Jump to content

Kayz

Members
  • Posts

    25
  • Joined

  • Last visited

    Never

Everything posted by Kayz

  1. Hi guys i have this form working, when somebody fills it out i receive the details fine, however they do not receive an automated response. I must be missing something so basic? Your expertise and help would be much appreciated. <?php //let's start our session, so we have access to stored data session_start(); $receiver = 'webmaster@mydomain.com'; $name = 'Submission Form'; $subject = 'Submission Form'; $header = "From: ". $name . " <" . $receiver . ">\r\n"; $fromemail = 'info@mydomain.com'; $fromname = 'Submission Form'; $fromsubject = 'Confirmation of Submission Form'; $headers = "From: ". $fromname . " <" . $fromemail . ">\r\n"; $arr= array(); // REMOVAL FROM $arr[0] = " Incident details: \r\n--------------- \n\n"; $arr[1] = "Date of Incident: "; $arr[2] = $_POST['Day']; $arr[3] = " "; $arr[4] = $_POST['Month']; $arr[5] = " "; $arr[6] = $_POST['Year']; $arr[7] = "\n\n Is this date accurate?: "; $arr[8] = $_POST['date_accurate']; $arr[9] = "\n\n Time of incident: "; $arr[10] = $_POST['hour']; $arr[11] = ":"; $arr[12] = $_POST['minute']; $arr[13] = " "; $arr[14] = $_POST['ampm']; $arr[15] = "\n\n Is this time accurate?: "; $arr[16] = $_POST['time_accurate']; $arr[17] = "\n\n First Name: "; $arr[18] = $_POST['Title']; $arr[19] = " "; $arr[20] = $_POST['fname']; $arr[21] = "\n\n Last Name: "; $arr[22] = $_POST['lname']; // REMOVAL TO $arr[23] = "\r\n\r\n\r\n\r\n Victims details: \r\n------------- \n\n"; $arr[24] = "Date of Birth: "; $arr[25] = $_POST['dobDay']; $arr[26] = " "; $arr[27] = $_POST['dobMonth']; $arr[28] = " "; $arr[29] = $_POST['dobYear']; $arr[30] = "\n\n House Name / No.: "; $arr[31] = $_POST['House_Name_No']; $arr[32] = "\n\n Address Line 1: "; $arr[33] = $_POST['Address_Line_1']; $arr[34] = "\n\n Address Line 2: "; $arr[35] = $_POST['Address_Line_2']; $arr[36] = "\n\n Post Code: "; $arr[37] = $_POST['PostCode']; $arr[38] = "\n\n Telephone No.: "; $arr[39] = $_POST['TelephoneNo']; $arr[40] = "\n\n Email Address: "; $arr[41] = $_POST['EmailAddress']; $arr[42] = "\n\n Name of Location: "; $arr[43] = $_POST['iLocationName']; $arr[44] = "\r\n\r\n\r\n\r\n Incident Location: \r\n------------------------------ \n\n"; $arr[45] = "Address Line 1: "; $arr[46] = $_POST['iAddress_Line_1']; $arr[47] = "\n\n Address Line 2: "; $arr[48] = $_POST['iAddress_Line_2']; $arr[49] = "\n\n Town / City: "; $arr[50] = $_POST['iTownCity']; $arr[51] = "\n\n Post Code: "; $arr[52] = $_POST['iPostCode']; $arr[53] = "\n\n Country: "; $arr[54] = $_POST['iCountry']; $arr[55] = "\n\n Incident Details: "; $arr[56] = $_POST['incident_details']; $arr[57] = "\r\n\r\n\r\n\r\n Reporting to the Police: \r\n------------------------------ \n\n"; $arr[58] = "Were the police informed?: "; $arr[59] = $_POST['police_informed']; $arr[60] = "\n\n Date informed: "; $arr[61] = $_POST['PDay']; $arr[62] = " "; $arr[63] = $_POST['PMonth']; $arr[64] = " "; $arr[65] = $_POST['PYear']; $arr[66] = "\n\n Station: "; $arr[67] = $_POST['station']; $arr[68] = "\n\n Station Tel no.: "; $arr[69] = $_POST['stationtel']; $arr[70] = "\n\n Officer Name: "; $arr[71] = $_POST['officername']; $arr[72] = "\n\n Crime no.: "; $arr[73] = $_POST['crimeno']; foreach ($arr as $i => $t) { if ( empty($t) ) { unset($arr[$i-1]); } } $content = implode('', $arr); mail("$receiver", "$subject", stripslashes("$content"), "$header"); header("Location: thankyou.html"); $message2 = " Dear $fname, Thank you for filling out this form and submitting incident details. "; mail("$EmailAddress", "$fromsubject", stripslashes("$message2"), "$headers"); header("Location: thankyou.html"); ?>
  2. Thanks, i have had a quick read and it's pretty much something i am already aware of. The user managment script i am using already has sha1 implemented with salt i believe. Ideally i would have liked to used sha512 with salt and blowfish. But since it's still early stages i am trying to work with what i have before i embark on spending more time understanding hashing and then ultimately implementing a better hash.
