Jerzxu
-
Posts
53 -
Joined
-
Last visited
Everything posted by Jerzxu
-
Hello, I am working on my website and I need to know if my login script is secure. session_start(); include("connect.php"); $username = $_POST['username']; $password = $_POST['password']; if ($_POST['username'] == "" || $_POST['password'] == ""){ $_SESSION['Login'] = "None"; header("Location: loginfail.php"); } else { $password = md5($password); $sql = mysql_query("SELECT * FROM `Accounts` WHERE `Username`='$username' AND `Password`='$password'"); if (mysql_num_rows($sql) == 0){ $_SESSION['Login'] = "Incorrect"; header("Location: loginfail.php"); } else { $sql2 = mysql_query("SELECT `Activated` FROM `Accounts` WHERE `Username`='$username'"); $active = mysql_result($sql2,0); if ($active == "No") { $_SESSION['Login'] = "UnAct"; header("Location: loginfail.php"); } else { $_SESSION['Login'] = "Successful"; $_SESSION['username'] = $_POST['username']; header("Location: code.php"); } } } $_POST['username'] and $_POST['password'] come from the login form. If this is not secure, might I get a way to make it more secure. (I was looking into SSL but that didn't help much)
-
Well that was dumb of me. WORKS NOW! Thanks!
-
Yeah theres 2. I purposely made a second account just to check if that may have been causing the problem.
-
I edited it abit just to see if it would even grab non random codes. Still doesnt work. $UID = mysql_query("SELECT * FROM `Accounts` WHERE 'Activated'='Yes'"); for ($i=0;$i<3;$i++) { while ($recs = mysql_fetch_array($UID)) { $username = $recs['Username']; $imagequery = mysql_query("SELECT `Img` FROM `UserPics` WHERE `Username`='$username'"); $image = mysql_query($imagequery,0); if ($recs['Page'] == "Normal") { //Grab About INFO $aboutquery = mysql_query("SELECT `About` FROM `Page_Normal` WHERE `Username`='$username'"); $about = mysql_result($aboutquery,0); } if ($recs['Page'] == "Band") { //Grab About INFO } if ($recs['Page'] == "Business") { //Grab About INFO } if ($recs['Page'] == "Studio") { //Grab About INFO } if ($recs['Page'] == "Portfolio") { //Grab About INFO } if ($recs['Page'] == "Website") { //Grab About INFO } echo "<div class=featured1> <div class=\"padfeat1\" align=\"left\"> <img src=\"stylesheets/images/seperator_03.png\" align=\"left\" hspace=\"5\" /> Pad<br /> <img src=padfeat.jpg style=\"margin-top:1px;\" onclick=\"parent.location=''\" /><img src=padfeat.jpg hspace=\"3\" onclick=\"parent.location=''\" /><img src=padfeat.jpg onclick=\"parent.location=''\" /><img src=padfeat.jpg hspace=\"3\" onclick=\"parent.location=''\" /><br /> <center><a href=\"\">View More</a></center> </div> <img src=\"resize-image.php?image=".$image."\" width=\"62\" height=\"62\" hspace=\"2\" align=\"left\" onclick=\"parent.location=''\" /> <a href=\"http://www.ekoed.com/".$recs['Username']."\">".$recs['Username']."</a><br /> <a href=\"http://www.ekoed.com/users.php?account=".$recs['Page']."\">".$recs['Page']."</a><br /> About Them: ".$about."<br /> </div>"; } } As for the output. Just go to www.ekoed.com and that page is it. What is echoed is at the bottom of the page (just error checking underneath the copyright), which is the $UID. If $UID echo's but everything else doesnt.
-
Added and nothing happened. No change whatsoever. It excutes the code, and I echoed some of the variables but they're empty.
