unidox

In that case I would use a hidden field.

If there is an error with it, it ignores the error

Code?

** Note ** Moderators please move this to tutorials, the section is read only. ** Note ** Hi, I am unidox and I am going to show you how to make a simple membership system. This included, registering for an account, logging in, security for pages, and logging out. Now shall we begin? I say yes! Our database will be setup like the following: <?php // This is how your DB will be setup. /** * | Table Name: users * |- user_id * |- username * |- password * |- email */ ?> Breakdown: user_id is the default value that keeps track of users. username is the users log in name. password is the users log in password. email is the users email, so in later versions of the member system, a forgot password can be added. Our 1st bit of code will be a file named conf.inc.php. This file holds all of our mysql and function data, so we dont have to enter it over and over . <?php $db_user = ""; // Username $db_pass = ""; // Password $db_database = ""; // Database Name $db_host = ""; // Server Hostname $db_connect = mysql_connect ($db_host, $db_user, $db_pass); // Connects to the database. $db_select = mysql_select_db ($db_database); // Selects the database. function form($data) { // Prevents SQL Injection global $db_connect; $data = ereg_replace("[\'\")(;|`,<>]", "", $data); $data = mysql_real_escape_string(trim($data), $db_connect); return stripslashes($data); } ?> Breakdown: The 1st part is all the mySQL information in order to view and insert data. The 2nd part prevents SQL injection, so people cant gain unauthorized access. Our next file will be register.php, it will allow users to register an account so they may login and view parts of the website that others cant. <?php include("conf.inc.php"); // Includes the db and form info. if (!isset($_POST['submit'])) { // If the form has not been submitted. echo "<form action=\"register.php\" method=\"POST\">"; echo "<table>"; echo "<tr>"; echo "<td colspan=\"2\">Register:</td>"; echo "</tr>"; echo "<tr>"; echo "<td width=\"50%\">Username:</td><td width=\"50%\"><input name=\"username\" size=\"18\" type=\"text\" />"; echo "</tr>"; echo "<tr>"; echo "<td width=\"50%\">Password:</td><td width=\"50%\"><input name=\"password\" size=\"18\" type=\"text\" />"; echo "</tr>"; echo "<tr>"; echo "<td width=\"50%\">Email:</td><td width=\"50%\"><input name=\"email\" size=\"18\" type=\"text\" />"; echo "</tr>"; echo "<tr>"; echo "<td colspan=\"2\"><input type=\"submit\" name=\"submit\" value=\"submit\"</td>"; echo "</tr>"; echo "</table>"; echo "</form>"; } else { // The form has been submitted. $username = form($_POST['username']); $password = md5($_POST['password']); // Encrypts the password. $email = form($_POST['email']); $q = mysql_query("SELECT * FROM `users` WHERE username = '$username' OR email = '$email'") or die (mysql_error()); // mySQL Query $r = mysql_num_rows($q); // Checks to see if anything is in the db. if ($r > 0) { // If there are users with the same username/email. exit("That username/email is already registered!"); } else { mysql_query("INSERT INTO `users` (username,password,email) VALUES ('$username','$password','$email')") or die (mysql_error()); // Inserts the user. header("Location: login.php"); // Back to login. } } mysql_close($db_connect); // Closes the connection. ?> Breakdown: We 1st include the database details and make sure the form has not been submitted. If it has not been submitted then we display the register form. If the form is submitted, we make some variables so we can incorporate the form() function. We then make sure that the users email or username are not already in the database. Then we insert the user into the database and redirect them to the login page. The next page is login.php. <?php include("conf.inc.php"); // Includes the db and form info. session_start(); // Starts the session. if ($_SESSION['logged'] == 1) { // User is already logged in. header("Location: index.php"); // Goes to main page. exit(); // Stops the rest of the script. } else { if (!isset($_POST['submit'])) { // The form has not been submitted. echo "<form action=\"login.php\" method=\"POST\">"; echo "<table>"; echo "<tr>"; echo "<td colspan=\"2\">Login:</td>"; echo "</tr>"; echo "<tr>"; echo "<td width=\"50%\">Username:</td><td width=\"50%\"><input name=\"username\" size=\"18\" type=\"text\" />"; echo "</tr>"; echo "<tr>"; echo "<td width=\"50%\">Password:</td><td width=\"50%\"><input name=\"password\" size=\"18\" type=\"text\" />"; echo "</tr>"; echo "<tr>"; echo "<td colspan=\"2\"><input type=\"submit\" name=\"submit\" value=\"submit\"</td>"; echo "</tr>"; echo "</table>"; echo "</form>"; } else { $username = form($_POST['username']); $password = md5($_POST['password']); // Encrypts the password. $q = mysql_query("SELECT * FROM `users` WHERE username = '$username' AND password = '$password'") or die (mysql_error()); // mySQL query $r = mysql_num_rows($q); // Checks to see if anything is in the db. if ($r == 1) { // There is something in the db. The username/password match up. $_SESSION['logged'] = 1; // Sets the session. header("Location: index.php"); // Goes to main page. exit(); // Stops the rest of the script. } else { // Invalid username/password. exit("Incorrect username/password!"); // Stops the script with an error message. } } } mysql_close($db_connect); // Closes the connection. ?> Breakdown: 1st we include the db and function file, and start the session, telling the browser that sessions will be used. We then make sure the form has not been submitted in order to show the login form. If the form has been submitted we make 2 variables for username and password. We encrypt the password with md5() so it is a bit more secure. (To all those who are experts in PHP, you would normally salt a password to make it harder to crack, but for beginners stick with md5()) We then have a query checking the database if any users match the username and password, and if there are matches it will be counted in $r. If there are matches we set a login session. Now we will make logout.php. <?php session_unset(); // Destroys the session. header("Location: login.php"); // Goes back to login. ?> Breakdown: We destroy all sessions and forward the user to the login page. And last but not least, the page where you want only logged in users to view. <?php include("conf.inc.php"); // Includes the db and form info. session_start(); // Starts the session. if ($_SESSION['logged'] != 1) { // There was no session found! header("Location: login.php"); // Goes to login page. exit(); // Stops the rest of the script. } echo "This is the main page!"; echo "<br />"; echo "<a href=\"logout.php\">Logout?</a>" ?> Breakdown: We include the config page. Check to see if the logged in session is set, otherwise forward user to login page. Allow the user to log out if needed. Well thats the basic member system, I will add as people request more. If you have any questions please feel free to post and PM me, I am more than happy to help!