  3. Hi guys I have a script which i've been playing around with thanks to Spiderwell: http://www.phpfreaks.com/forums/index.php?action=profile;u=35078 I have sort of merged it with another 'member managment' script which is working great. Now i can't seem to correctly create a login page to pass the hashed password using (sha1). Now all i want to do is verify the username and the (hashed) password according to the database and allow the user in. The script i am using to check login works fine without a hashed password in the database. But ideally i'd like to use a hashed form of password. Can somebody show me what change i need to make in this script below in order to pass a sha1 hashed password? I'm guessing it's a really small change from the examples i've seen online, but i just cant seem to get mine to work. :| Your help would be much appreciated. Login Page PHP: <form name="login" method="post" action="check_login.php3"> <p><strong>Secured Area User Log-in</strong></p> <p>Username: <input name="bioname" type="text" id="bioname"></p> <p>Password: <input name="biopass" type="password" id="biopass"></p> <p> </p> <p><input type="submit" name="Submit" value="Login"></p> </form> Check Login Processor (which is the file i that needs the sha1 added somewhere i think) <?php require_once('config.php3'); // Connect to the server and select the database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db")or die("Unable to select database"); // $loginusername = false; $loginpassword = false; $err = false; // default error message is empty // The username and password sent from login.php //the isset() basically means if its there get it, otherwise dont bother if (isset($_POST['bioname'])) $loginusername=$_POST['bioname']; if (isset($_POST['biopass']))$loginpassword=$_POST['biopass']; // if either isnt filled in, tell the user, a very basic bit of validation if (!$loginusername || !$loginpassword) $err = "please complete the form"; if (!$err) //if no error continue { //The following bit of coding protects from MySQL injection attacks $loginusername = stripslashes($loginusername); $loginpassword = stripslashes($loginpassword); $loginusername = mysql_real_escape_string($loginusername); $loginpassword = mysql_real_escape_string($loginpassword); //you could add other things like check for text only blah blah $sql="SELECT * FROM $tbl WHERE bioname='$loginusername' and biopass='$loginpassword'"; $result=mysql_query($sql); // Count how many results were pulled from the table $count=mysql_num_rows($result); // If the result equals 1, continue if($count==1) { session_start(); $_SESSION['user'] = $loginusername; // store session data //please see I have used a session variable that is generic not specific, otherwise you will have to make this page different for every user //that would be a pain in the ass, you don't need to have user1 or user2, its the value stored that relevant, not what the variable name is header("Location: {$loginusername}/index.php3"); } else { $err = "Wrong Username or Password"; } }// end login if statement if ($err) // show error message if there is one { echo $err; echo "<br>Please go back in your browser and try again"; } ?> The secure page: <?php session_start(); $mypath = $_SERVER["REQUEST_URI"]; //echo $mypath; // for debugging //now we have the path lets see if the username is in that path, i.e. test2 is inside /something/test2/index.php //use the built in strpos() function, which returns position of the last occurance of the string you are looking for inside another string. //http://php.net/manual/en/function.strrpos.php if(strpos($mypath,"/".$_SESSION['user']."/"))//on testing it failed initially as username test is found in path /test2/ so i added the slashes to stop that. so /test/ doesnt get found in /test2/ { echo "congratulations you are the right person in the right place"; } else { session_destroy(); //kill the session, naughty person trying to come here header("Location: ../login.php3"); die();// stop page executing any further } ?> <html> <body> </body> </html> Thanks and i look forward to your replies.
