JoelRocks

Ok i have deined permission to the relevant folders... thanks for the heads up, tweaked the system so images still load/css still works. But full path disclosure... dont be mad i searched the forum's and googled it, but i havent found anything i would consider relevant in helping me solve this issue, all i know is hackers can use it to gain acces..

Here is the URL www.sgomega.com (redirects). Please test the game, tell me security issues etc... Thanks, Joel

Ok thanks for the replies, i am going to use all of these to create a function for every input field. But, i need a function where you can specify characters that are disallowed for example "_". I think maybe using a preg match to detect illegal characters and throw up and error. Thanks, Joel

Hey guys, Just made my login page, but i am worried about people putting code in their usernames or when they enter anything into an input in a form. How can i combat this? i have already made the fields all lowercase to make my life easier in the database. Striptags? or go further? Thanks, Joel

Ok all sorted, Thanks for assisting me guys,

Thanks both, i have corrected the whole == thing, techie where i am defining the post variables at the bottom of the page is simply to post them, so when i re-load register.php i can set the values for the inputs so they are basically what the user has entered... with me? I have also added errors, but if error has more than one value... (see the code bellow) is there a way of echoing them all? Thanks, Joel <html> <head> <title>Registration System V0.1</title> </head> <body> <?php $first_name=$_POST["first_name"]; $surname=$_POST["surname"]; $username=$_POST["username"]; $email_address=$_POST["email_address"]; $confirm_email_address=$_POST["confirm_email_address"]; $terms_and_conditions=$_POST["terms_and_conditions"]; if ($first_name == "") { ?> <p> Please enter your desired user details, if you have problems with anything, please contact the administrator. </p> <br /> <form action="register.php" method="Post"> First Name: <input type="text" name="first_name" /> <br /> Surname: <input type="text" name="surname" /> <br /> Username: <input type="text" name="username" /> <br /> Email Address <input type="text" name="email_address" /> <br /> Confirm Email Address <input type="text" name="confirm_email_address" /> <br /> <br /> In ticking this checkbox you are agreeing to abide by the following terms and conditions <input type="checkbox" name="terms_and_conditions" /> <br /> <br /> <input type="submit" value="submit" /> </form> <? } else { if ($first_name == "") { $error = ("You must enter a firstname"); } if ($surname == "") { $error = ("You must enter a surname"); } if ($email_address == "") { $error = ("You must enter an email address"); } if ($confirm_email_address == "") { $error = ("You must confim your email address"); } if ($email_address != $confirm_email_address) { $error = ("Sorry, the email addresses provided do not match"); } if ($terms_and_conditions == "") { $error = ("You must agree with our terms and conditions"); } ?> You have the following errors: <br /> <? echo ($error); ?> <br /> <br /> Please confirm the following details <table> <tr> <td> Firstname: </td> <td> <? echo ($first_name);?> </td> </tr> <tr> <td> Surname: </td> <td> <? echo ($surname);?> </td> </tr> <tr> <td> Username: </td> <td> <? echo ($username);?> </td> </tr> <tr> <td> Email Address: </td> <td> <? echo ($email_address);?> </td> </tr> </table> If you details are correct please click submit, if they are incorrect please go back. <form action="verify.php"> <? $_POST["first_name"]=$first_name; $_POST["surname"]=$surname; $_POST["username"]=$username; $_POST["email_address"]=$email_address; $_POST["confirm_email_address"]=$confirm_email_address; $_POST["terms_and_conditions"]=$terms_and_conditions; ?> <input type="submit" name="Submit"> </form> <form action="register.php"> <? $_POST["first_name"]=$first_name; $_POST["surname"]=$surname; $_POST["username"]=$username; $_POST["email_address"]=$email_address; $_POST["confirm_email_address"]=$confirm_email_address; $_POST["terms_and_conditions"]=$terms_and_conditions; ?> <input type="submit" name="Back"> </form> <? } ?> </body> </html>

