burnside

so what i need to do to get it to work?

i dont quite understand what you mean

yeah but ill need to check every page so if not logged in they wont be able to acsess the pages wont i?

odisey : it doent work i treid all that its got me.

no doesnt work sorry just echo " bla bla bla ";

how you mean?? $_SESSION(username) ?? any help would be gret.

i am working on a small login script for a site i am working on. Problem is it wont display the information. the code is : Checklogin.php <?php $title = "SeverancE Dawn of Destruction - Login Security "; include("connect.php"); // username and password sent from signup form $username=$_POST['username']; $password=$_POST['password']; $sql="SELECT * FROM users WHERE username='$username' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_success.php"); } else { include("indextop.php"); echo "<strong><font color=\"black\">Unable to login</font></strong><br /> <br /><ul><li>wrong username supplied</li><br /><li>wrong password supplied</li></ul><br /><br /><center><a href=index.php>back</a></center>"; include("indexbottom.php");} ?> witch works and loges you in if the information is correct. But the file below seems to be the problem login_success.php <? session_start(); if(!session_is_registered(username)){ header("location:main_login.php"); } $title = "SeverancE Dawn of Destruction - Members area"; $page = "Login Area"; include("connect.php"); include("top.php"); $check = mysql_query("SELECT * FROM users WHERE username = '$myusername'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) echo " blah blah $info[username <-- [color=red]SOULD display username[/color]]"; include("bottom.php"); ?> it should display the username but doesnt do any thing. [code] [/code]

i have seen it about a few times what does it menaS? User Enumeration? ???? ?

Haha i have loads more.

im new too hahaha, i think i know what you mean ilL have a go for you.

looking throught the code you have missed < out about 3 times and alson a few ;

Sorry i didnt mean to offend, i have some jelly tots for you.

Hey click topic solved if you been helped please. And OMG havent hear love you lots like jelly totts for years!!!

Hey all, i think this is in the right topic if not feel free to move it please, my query is , Is it possable to add a image in a drop down menu?

That works. thank you very much,

Hey thank you, Sorry i posted in the wrong forum, hope your not mad at me,

yeah sumit like that, i mean say for example, if a option was : <select> <option>high</option> <---- background red <option>medium</option> <---- background green <option>low</option> <---- background yellow </select> if yo know what im trien to say hahaha

Hi i was woundering is it possable to change the color of a drop down menu? Ill try explane , <select> <option>red</option> <option>blue</option> <option>black</option> </select> is it possable to like change the background of the option? If you get what im trien to say sorry im not to good at explaning

Hey, i was just woundering can you disable people closing your web page by clicking on the X at the top right hand side of the page? if so how would you do it?

What does the code look like ?

Hey sent you mail soplex ill give you a hand if you want?

So can any one give me any hints please?

Sorry, My bad new to all this, when i click the link to edit the details the name apears in the text box, but when i edit the name and click update nothing happens it should post name changed the change the name in the database but it does nothing when i click update just takes me back the the cont.php file. Sorry not much help.

Can any one see any reason this isnt working ? doesnt seem to change any thing or ot its got me stumped echo " <Tr><Td>Username <td>:<td>$info[username] <a href=cont.php?action=name>Edit</a></td> "; if ($_GET[action] == "name"){ if(!$_GET[change]){ echo "<br><form action=cont.php method=post>"; echo "<input type=hidden name=action value=name>"; echo "New Name: <input type=text size=30 name=change value=\"$info[username]\"><br>"; echo "<input type=submit value=Update></form><p>"; echo "<br><br><center>[<a href=cont.php>Back</a>]</center>"; }else{ $change = trim($change); $first = ord(substr($change,0,1)); if((strlen($change) > 20) || (strlen($change) < 4)){ echo "Username must be between 4 and 20 characters."; echo "<br><br><center>[<a href=cont.php?action=name>Back</a>]</center>"; }elseif(substr($change,0,1) == " "){ echo "Username can not start with a space."; echo "<br><br><center>[<a href=cont.php?action=name>Back</a>]</center>"; }elseif(substr($change,0,1) == "."){ echo "Username can not start with a dot."; echo "<br><br><center>[<a href=cont.php?action=name>Back</a>]</center>"; }elseif(($first >= 48 && $first <= 57) || ($first >= 65 && $first <= 90) || ($first >= 97 && $first <= 122) || ($first = 126)){ $change = eregi_replace(".com","...",$change); $change = eregi_replace("www.",".",$change); $change = eregi_replace(".tk",".",$change); $change = eregi_replace(".net","...",$change); $usercheck = mysql_query("SELECT * FROM users WHERE username like '$change'"); if(@mysql_num_rows($usercheck) > 0){ echo "Username already taken"; echo "<br><br><center>[<a href=cont.php?action=name>Back</a>]</center>"; /* }else{ $checkip = mysql_query("SELECT * FROM users WHERE ip = '$info[ip]'"); if((@mysql_num_rows($checkip) > 1) && ($info[status] == "Member")){ echo "Cannot change username while two users are on the same IP"; echo "<br><br><center>[<a href=cont.php>Back</a>]</center>"; */ }else{ $change = htmlspecialchars($change); $change = eregi_replace("admin","loser",$change); $change = eregi_replace("manager","loser",$change); $change = eregi_replace(".com","...",$change); $change = eregi_replace(".net","...",$change); $change = eregi_replace(" "," ",$change); $change = eregi_replace("adm1n","loser",$change); echo "Name successfully changed from $info[username] to $change"; mysql_query("UPDATE users SET username = '$change' WHERE id = '$info[id]'"); echo "<br><br>[<a href=account.php>Back</a>]</center>"; // } } }else{ echo "Username MUST start with a letter or number."; echo "<br>*$change*<br>"; echo "<br>*$first*<br>"; echo "<br><br><center>[<a href=cont.php?action=name>Back</a>]</center>"; } } }

guess ill have to use the form i dont like them though lol.