loginpassword = false; $err = false; // default error message is empty // The username and password sent from login.php //the isset() basically means if its there get it, otherwise dont bother if (isset($_POST['bioname'])) $loginusername=$_POST['bioname']; if (isset($_POST['biopass']))$loginpassword=$_POST['biopass']; // if either isnt filled in, tell the user, a very basic bit of validation if (!$loginusername || !$loginpassword) $err = "please complete the form"; if (!$err) //if no error continue { //The following bit of coding protects from MySQL injection attacks $loginusername = stripslashes($loginusername); $loginpassword = stripslashes($loginpassword); $loginusername = mysql_real_escape_string($loginusername); $loginpassword = mysql_real_escape_string($loginpassword); //you could add other things like check for text only blah blah $sql="SELECT * FROM $tbl WHERE bioname='$loginusername' and biopass='$loginpassword'"; $result=mysql_query($sql); // Count how many results were pulled from the table $count=mysql_num_rows($result); // If the result equals 1, continue if($count==1) { session_start(); $_SESSION['user'] = $loginusername; // store session data //please see I have used a session variable that is generic not specific, otherwise you will have to make this page different for every user //that would be a pain in the ass, you don't need to have user1 or user2, its the value stored that relevant, not what the variable name is header("Location: {$loginusername}/index.php3"); } else { $err = "Wrong Username or Password"; } }// end login if statement if ($err) // show error message if there is one { echo $err; echo "<br>Please go back in your browser and try again"; } ?> The secure page: <?php session_start(); $mypath = $_SERVER["REQUEST_URI"]; //echo $mypath; // for debugging //now we have the path lets see if the username is in that path, i.e. test2 is inside /something/test2/index.php //use the built in strpos() function, which returns position of the last occurance of the string you are looking for inside another string. //http://php.net/manual/en/function.strrpos.php if(strpos($mypath,"/".$_SESSION['user']."/"))//on testing it failed initially as username test is found in path /test2/ so i added the slashes to stop that. so /test/ doesnt get found in /test2/ { echo "congratulations you are the right person in the right place"; } else { session_destroy(); //kill the session, naughty person trying to come here header("Location: ../login.php3"); die();// stop page executing any further } ?> <html> <body> </body> </html> Thanks and i look forward to your replies.

This works splendid! Just as i wanted when i first embarked on this project. But i realised i would want to give users their own username like mydomain.com/username and their own folders so i went down the route of giving each user a session which will mean i have to edit the script.. but this eliminates all this and i can use it in every directory without the need to edit the script! Many thanks spiderwell... i presume the script is also secure and nobody can hack into it? I'll be changing the database and will store the passwords in md5 encryption. Also would you have any good pointers or recommend any websites where i can read and learn more php? There are so many out there but i think your recommendation would be wise. Cheers once again!

Excellent stuff, i am currently at work and will soon try this. Im assuming one login page does it all? I was hoping to redirect users to mydomain/user/ for their page but i think i can get around this easily. Cheers, speak to you soon!

Cheers will do! If only i could offer/make you tea for the help. Thank you again, it's a few days short of a week that i have been trying to get this to work, thank god for this forum! and of course Thank you again!

It's past midnight here too and im suppose to be waking up at 7 for work! These things really have me dreaming codes! I must thank you once again for your much needed help.. thank you!

Edit: I have got it to work! Thank you very much! Here is the final piece. Login Checker: <?php // Require the information from the includes.php page require_once('../config.php'); // Connect to the server and select the database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db")or die("Unable to select database"); // The username and password sent from login.php $loginusername=$_POST['username']; $loginpassword=$_POST['password']; //The following bit of coding protects from MySQL injection attacks $loginusername = stripslashes($loginusername); $loginpassword = stripslashes($loginpassword); $loginusername = mysql_real_escape_string($loginusername); $loginpassword = mysql_real_escape_string($loginpassword); $sql="SELECT * FROM $tbl WHERE username='$loginusername' and password='$loginpassword'"; //$sql="SELECT * FROM $tbl WHERE userName='"test"' and password='".$loginpassword."'"; $result=mysql_query($sql); // Count how many results were pulled from the table $count=mysql_num_rows($result); // If the result equals 1, continue if($count==1){ session_start(); $_SESSION['user1'] = $loginusername; // <<******************************** //echo "User: = ". $_SESSION['loginusername']; //retrieve data header("Location: ../{$loginusername}/index.php"); } // If not successful, inform the user of error else { echo "Wrong Username or Password"; } ?> Instead of username it needed to be $_SESSION['user1'] = $loginusername; The secure page <?php session_start(); $loginusername = 'test'; if ($_SESSION['user1'] != $loginusername){ //if (!$_SESSION['user1']){ //if not present assuming this is not the setting page header("Location: login.php"); //redirect to login page }else{ print "its working test 1"; } ?> <html> <body> Login Successful </body> </html> Same applied it needed to be $loginusername as the variable. Thank you very much spiderwell you have been of great help. If you don't mind having a look at the code in general do you think it is safe and secure enough? As i am still a beginner i fear that somebody might come along and snap it to pieces or gain access to my secure pages somehow? Your advice would be much appreciated.