  4. This works splendid! Just as i wanted when i first embarked on this project. But i realised i would want to give users their own username like mydomain.com/username and their own folders so i went down the route of giving each user a session which will mean i have to edit the script.. but this eliminates all this and i can use it in every directory without the need to edit the script! Many thanks spiderwell... i presume the script is also secure and nobody can hack into it? I'll be changing the database and will store the passwords in md5 encryption. Also would you have any good pointers or recommend any websites where i can read and learn more php? There are so many out there but i think your recommendation would be wise. Cheers once again!
  5. Excellent stuff, i am currently at work and will soon try this. Im assuming one login page does it all? I was hoping to redirect users to mydomain/user/ for their page but i think i can get around this easily. Cheers, speak to you soon!
  6. Cheers will do! If only i could offer/make you tea for the help. Thank you again, it's a few days short of a week that i have been trying to get this to work, thank god for this forum! and of course Thank you again!
  7. It's past midnight here too and im suppose to be waking up at 7 for work! These things really have me dreaming codes! I must thank you once again for your much needed help.. thank you!
  8. Edit: I have got it to work! Thank you very much! Here is the final piece. Login Checker: <?php // Require the information from the includes.php page require_once('../config.php'); // Connect to the server and select the database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db")or die("Unable to select database"); // The username and password sent from login.php $loginusername=$_POST['username']; $loginpassword=$_POST['password']; //The following bit of coding protects from MySQL injection attacks $loginusername = stripslashes($loginusername); $loginpassword = stripslashes($loginpassword); $loginusername = mysql_real_escape_string($loginusername); $loginpassword = mysql_real_escape_string($loginpassword); $sql="SELECT * FROM $tbl WHERE username='$loginusername' and password='$loginpassword'"; //$sql="SELECT * FROM $tbl WHERE userName='"test"' and password='".$loginpassword."'"; $result=mysql_query($sql); // Count how many results were pulled from the table $count=mysql_num_rows($result); // If the result equals 1, continue if($count==1){ session_start(); $_SESSION['user1'] = $loginusername; // <<******************************** //echo "User: = ". $_SESSION['loginusername']; //retrieve data header("Location: ../{$loginusername}/index.php"); } // If not successful, inform the user of error else { echo "Wrong Username or Password"; } ?> Instead of username it needed to be $_SESSION['user1'] = $loginusername; The secure page <?php session_start(); $loginusername = 'test'; if ($_SESSION['user1'] != $loginusername){ //if (!$_SESSION['user1']){ //if not present assuming this is not the setting page header("Location: login.php"); //redirect to login page }else{ print "its working test 1"; } ?> <html> <body> Login Successful </body> </html> Same applied it needed to be $loginusername as the variable. Thank you very much spiderwell you have been of great help. If you don't mind having a look at the code in general do you think it is safe and secure enough? As i am still a beginner i fear that somebody might come along and snap it to pieces or gain access to my secure pages somehow? Your advice would be much appreciated.