-
HELLO! I am working on a featured users for my site and and it has to grab a random userid from the main accounts table then it goes to the pages table and grabs more info after it has grabbed the username from the main accounts table. It has to do this 3 times and echo the same code 3 times. Now oddly I don't get ANY errors with this code. It just doesn't do anything. //Featured $UID = mysql_query("SELECT * FROM `Accounts` WHERE 'Activated'='Yes' ORDER BY RAND() LIMIT 3"); for ($i=0;$i<3;$i++) { while ($recs = mysql_fetch_array($UID)) { $recs1 = $recs['Username']; $usernamequery = mysql_query("SELECT `Username` FROM `Accounts` WHERE `UID`='$recs1'"); $username = mysql_result($usernamequery,0); $pagequery = mysql_query("SELECT `Page` FROM `Accounts` WHERE `UID`='$recs1'"); $page = mysql_result($pagequery,0); $imagequery = mysql_query("SELECT `Img` FROM `UserPics` WHERE `Username`='$username'"); $image = mysql_query($imagequery,0); if ($page == "Normal") { //Grab About INFO $aboutquery = mysql_query("SELECT `About` FROM `Page_Normal` WHERE `Username`='$username'"); $about = mysql_result($aboutquery,0); } echo "<div class=featured1> <div class=\"padfeat1\" align=\"left\"> <img src=\"stylesheets/images/seperator_03.png\" align=\"left\" hspace=\"5\" /> Pad<br /> <img src=padfeat.jpg style=\"margin-top:1px;\" onclick=\"parent.location=''\" /><img src=padfeat.jpg hspace=\"3\" onclick=\"parent.location=''\" /><img src=padfeat.jpg onclick=\"parent.location=''\" /><img src=padfeat.jpg hspace=\"3\" onclick=\"parent.location=''\" /><br /> <center><a href=\"\">View More</a></center> </div> <img src=\"resize-image.php?image=".$image."\" width=\"62\" height=\"62\" hspace=\"2\" align=\"left\" onclick=\"parent.location=''\" /> <a href=\"http://www.ekoed.com/".$username."\">".$username."</a><br /> <a href=\"http://www.ekoed.com/users.php?account=".$page."\">".$page."</a><br /> About Them: ".$about."<br /> </div>"; } } Now I was reading somewhere that if you have ALOT of accounts that using RAND() would take some time. Not that I will have many users on my site, but is there a way to make it go faster?
-
Ok works for me, THANKS for your guy's quick replies.
-
That helps me with that one. Could one use this to create a sort of BBC code esque type thing?
-
Not sure exactly where this goes, I tried googling it, but unfortunately I'm not sure how one would word this question. Okay anyways, my question is this: I am storing text in a mysql database, and since its text, how would one stop it from using HTML codes? Because putting iframe in it just kills the layout. Also for that regard, how would one add something like BBC codes to it?
-
OKAY just realized that was a stupidity mistake by me... LOL THANKS all working now
-
Okay since I have put in the other post info that I need (the &t= blah stuff) it doesn't seem to work. I believe it is due to the javascript. var xmlHttpPly function ReplyMess(c){ xmlHttpPly=GetXmlHttpObject() if ( xmlHttpPly==null){ alert ("Browser does not support HTTP Request") return } var mytext = document.getElementById(c).value; //notice the usage of the c var mySender = document.getElementById(To_user).value; var mySubject = document.getElementById(subject_user).value; var url = "ReMes.php"; // make url safe var params = "text=" + escape(mytext) + "&sendTo=" + escape(mySender) + "&subject=" + escape(mySubject); xmlHttpPly.open("POST", url, true); xmlHttpPly.onreadystatechange=stateChangedPly; xmlHttpPly.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); xmlHttpPly.setRequestHeader("Content-length", params.length); xmlHttpPly.setRequestHeader("Connection", "close"); xmlHttpPly.send(params); } function stateChangedPly() { if (xmlHttpPly.readyState==4 || xmlHttpPly.readyState=="complete") { document.getElementById("hide_note").innerHTML=xmlHttpPly.responseText } } function GetXmlHttpObjectPly() { var xmlHttpPly=null; try { // Firefox, Opera 8.0+, Safari xmlHttpPly=new XMLHttpRequest(); } catch (e){ // Internet Explorer try { xmlHttpPly=new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { xmlHttpPly=new ActiveXObject("Microsoft.XMLHTTP"); } } return xmlHttpPly; } Now I believe its to do with these lines: var mySender = document.getElementById(To_user).value; var mySubject = document.getElementById(subject_user).value; This is becuase the mySender variable and mySubject variable are called upon when clicked, and they are in a input text which is disabled. $response = "<b>To:</b> <input type=\"text\" value=\"$to\" id=\"To_user\" disabled=\"true\" /><br /><b>Subject:</b> <input type=\"text\" value=\"$subject2\" id=\"subject_user\" disabled=\"true\" /><br /><textarea class=\"textbox\" id=\"reply_text\"></textarea><br /><input type=\"button\" name=\"Yes\" value=\"Send\" onclick=\"ReplyMess('reply_text'); switchReplyOff();\" style=\"margin-right:5px;\" /><input type=\"button\" name=\"No\" value=\"Cancel\" style=\"margin-left:5px;\" />"; As you can see in that code, my variables are response text. So I am not sure if the Javascript is actually getting the information or not. All in all, it doesn't work. It stops when it reads: ReplyMess('reply_text'); and trys to execute the javascript becuase it doesn't read switchReplyOff();
-
okay, and on the PHP side of it, I just use: $t=$_POST["t"]; or do I include the &?