For a moment i thought this had worked but unfortunately i am faced with the same problem, the purple bits are the changes i made with your method. Ive realised the script checks the user/pw against the db first which runs the script giving it the session regardless of what the username or user is, so if the user is given the session he can always change the url to whatever page. With the method below i was able to log into user 2's page. secure page is with the snippet you have provided <?php session_start(); [b][color=purple]$username = 'test';[/color] [/b] [b][color=purple]if ($_SESSION['user1'] != $username ){[/color] [/b] header("Location: login.php"); //redirect to login page }else{ print "its working test 1"; } Now for the login checker <?php require_once('../config.php'); // Connect to the server and select the database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db")or die("Unable to select database"); // The username and password sent from login.php $loginusername=$_POST['username']; $loginpassword=$_POST['password']; //The following bit of coding protects from MySQL injection attacks $loginusername = stripslashes($loginusername); $loginpassword = stripslashes($loginpassword); $loginusername = mysql_real_escape_string($loginusername); $loginpassword = mysql_real_escape_string($loginpassword); $sql="SELECT * FROM $tbl WHERE username='$loginusername' and password='$loginpassword'"; //$sql="SELECT * FROM $tbl WHERE userName='"test"' and password='".$loginpassword."'"; $result=mysql_query($sql); // Count how many results were pulled from the table $count=mysql_num_rows($result); // If the result equals 1, continue if($count==1){ session_start(); [b][color=purple]$username = 'test';[/color] [/b] $_SESSION['user1'] = $username; // store session data header("Location: ../{$loginusername}/index.php"); } // If not successful, inform the user of error else { echo "Wrong Username or Password"; } ?>

I see, i tried something like this but it did not work with an 'if statement' im still a newbie with php to be honest... any help would be appreciated. I will have many users so i dont think it would be a good idea to rule out 'xxx' list of users but rather allow only username 'john' to access his page. Each page will be assigned to each user and will be custom in their own way. So 'john' or whoever the user is must be the only person allowed access. Cheers

I think i got you.. well if you see the scripts above the session is in index.php and it works. But the issue we have is when the user is logged in it can go along to another users profile and also login which will give it a new session... do you see what i mean? I need to make each page unique to the user with the login script somehow.. thank you for your input though.

Hi guys i've spent 3 whole days trying to get this to work but it dosent. My issue is very similar almost the same as: http://www.phpfreaks.com/forums/index.php?topic=296100.15 but with the code i have. Basically i have custom member pages. member1.php member2.php the design and content will be custom to each member, they also have their own login page. Each member should be able to access their page and simply view their secure area. They should not be able to log into another users area if they dont have the username or password for it. Now the problem is, i have this entire script setup and it works, however i fear there is something wrong with the sessions which allows other members to access other members pages with their own passwords and usernames because they share the same database. So the script executes thinking its a valid user and lets them in. Here is my login checker once the user is validated they are sent to their own folder header("Location: ../{$loginusername}/index.php"); and are able to view the page. <?php require_once('../config.php'); // Connect to the server and select the database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db")or die("Unable to select database"); // The username and password sent from login.php $loginusername=$_POST['username']; $loginpassword=$_POST['password']; //The following bit of coding protects from MySQL injection attacks $loginusername = stripslashes($loginusername); $loginpassword = stripslashes($loginpassword); $loginusername = mysql_real_escape_string($loginusername); $loginpassword = mysql_real_escape_string($loginpassword); $sql="SELECT * FROM $tbl WHERE username='$loginusername' and password='$loginpassword'"; $result=mysql_query($sql); // Count how many results were pulled from the table $count=mysql_num_rows($result); // If the result equals 1, continue if($count==1){ session_start(); $_SESSION["loginusername"] = $loginusername; $_SESSION['user1'] = $username; // store session data //echo "User: = ". $_SESSION['loginusername']; //retrieve data header("Location: ../{$loginusername}/index.php"); } // If not successful, inform the user of error else { echo "Wrong Username or Password"; } ?> Now here is the secure page sample: <?php session_start(); if (!$_SESSION['user1']){ header("Location: login.php"); }else{ print "its working!"; } ?> <html> <body> Login Successful for </body> </html> For each login page i have given each user it's own session.. this works, however if user1 logs in and simply changes the url to user2 and enters his user2 password he is granted access giving him new sessions which means he has access to everything. Im pretty sure im missing something really small any help would be appreciated.