  9. For a moment i thought this had worked but unfortunately i am faced with the same problem, the purple bits are the changes i made with your method. Ive realised the script checks the user/pw against the db first which runs the script giving it the session regardless of what the username or user is, so if the user is given the session he can always change the url to whatever page. With the method below i was able to log into user 2's page. secure page is with the snippet you have provided <?php session_start(); [b][color=purple]$username = 'test';[/color] [/b] [b][color=purple]if ($_SESSION['user1'] != $username ){[/color] [/b] header("Location: login.php"); //redirect to login page }else{ print "its working test 1"; } Now for the login checker <?php require_once('../config.php'); // Connect to the server and select the database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db")or die("Unable to select database"); // The username and password sent from login.php $loginusername=$_POST['username']; $loginpassword=$_POST['password']; //The following bit of coding protects from MySQL injection attacks $loginusername = stripslashes($loginusername); $loginpassword = stripslashes($loginpassword); $loginusername = mysql_real_escape_string($loginusername); $loginpassword = mysql_real_escape_string($loginpassword); $sql="SELECT * FROM $tbl WHERE username='$loginusername' and password='$loginpassword'"; //$sql="SELECT * FROM $tbl WHERE userName='"test"' and password='".$loginpassword."'"; $result=mysql_query($sql); // Count how many results were pulled from the table $count=mysql_num_rows($result); // If the result equals 1, continue if($count==1){ session_start(); [b][color=purple]$username = 'test';[/color] [/b] $_SESSION['user1'] = $username; // store session data header("Location: ../{$loginusername}/index.php"); } // If not successful, inform the user of error else { echo "Wrong Username or Password"; } ?>
  10. I see, i tried something like this but it did not work with an 'if statement' im still a newbie with php to be honest... any help would be appreciated. I will have many users so i dont think it would be a good idea to rule out 'xxx' list of users but rather allow only username 'john' to access his page. Each page will be assigned to each user and will be custom in their own way. So 'john' or whoever the user is must be the only person allowed access. Cheers
  11. I think i got you.. well if you see the scripts above the session is in index.php and it works. But the issue we have is when the user is logged in it can go along to another users profile and also login which will give it a new session... do you see what i mean? I need to make each page unique to the user with the login script somehow.. thank you for your input though.
  12. Hi guys i've spent 3 whole days trying to get this to work but it dosent. My issue is very similar almost the same as: http://www.phpfreaks.com/forums/index.php?topic=296100.15 but with the code i have. Basically i have custom member pages. member1.php member2.php the design and content will be custom to each member, they also have their own login page. Each member should be able to access their page and simply view their secure area. They should not be able to log into another users area if they dont have the username or password for it. Now the problem is, i have this entire script setup and it works, however i fear there is something wrong with the sessions which allows other members to access other members pages with their own passwords and usernames because they share the same database. So the script executes thinking its a valid user and lets them in. Here is my login checker once the user is validated they are sent to their own folder header("Location: ../{$loginusername}/index.php"); and are able to view the page. <?php require_once('../config.php'); // Connect to the server and select the database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db")or die("Unable to select database"); // The username and password sent from login.php $loginusername=$_POST['username']; $loginpassword=$_POST['password']; //The following bit of coding protects from MySQL injection attacks $loginusername = stripslashes($loginusername); $loginpassword = stripslashes($loginpassword); $loginusername = mysql_real_escape_string($loginusername); $loginpassword = mysql_real_escape_string($loginpassword); $sql="SELECT * FROM $tbl WHERE username='$loginusername' and password='$loginpassword'"; $result=mysql_query($sql); // Count how many results were pulled from the table $count=mysql_num_rows($result); // If the result equals 1, continue if($count==1){ session_start(); $_SESSION["loginusername"] = $loginusername; $_SESSION['user1'] = $username; // store session data //echo "User: = ". $_SESSION['loginusername']; //retrieve data header("Location: ../{$loginusername}/index.php"); } // If not successful, inform the user of error else { echo "Wrong Username or Password"; } ?> Now here is the secure page sample: <?php session_start(); if (!$_SESSION['user1']){ header("Location: login.php"); }else{ print "its working!"; } ?> <html> <body> Login Successful for </body> </html> For each login page i have given each user it's own session.. this works, however if user1 logs in and simply changes the url to user2 and enters his user2 password he is granted access giving him new sessions which means he has access to everything. Im pretty sure im missing something really small any help would be appreciated.