-
Actually one quick questione, if I were to need to add more then one variable to that, what would I do? var mytext = document.getElementById(c).value; //notice the usage of the b var mySender = document.getElementById(To_user).value; var mySubject = document.getElementById(subject_user).value; var url = "ReMes.php"; // make url safe var params = "q=" + escape(mytext) + "t=" + escape(mySender) + "s=" + escape(mySubject); Just use that and add $t=$_POST["t"] etc? or do I have to do something else?
-
YOU SIR JUST MADE MY DAY! LOL, it works now! THANK YOU VERY VERY VERY VERY VERY VERY (years later) MUCH!
-
Okay so I will fix that. Then I would use POST in that, but for the params what do I do? (Note to self, look at stuff more throughly before posting) var xmlHttpPly function ReplyMess(str){ xmlHttpPly1=GetXmlHttpObject() if ( xmlHttpPly1==null){ alert ("Browser does not support HTTP Request") return } var url = "ReMes.php"; var params = str; xmlHttpPly.onreadystatechange=stateChangedPly xmlHttpPly.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); xmlHttpPly.setRequestHeader("Content-length", params.length); xmlHttpPly.setRequestHeader("Connection", "close"); xmlHttpPly.open("POST", url, true); xmlHttpPly.send(params); } function stateChangedPly() { if (xmlHttpPly.readyState==4 || xmlHttpPly.readyState=="complete") { document.getElementById("hide_note").innerHTML=xmlHttpPly.responseText } } function GetXmlHttpObjectPly() { var xmlHttpPly=null; try { // Firefox, Opera 8.0+, Safari xmlHttpPly=new XMLHttpRequest(); } catch (e){ // Internet Explorer try { xmlHttpPly=new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { xmlHttpPly=new ActiveXObject("Microsoft.XMLHTTP"); } } return xmlHttpPly; } I MEANT that code in the last one. UGH, but that will help for this part. UPDATED: Okay so I got it like this now: $response = "<b>To:</b> ".$to."<br /><b>Subject:</b> ".$subject."<br /><textarea class=textbox id=\"reply_text\"></textarea><br /><input type=button name=Yes value=Send onclick=\"ReplyMess('reply_text'); switchReplyOff();\" style=margin-right:5px; /><input type=button name=No value=Cancel style=margin-left:5px; />"; //Notice reply_text for the id as well as ReplyMess('reply_text'); Thats the text box that gets echoed, to show the reply text box. var xmlHttpPly function ReplyMess(b){ xmlHttpPly1=GetXmlHttpObject() if ( xmlHttpPly1==null){ alert ("Browser does not support HTTP Request") return } // get the contents of the textarea var mytext = document.getElementById(b).value; //notice the usage of the b var url = "ReMes.php"; // make url safe url= url + "?q=" + escape(mytext); var params = b; xmlHttpPly.onreadystatechange=stateChangedPly xmlHttpPly.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); xmlHttpPly.setRequestHeader("Content-length", params.length); xmlHttpPly.setRequestHeader("Connection", "close"); xmlHttpPly.open("POST", url, true); xmlHttpPly.send(params); } function stateChangedPly() { if (xmlHttpPly.readyState==4 || xmlHttpPly.readyState=="complete") { document.getElementById("hide_note").innerHTML=xmlHttpPly.responseText } } function GetXmlHttpObjectPly() { var xmlHttpPly=null; try { // Firefox, Opera 8.0+, Safari xmlHttpPly=new XMLHttpRequest(); } catch (e){ // Internet Explorer try { xmlHttpPly=new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { xmlHttpPly=new ActiveXObject("Microsoft.XMLHTTP"); } } return xmlHttpPly; } And thats the javascript that has been updated. Though it probably should have a few things in it.