Hi all...my project is nearing its deadline tommorow jsut need some small snippet help now. As you can see from the code below its reading from the database fine, it will show two of the first entries in the db. Theres a small peice of code i remember but cant find it, where you can add to the bottom of the script where if there are new entries it will add to the list automatically. Any help would be appreciated. <?php /*reading the data we have just entered */ $connect = mysql_connect("*****","****","****"); if (!$connect) die ("Could Not Connect to the Database"); mysql_select_db("mdb_am663", $connect); $result = mysql_query("SELECT * FROM contacts",$connect); printf("membership id: %s<br>\n", mysql_result($result,0,"member_id")); printf("First Name: %s<br>\n", mysql_result($result,0,"firstname")); printf("Last Name: %s<br>\n", mysql_result($result,0,"surname")); printf("Contact No.: %s<br>\n", mysql_result($result,0,"contact_no")); printf("House Name/No.: %s<br>\n", mysql_result($result,0,"housename_no")); printf("Address Line 1: %s<br>\n", mysql_result($result,0,"address_line1")); printf("Address Line 2: %s<br>\n", mysql_result($result,0,"address_line2")); printf("Address Line 3: %s<br>\n", mysql_result($result,0,"address_line3")); printf("City or County: %s<br>\n", mysql_result($result,0,"city_county")); printf("Postcode: %s<br>\n", mysql_result($result,0,"postcode")); printf("Email Registered: %s<br>\n", mysql_result($result,0,"email")); printf("Username Registered: %s<br>\n", mysql_result($result,0,"username")); printf("Password: %s<br>\n", mysql_result($result,0,"password")); echo nl2br ("\n"); printf("membership id: %s<br>\n", mysql_result($result,1,"member_id")); printf("First Name: %s<br>\n", mysql_result($result,1,"firstname")); printf("Last Name: %s<br>\n", mysql_result($result,1,"surname")); printf("Contact No.: %s<br>\n", mysql_result($result,1,"contact_no")); printf("House Name/No.: %s<br>\n", mysql_result($result,1,"housename_no")); printf("Address Line 1: %s<br>\n", mysql_result($result,1,"address_line1")); printf("Address Line 2: %s<br>\n", mysql_result($result,1,"address_line2")); printf("Address Line 3: %s<br>\n", mysql_result($result,1,"address_line3")); printf("City or County: %s<br>\n", mysql_result($result,1,"city_county")); printf("Postcode: %s<br>\n", mysql_result($result,1,"postcode")); printf("Email Registered: %s<br>\n", mysql_result($result,1,"email")); printf("Username Registered: %s<br>\n", mysql_result($result,1,"username")); printf("Password: %s<br>\n", mysql_result($result,1,"password")); echo nl2br ("\n"); mysql_close($connect); ?>

This place being the fantastic place that it is i can always rely on it. I have a few simple things to accomplish and if some of you guys can maybe direct me in the right direction to some quick and easy tutorials for the following, then it would be much appreciated. Note: I have a working db already with users, login/logout. Security is not important. 1. A tutorial for an admin to analyse the use of the web site statistics. Admin be able to view what pages have been accessed, username to be stored, the date and time of access, browser used, IP address used and page accessed, the count to the number of visits. 2. Small message system, one particular user is able to log into his account and psot a message for admin to read and be notifed. & Vice versa? This is just for a university project and i do not need security. I just need something very small and easy to implement. If you think you can help then please do let me know. Thanks

the rest of it is on tiop ^^