  13. Hi all...my project is nearing its deadline tommorow jsut need some small snippet help now. As you can see from the code below its reading from the database fine, it will show two of the first entries in the db. Theres a small peice of code i remember but cant find it, where you can add to the bottom of the script where if there are new entries it will add to the list automatically. Any help would be appreciated. <?php /*reading the data we have just entered */ $connect = mysql_connect("*****","****","****"); if (!$connect) die ("Could Not Connect to the Database"); mysql_select_db("mdb_am663", $connect); $result = mysql_query("SELECT * FROM contacts",$connect); printf("membership id: %s<br>\n", mysql_result($result,0,"member_id")); printf("First Name: %s<br>\n", mysql_result($result,0,"firstname")); printf("Last Name: %s<br>\n", mysql_result($result,0,"surname")); printf("Contact No.: %s<br>\n", mysql_result($result,0,"contact_no")); printf("House Name/No.: %s<br>\n", mysql_result($result,0,"housename_no")); printf("Address Line 1: %s<br>\n", mysql_result($result,0,"address_line1")); printf("Address Line 2: %s<br>\n", mysql_result($result,0,"address_line2")); printf("Address Line 3: %s<br>\n", mysql_result($result,0,"address_line3")); printf("City or County: %s<br>\n", mysql_result($result,0,"city_county")); printf("Postcode: %s<br>\n", mysql_result($result,0,"postcode")); printf("Email Registered: %s<br>\n", mysql_result($result,0,"email")); printf("Username Registered: %s<br>\n", mysql_result($result,0,"username")); printf("Password: %s<br>\n", mysql_result($result,0,"password")); echo nl2br ("\n"); printf("membership id: %s<br>\n", mysql_result($result,1,"member_id")); printf("First Name: %s<br>\n", mysql_result($result,1,"firstname")); printf("Last Name: %s<br>\n", mysql_result($result,1,"surname")); printf("Contact No.: %s<br>\n", mysql_result($result,1,"contact_no")); printf("House Name/No.: %s<br>\n", mysql_result($result,1,"housename_no")); printf("Address Line 1: %s<br>\n", mysql_result($result,1,"address_line1")); printf("Address Line 2: %s<br>\n", mysql_result($result,1,"address_line2")); printf("Address Line 3: %s<br>\n", mysql_result($result,1,"address_line3")); printf("City or County: %s<br>\n", mysql_result($result,1,"city_county")); printf("Postcode: %s<br>\n", mysql_result($result,1,"postcode")); printf("Email Registered: %s<br>\n", mysql_result($result,1,"email")); printf("Username Registered: %s<br>\n", mysql_result($result,1,"username")); printf("Password: %s<br>\n", mysql_result($result,1,"password")); echo nl2br ("\n"); mysql_close($connect); ?>
  14. This place being the fantastic place that it is i can always rely on it. I have a few simple things to accomplish and if some of you guys can maybe direct me in the right direction to some quick and easy tutorials for the following, then it would be much appreciated. Note: I have a working db already with users, login/logout. Security is not important. 1. A tutorial for an admin to analyse the use of the web site statistics. Admin be able to view what pages have been accessed, username to be stored, the date and time of access, browser used, IP address used and page accessed, the count to the number of visits. 2. Small message system, one particular user is able to log into his account and psot a message for admin to read and be notifed. & Vice versa? This is just for a university project and i do not need security. I just need something very small and easy to implement. If you think you can help then please do let me know. Thanks