-
Actually originally I had string set to b, becuase on my other javascript functions I have it set to b. To switch it to a fieldname1= fieldvalue1 I'm not sure. Becuase I would have to get the text grabbed from the textarea when I click on a button which I have set to use this function on click. Which I believe using: <textarea id="text_area"></textarea> <input type="button" onclick="showMessage('text_area');" /> (Note: showMessage(); Javascript code is below) would work. Though I am not entirely sure. So if thats right, and I were to switch str to b, then the fieldname1 would equal? text_area and the escape(fieldvalue1) would equal escape(b)? It may be easier to send this all as a form through Ajax. If thats possible (which should be). var xmlHttpMes function showMessage(b){ xmlHttpMes=GetXmlHttpObject() if ( xmlHttpMes==null){ alert ("Browser does not support HTTP Request") return } var url="mesget.php" url=url+"?q="+b url=url+"&sid="+Math.random() xmlHttpMes.onreadystatechange=stateChangedMes xmlHttpMes.open("GET",url,true) xmlHttpMes.send(null) } function stateChangedMes() { if (xmlHttpMes.readyState==4 || xmlHttpMes.readyState=="complete") { document.getElementById("hide_message").innerHTML=xmlHttpMes.responseText } } function GetXmlHttpObjectMes() { var xmlHttpMes=null; try { // Firefox, Opera 8.0+, Safari xmlHttpMes=new XMLHttpRequest(); } catch (e){ // Internet Explorer try { xmlHttpMes=new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { xmlHttpMes=new ActiveXObject("Microsoft.XMLHTTP"); } } return xmlHttpMes; }
-
So where exactly would I put this code? (Also just realized I made a mistake on the javascript I pasted here) var xmlHttpPly function ReplyMess(str){ xmlHttpPly1=GetXmlHttpObject() if ( xmlHttpPly1==null){ alert ("Browser does not support HTTP Request") return } var url = "ReMes.php"; var params = str; xmlHttpPly.onreadystatechange=stateChangedPly xmlHttpPly.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); xmlHttpPly.setRequestHeader("Content-length", params.length); xmlHttpPly.setRequestHeader("Connection", "close"); xmlHttpPly.open("POST", url, true); xmlHttpPly.send(params); } function stateChangedPly() { if (xmlHttpPly.readyState==4 || xmlHttpPly.readyState=="complete") { document.getElementById("hide_note").innerHTML=xmlHttpPly.responseText } } function GetXmlHttpObjectPly() { var xmlHttpPly=null; try { // Firefox, Opera 8.0+, Safari xmlHttpPly=new XMLHttpRequest(); } catch (e){ // Internet Explorer try { xmlHttpPly=new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { xmlHttpPly=new ActiveXObject("Microsoft.XMLHTTP"); } } return xmlHttpPly; } Should look like that. I accidentily included the function above it.