Hello guys, I am trying to create a basic registration script for my University project. Problem is nested if's are giving me a headache, i will post the code, the idea is you first enter your details your details and they get validated on register.php. If somone knows how to get register.php?step=1,2 then that would be a better idea. At the moment nothing is being validated, i am still learning, sorry to be a pain, Joel <html> <head> <title>Registration System V0.1</title> </head> <body> <?php $first_name=$_POST["first_name"]; $surname=$_POST["surname"]; $username=$_POST["username"]; $email_address=$_POST["email_address"]; $confirm_email_address=$_POST["confirm_email_address"]; $terms_and_conditions=$_POST["terms_and_conditions"]; if ($first_name = "") { ?> <p> Please enter your desired user details, if you have problems with anything, please contact the administrator. </p> <br /> <form action="register.php" method="Post"> First Name: <input type="text" name="first_name" /> <br /> Surname: <input type="text" name="surname" /> <br /> Username: <input type="text" name="username" /> <br /> Email Address <input type="text" name="email_address" /> <br /> Confirm Email Address <input type="text" name="confirm_email_address" /> <br /> <br /> In ticking this checkbox you are agreeing to abide by the following terms and conditions <input type="checkbox" name="terms_and_conditions" /> <br /> <br /> <input type="submit" value="submit" /> </form> <? } else { if ($first_name="") { $error = ("You must enter a firstname"); } if ($surname="") { $error = ("You must enter a surname"); } if ($email_address="") { $error = ("You must enter an email address"); } if ($confirm_email_address="") { $error = ("You must confim your email address"); } if ($email_address != $confirm_email_address) { $error = ("Sorry, the email addresses provided do not match"); } if ($terms_and_conditions="") { $error = ("You must agree with our terms and conditions"); } ?> Please confirm the following details <table> <tr> <td> Firstname: </td> <td> <? echo ($first_name);?> </td> </tr> <tr> <td> Surname: </td> <td> <? echo ($surname);?> </td> </tr> <tr> <td> Username: </td> <td> <? echo ($username);?> </td> </tr> <tr> <td> Email Address: </td> <td> <? echo ($email_address);?> </td> </tr> </table> If you details are correct please click submit, if they are incorrect please go back. <form action="verify.php"> <? $_POST["first_name"]=$first_name; $_POST["surname"]=$surname; $_POST["username"]=$username; $_POST["email_address"]=$email_address; $_POST["confirm_email_address"]=$confirm_email_address; $_POST["terms_and_conditions"]=$terms_and_conditions; ?> <input type="submit" name="Submit"> </form> <form action="register.php"> <? $_POST["first_name"]=$first_name; $_POST["surname"]=$surname; $_POST["username"]=$username; $_POST["email_address"]=$email_address; $_POST["confirm_email_address"]=$confirm_email_address; $_POST["terms_and_conditions"]=$terms_and_conditions; ?> <input type="submit" name="Back"> </form> <? } ?> </body> </html>

Thanks all, 1200 is.... how many minutes???

Wondered the function that i would use to compare time, i am going to get the time at session start and then compare it with the time at the end of the session, if that is over 30 minutes then the session is ended. What you recon? breaking the time down into year/month/day/minute/hours/seconds and save the infomation into the database... what you guys recon?

Thanks both, Solved!

Further errors: Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/remotepa/public_html/Joel/index.php on line 16 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/remotepa/public_html/Joel/index.php:16) in /home/remotepa/public_html/Joel/index.php on line 25

Error Code: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/remotepa/public_html/Joel/index.php on line 10

Despite help, still having issues with this code, can anyone help me... Gives an error i think its the SQL PHP functions... <?php $hostname= "localhost"; $user= "remotepa_framewo"; $password = "-"; $conn = @mysql_connect( $hostname, $user, $password ) or die ("Could not connect to server"); $db = @mysql_select_db("remotepa_framework", $conn) or die ("Could not connect to database"); $sql = "SELECT * FROM users WHERE username=\"$_SESSION['username']\""; $result = @mysql_query( $sql, $conn) or die ("Could not execute query"); $output = mysql_fetch_assoc($sql); session_start(); session_id($_GET['PHPSESSID']);//set php session id from URL if(isset($_SESSION['username'])) { if($output['active'] < 1) { echo ("Please reset your details"); echo ("Hello " .$_SESSION['username']); echo ("<br />"); echo ("You are logged in successfully"); } } else { echo ("Sorry you are not logged in"); exit; } ?>

Nice and easy to send this infomation to a php page you simply set the action to action="add.php". http://www.w3schools.com/php/php_forms.asp - More infomation on this topic.

Problem solved, Thanks dude