  15. the rest of it is on tiop ^^
  16. same problem its blank page
  17. <?php $hostname = "*****"; $username = "*****"; $password = "*****"; if(!($link = mysql_connect("*****", "*****","*****"))) die("Could not connect to database."); $databasename = "*****"; if(!(mysql_select_db($databasename,$link))) die("Could not open table."); $member_id = $HTTP_GET_VARS['id']; <<<<<<<----------------------- $strsql="SELECT email, firstname, surname, address_line1, ". "address_line2, city_county, postcode FROM ". "contacts WHERE id = '$member_id'"; <<<<<<<----------------------- if(!($rs= mysql_query($strsql, $link))) die("Error in $strsql\n" . mysql_error()); //only one row should be returned $row = @ mysql_fetch_array($rs); // now complete the form echo "t<input type=\"hidden\" name=\"email\" value=\"{$row['email']}\"><br>\n"; ?> I have indidcated the "id's" with <<<<<<<----------------------- which gives me this error: Error in SELECT email, firstname, surname, address_line1, address_line2, city_county, postcode FROM contacts WHERE id = '' Unknown column 'id' in 'where clause' But if i change it to member_id then i get a blank page.
  18. yes my friend that was a good one it said: Error in SELECT email, firstname, surname, address_line1, address_line2, city_county, postcode FROM contacts WHERE id = '' Unknown column 'id' in 'where clause' even ive changed the id into member_id it gave me white page. blank
  19. good stuff, it now says: "Unknown column 'id' in 'where clause'" i changed the id's to "member_id" and it shows me a blank page?
  20. Im trying to call information from a database, the following code is inside a secure place when the members log in they should be able to see their own user details: <?php $hostname = "***********"; $username = "***********"; $password = "****"; if(!($link = mysql_connect("****", "****","****"))) die("Could not connect to database."); $databasename = "mdb_am663"; if(!(mysql_select_db($databasename,$link))) die("Could not open table."); $member_id = $HTTP_GET_VARS['id']; $strsql="SELECT email, firstname, surname, address_line1, ". "address_line2, city_county, postcode FROM ". "contacts WHERE id = '$member_id'"; if(!($rs= mysql_query($strsql, $link))) die("Could not open table."); <<<<<<<<<<<<<<--------------------------------- //only one row should be returned $row = @ mysql_fetch_array($rs); // now complete the form echo "t<input type=\"hidden\" name=\"email\" value=\"$row[email]\"><br>\n"; echo "<input type=\"hidden\" name=\"first_name\" value=\"$row[firstname]\"><br>\n"; echo "<input type=\"hidden\" name=\"last_name\" value=\"$row[surname]\"><br>\n"; echo "<input type=\"hidden\" name=\"address1\" value = \"$row[address_line1]\"><br>\n"; echo "<input type=\"hidden\" name=\"address2\" value = \"$row[address_line2]\"><br>\n"; echo "<input type=\"hidden\" name=\"city\" value=\"$row[city_county]\"><br>\n"; echo "<input type=\"hidden\" name=\"state\" value=\"$row[postcode]\"><br>\n"; ?> where i have indicated with a "<<<<<<<<<<<<<<---------------------------------" this is where it sql ends for some reason telling me: Could not open table. anybody have any ideas?
  21. Kayz

    session help

    *bump* anybody maybe clarify it for me? This forum is faast!
  22. Kayz

    session help

    A very good point, it is suppose to get data. Do i change it to $sql?