-
I have run into a slight problem with my code. You see, I'm not sure how to use the POST method with Javascript. I have used the GET method, but I will need POST for this way so that Messages can be longer then 2000 char. (depending on browser). I followed a tutorial on a different website, to help get the POST method codes, unfortunately it didn't work. Also, note that this code it used when clicking the send button. I didn't make a form but instead used <input type="button" onclick="showMessage('textarea_1');" /> where textarea_1 = my text area where the message text is. Also since I have to address this to a user along with adding a subject (GET post method would work with this since you could just use ?q= str1, ?r= str2 etc. but for POST I am at a lost cause), I may have to use a form. If their are tutorials or help on how to send a whole form over javascript I would use that instead, as it would make it easier. (Note: I checked and found nothing) var xmlHttpMes function showMessage(b){ xmlHttpMes=GetXmlHttpObject() if ( xmlHttpMes==null){ alert ("Browser does not support HTTP Request") return } var url="mesget.php" url=url+"?q="+b url=url+"&sid="+Math.random() xmlHttpMes.onreadystatechange=stateChangedMes xmlHttpMes.open("GET",url,true) xmlHttpMes.send(null) } function stateChangedMes() { if (xmlHttpMes.readyState==4 || xmlHttpMes.readyState=="complete") { document.getElementById("hide_message").innerHTML=xmlHttpMes.responseText } } function GetXmlHttpObjectMes() { var xmlHttpMes=null; try { // Firefox, Opera 8.0+, Safari xmlHttpMes=new XMLHttpRequest(); } catch (e){ // Internet Explorer try { xmlHttpMes=new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { xmlHttpMes=new ActiveXObject("Microsoft.XMLHTTP"); } } return xmlHttpMes; } var xmlHttpPly function ReplyMess(str){ xmlHttpPly1=GetXmlHttpObject() if ( xmlHttpPly1==null){ alert ("Browser does not support HTTP Request") return } var url = "ReMes.php"; var params = str; xmlHttpPly.onreadystatechange=stateChangedPly xmlHttpPly.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); xmlHttpPly.setRequestHeader("Content-length", params.length); xmlHttpPly.setRequestHeader("Connection", "close"); xmlHttpPly.open("POST", url, true); xmlHttpPly.send(params); } function stateChangedPly() { if (xmlHttpPly.readyState==4 || xmlHttpPly.readyState=="complete") { document.getElementById("hide_note").innerHTML=xmlHttpPly.responseText } } function GetXmlHttpObjectPly() { var xmlHttpPly=null; try { // Firefox, Opera 8.0+, Safari xmlHttpPly=new XMLHttpRequest(); } catch (e){ // Internet Explorer try { xmlHttpPly=new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { xmlHttpPly=new ActiveXObject("Microsoft.XMLHTTP"); } } return xmlHttpPly; }
-
That site it plagued by ads. BUT I shall try it.
-
Tried that, the function for finfo doesn't work. Just gives me a undefined function.
-
Hmmm okay cool. Good php codes for pulling things out of a hat. Well what you have their IS good, except its being done oddly. I have the same code on my website except its only going one way (vertical). Though I am using dividers instead of tables. If you used the same code and used dividers with a float:left; then it may work, but not sure. Mines all vertical. If you were to redesign the layout to have the items in a vertical view and had more info on the left or something, you could do it like that as well. So many choices. Fun stuff PHP is. Though I'm EXTREMELY new to it. Just have a person who helps me with it. But I'm out for the night so addios!
-
<? <table style="width:650px;"> <?php $query="Select * FROM catalog"; $result=mysql_db_query($DBname, $query, $link); for ($i=0; $i<=5; $i++){ <tr> while ($row=mysql_fetch_array($result)) { echo "<td><img src=\"".$row['picture']."\"class=\"thumb\"><br/><center><a href=makeorder.php"."?p_id=".$row['id'].">".$row['p_name']."</a></center></td>"; } </tr> } mysql_close($link); ?> Try that code? Not sure at all what it's gona do. Notice I put everything on one line and echoed it instead. No clue if this is gona work. Also the <td>'s are back in to make the text be under the image as well as the image comes first instead of the text now.
-
Try this <table style="width:650px;"><tr><td> <?php $query="Select * FROM catalog"; $result=mysql_db_query($DBname, $query, $link); while ($row=mysql_fetch_array($result)) { print ("<a href=makeorder.php"); print ("?p_id="); print($row['id']); print(">"); print($row['p_name']); print("</a>"); print("<img src=\""); print($row['picture']); print("\"class=\"thumb\">"); } mysql_close($link); ?> </td></tr></table> Not sure why the </table> was being printed by PHP? So I moved it out.
-
As I can see it didn't 100% fix it, but it did get it all onto one row. IF you were to put a class on the table (or just style it) and put a width down of however big the box is, it should fix it. http://www.storyoftherealms.com/2008testsite/Dev2Net/test.html I updated it to show what I mean. With a width on the table it makes it go down automatically.
-
Just tested some images of my own, and its due to the fact that you have <tr><td><img...></td></tr> around every image. Thus it makes it go down. Theres a link for ya for an example. http://www.storyoftherealms.com/2008testsite/Dev2Net/test.html So get rid of the <tr><td>'s and just put them after <table>'s. Not sure if that will 100% fix it.