I use phpdesigner.

What you want to do is, have a form where the person needs to enter a username/email. AFter process the form and generate a 8 digit password. Send an email with a new password, and update the mysql database with the new password. Easy as that

Thanks, I just added search feature. So if you could try and xss that and tell me how to improve. I am open to any tips/ideas.

Easy, just use md5($_POST['password']); and make sure the password is also in md5 format in the db

$_SERVER["HTTP_REFERER"]

Use an array, or mysql

Same...

Yea, check your pm. Just made it.

Use sessions, cookies can be manipulated.

Here: <? if (isset($keywords) && $keywords != "") { $searchterms = $_GET["keywords"]; $query = "select * from perfect where match(nombre_evento,texto_evento) against('".mysql_real_escape_string($searchterms)."')"; $result = mysql_query($query); if ($row = mysql_fetch_array($result)) { print"Your search returned ".mysql_num_rows($result)." results."; $i = 1; do { print"This is search result number {$i}"; $i++; } while ($row = mysql_fetch_array($result)); } else { print"Your search returned no results."; } } else { include('picture_search.php'); } ?> You were missing a trailing ; for print"Your search returned no results.";

How did you go about doing that?

Nvm, I fixed it all. Anything else?

Ok, I will fix. How do I fix: Cross Site Scripting: You can submit ">code when editing there profile. SQL Error when you use ' in edit profile fields. though

Thats because $checkprice has not been defined yet.

Fixed, someone abused the user passwords. So I just made it so the username and password dont update in the db. Everything else works though.