  23. Ok i am having a problem with the sessions been working on it for a good 4 hours still no luck. Ok the code below connects to the database fine, <?php session_start(); $connect = mysql_connect("*******ac.uk","******","******"); mysql_select_db("mdb_*****", $connect); $date = date("Y-m-d"); $query = "SELECT * contacts values('$firstname', '$surname', '$email', '$contact_no', '$housename_no', '$address_line1', '$address_line2', '$address_line3','$city_county','$postcode','$username', '$password', '$date')"; mysql_query ($query, $connect); ?> Later on in the page a bit further down once the user logs in i want to show his/her username. So this is what i have done: <strong>Welcome</strong> <?php echo $username ?> This works perfectly fine showing the username that has logged in, but then ive tried to call up many other details about that particular user but no luck. Ive tried echo $email etc. But the funny thing is if i try echo $username or echo $password it will show also if i try echo $date that shows also, only these 3 things show nothing else. What can i do? I just want to show that user his/her own details that is stored in the MySQL db.
  24. So far I have the following mysql table which is fully functional and allows users to register, add to db and also allows users to login/logout: CREATE TABLE contacts ( member_id int(30) NOT NULL auto_increment, firstname varchar(30) NOT NULL default '', surname VARCHAR(30) NOT NULL default '', contact_no INT(11), housename_no VARCHAR(20), address_line1 VARCHAR(20), address_line2 VARCHAR(20), address_line3 VARCHAR(20), city_county VARCHAR(15), postcode VARCHAR(, email varchar(30) NOT NULL default '', username varchar(25) NOT NULL default '', password varchar(255) NOT NULL default '', PRIMARY KEY (member_id), UNIQUE KEY username (username) ) TYPE=MyISAM COMMENT='Members'; I then created the following two more tables as instructed by somebody else which I did today: CREATE TABLE orders ( member_id int(11) unsigned NOT NULL default '0', product_id int(11) unsigned NOT NULL default '0', quantity int(10) unsigned NOT NULL default '0' ); and CREATE TABLE products ( product_id int(11) unsigned NOT NULL auto_increment, product varchar(255) NOT NULL default 'Product Name', code varchar(255) NOT NULL default 'Product Code', price decimal(5,2) unsigned NOT NULL default '0.00', PRIMARY KEY (`product_id`) ); And I have now inserted dummy entries into the “orders” table and the “products” table. INSERT INTO orders VALUES ('1', '1', '2'); INSERT INTO orders VALUES ('1', '3', '1'); INSERT INTO products VALUES ('1', 'Product 1', 'PC1', '12.00'); INSERT INTO products VALUES ('2', 'Product 2', 'PC2', '15.00'); INSERT INTO products VALUES ('3', 'Product 3', 'PC3', '20.00'); Now I am just guessing that I have to do the php bit? How can I get this to work? Ive made connection to the db and now require the rest which is puzzling me. Yes i know a little bit about sessions and keeping the user logged in etc. Remember it needs to be as basic as possible, no need for anything special or any form of security, just plain and simple and bland will do, just need it to work that’s all and I will then integrate it into the site which I already have. I already have a login system in place which works. If somebody can instruct me then id be very greatful, Cheers.
  25. Hi all i am doing a project a dummy shopping cart website, i need to make it from scartch, now i have a user db inc password etc and also have a secure area for members to log in etc. Now I just want you guys to tell me if this will work before i begin, i want to know if my theory is correct, what i will do is first: 1. I will have a "item 1, item 2 and item 3" as fields within the the user table. 2. I will have a php page where when the user clicks or wants to add an item to the basket, it will then add the item under their profile i.e. user. 3. So basically when they hit "add" the item name will be inserted into the user db and will show within their basket. When they want to remove the item they can click remove which will then remove the item from the db thus showing the removal within the basket itself also. This is the problem, since the user is inside a big database of other users and when the user logs in his/her name is shown via a variable $ how can i only make it so when that particular users logs in they will only be able to see the items they had purchased under their profile? Otheriwise when the other users login they will see the same item also. If somebody can help me out here, or if they know a better soloution. P.S: I am just after a small dummy cart site which adds items to the users basket and allows the user to remove them also. Also once they do proceed to submit their order, a history of their purchases is shown in their profile. If anybody knows any better ideas it would be much appreciated. Thanks! Kayz
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.