Here, I cleaned up the code also: <?php session_start(); include("config.php"); if($_SESSION['username'] == "" || $_SESSION['password'] == "") { notloggedin(); } if($_SESSION['username'] != "" && $_SESSION['password'] != "") { start(); $action = $_GET['action']; $shopid = $_GET['shopid']; if($action != "buy") { $show_query = mysql_query("SELECT * FROM items WHERE shopid ='$shopid' ORDER BY itemid"); for($i=0;$i<@mysql_numrows($show_query);$i++) { $itemid=mysql_result($show_query,$i,"itemid"); $showname=mysql_result($show_query,$i,"name"); $showimage=mysql_result($show_query,$i,"image"); $showprice=mysql_result($show_query,$i,"price"); $showamount=mysql_result($show_query,$i,"amount"); $showdescription=mysql_result($show_query,$i,"description"); $showrarity=mysql_result($show_query,$i,"rarity"); if($i%4==0) echo "<tr>"; echo "<td><center>$showname <a href=shops.php?action=buy><img src=../images/items/$showimage border=\"0\">[/url] $showprice EDC Amount: $showamount</center></td>"; if($i%4==2) echo "</tr>"; } } elseif ($action == "buy") { // HERE WAS THE PROBLEM. THE IF STATEMENT WAS IN THE !BUY IF. SO THIS WOULD NOT RUN. $items_id = $_GET['itemid']; $the_item = mysql_query("SELECT * FROM items WHERE itemid='$items_id'"); while($showit = mysql_fetch_array($the_item)) { $item__id = $showit['id']; $item__name = $showit['name']; $item__image = $showit['image']; $item__price = $showit['price']; $item__amount = $showit['amount']; } $checkamount = "$credits - $item__price"; if($checkprice < "0") { echo "<font size=6>Shops</font> Error! "; $show_query = mysql_query("SELECT * FROM items WHERE shopid ='$shopid' ORDER BY itemid"); for($i=0;$i<@mysql_numrows($show_query);$i++) { $itemid=mysql_result($show_query,$i,"itemid"); $showname=mysql_result($show_query,$i,"name"); $showimage=mysql_result($show_query,$i,"image"); $showprice=mysql_result($show_query,$i,"price"); $showamount=mysql_result($show_query,$i,"amount"); $showdescription=mysql_result($show_query,$i,"description"); $showrarity=mysql_result($show_query,$i,"rarity"); if($i%4==0) echo "<tr>"; echo "<td><center>$showname <a href=shops.php&action=buy&itemid=$itemid><img src=../images/items/$showimage border=\"0\">[/url] $showprice EDC Amount: $showamount</center></td>"; if($i%4==2) echo "</tr>"; } if($checkprice >= 0) { $itemsid = $_GET['itemsid']; $theitem = mysql_query("SELECT * FROM items WHERE itemid='$itemsid'"); while($show = mysql_fetch_array($theitem)) { $item_id = $show['itemid']; $item_name = $show['name']; $item_image = $show['image']; $item_price = $show['price']; $item_amount = $show['amount']; mysql_query("UPDATE items SET amount = '$item_amount' - 1 WHERE itemid='$item_id'"); mysql_query("INSERT INTO useritems (usename, item, location) VALUES ('$username', '$item_name', 'Inventory')"); mysql_query("UPDATE users SET credits='$credits' - '$item_price' WHERE username='$username'"); } echo "<font size=6>Shops</font> Success! You have bought that Item for $item_price USD. <img src=images/items/$item_image> << <a href=shops.php?shopid=1><< Back to Shop[/url] | <a href=map.php>Back to Map >>[/url]"; } } } } ?>

Well PM me it you would like. I am trying to help, but you have to come 50% also.

How would people abuse it? Just use ** to block out any emails you dont want public. The code I gave you comes with no errors, I need to see it all otherwise I cant help.

I need to see the full code, of both pages.

It threw this together in a few hours. A project I will be releasing in a few months once I am finished. I only have a few pages working for now, so I would like some feedback and help with my security. Thanks http://pure-cp.com/beta/admin/ User: phpfreaks Pass: phpfreaks

Just a quick google search came up with many tutorials: http://www.google.com/search?q=backup+mysql+using+php&sourceid=navclient-ff&ie=UTF-8&rlz=1B3GGGL_enUS269US270