johnseito

Hello everyone, I created a register.php page, and haver user enter the username and password. Once they enter it, I then create a login.php page. So now user that logins in can enter username and password. so if they enter a username and supposely this username is in the database, how can i query out the username's associated password? is it this code? $result = mysql_query("select password from users where username ='$username'"); $info = mysql_fetch_array( $result); Echo " $info[password]<br>"; thanks

bump any idea why?

yes, on my register.php page I trim the username entered with this code : $a = trim($_POST['user']); then on my login.php page I trim the username entered with this code : $_POST['user'] = trim($_POST['user']); Thanks,

magic_quotes_gpc is off, it returns a 0, that is why I have this code, if it's off/not on, addslashes to username. if(!get_magic_quotes_gpc()) { $username = addslashes($username); } thanks,

Hello everyone, I was just wondering why when I login with the form, the username and password stored in the database after registration didn't exist when it actually does exist. Thanks, I was just wondering why when the username is in the database yet it still say it didn't. <?php /** * Checks whether or not the given username is in the * database, if so it checks if the given password is * the same password in the database for that user. * If the user doesn't exist or if the passwords don't * match up, it returns an error code (1 or 2). * On success it returns 0. */ function confirmUser($username, $password){/** ---------------------------------CONFIRM USER-----------*/ global $conn; /** Add slashes if necessary - add slashes to ' " \ (for query) Shows whether the configuration option get_magic_quotes_gpc() is on or off. This can also be determined from phpinfo() . For example, this function is useful for determining whether addslashes() needs to be used on data before writing it to a database. magic_quotes_gpc controls whether data received from GET, POST, or cookie operations has special characters prepended with a backslash (\). */ if(!get_magic_quotes_gpc()) {// Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("),An example use of addslashes() is when you're entering data into a database. For example, to insert the name O'reilly into a database, you will need to escape it. Most databases do this with a \ which would mean O\'reilly. This would only be to get the data into the database, the extra \ will not be inserted. $username = addslashes($username); } /** Verify that user is in database */ $result = mysql_query("select password from users where username ='$username'"); /** password is a field from users table, username field */ //$q = "select password from users where username = '$username'"; //$result = mysql_query($q,$conn); if(!$result || (mysql_numrows($result) < 1)){ return 1; /** Indicates username failure.. if username and password then return 1 */ } /** Retrieve password from result, strip slashes */ $dbarray = mysql_fetch_array($result); //$password = stripslashes($dbarray['password']); $dbarray['password'] = stripslashes($dbarray['password']); // password is the field from the database $password = stripslashes($password); /** Validate that password is correct */ if($password == $dbarray['password']){ return 0; /** Success! Username and password confirmed */ } else{ return 2; /** Indicates password failure*/ } }/** --------------------------------CONFIRM USER--------------------------------------------- */ /** * checkLogin - Checks if the user has already previously * logged in, and a session with the user has already been * established. Also checks to see if user has been remembered. * If so, the database is queried to make sure of the user's * authenticity. Returns true if the user has logged in. */ function checkLogin(){ /** Check if user has been remembered */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){ $_SESSION['username'] = $_COOKIE['cookname']; $_SESSION['password'] = $_COOKIE['cookpass']; } /** Username and password have been set */ if(isset($_SESSION['username']) && isset($_SESSION['password'])){ /** Confirm that username and password are valid */ if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){ /** Variables are incorrect, user not logged in */ unset($_SESSION['username']); unset($_SESSION['password']); return false; } return true; } /** User not logged in */ else{ return false; } } /** * Determines whether or not to display the login * form or to show the user that he is logged in * based on if the session variables are set. */ function displayLogin(){ global $logged_in; //if(isset($_POST['sublogin'])){ if($logged_in){ echo "<h1>Logged In!</h1>"; echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>"; } else{ ?> <h1>Login</h1> <form action="" method="post"> <table align="left" border="0" cellspacing="0" cellpadding="3"> <tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr> <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr> <tr><td colspan="2" align="left"><input type="checkbox" name="remember"> <font size="2">Remember me next time</td></tr> <tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr> <tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr> </table> </form> <?php } } /** * Checks to see if the user has submitted his * username and password through the login form, * if so, checks authenticity in database and * creates session. */ if(isset($_POST['sublogin'])){/** ================================================================================= /** Check that all fields were typed in */ if(!$_POST['user'] || !$_POST['pass']){ die('You didn\'t fill in a required field.'); } /** Spruce up username, check length */ $_POST['user'] = trim($_POST['user']); if(strlen($_POST['user']) > 30){ die("Sorry, the username is longer than 30 characters, please shorten it."); } /** Checks that username is in database and password is correct */ $md5pass = md5($_POST['pass']); $result = confirmUser($_POST['user'], $md5pass); /** Check error codes */ if($result == 1){ die('That username doesn\'t exist in our database.'); } else if($result == 2){ die('Incorrect password, please try again.'); } /** Username and password correct, register session variables */ $_POST['user'] = stripslashes($_POST['user']); $_SESSION['username'] = $_POST['user']; $_SESSION['password'] = $md5pass; /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his username, * and one to hold his md5 encrypted password. We set them both to * expire in 100 days. Now, next time he comes to our site, we will * log him in automatically. */ if(isset($_POST['remember'])){ setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/"); setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/"); } /** Quick self-redirect to avoid resending data on refresh */ echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[php_SELF]\">"; return; }/** =========================================================================================================== /** Sets the value of the logged_in variable, which can be used in your code */ $logged_in = checkLogin(); displayLogin(); ?>

thank you, that work. So can you tell me why to put the displaylogin() function there for it to work? thanks.

Hello everyone, If anyone could help me with this, I appreciate it. In the blow code the html form didn't show in the browser. is there anything wrong with the code? the logic is that if variable $logged_in is false/not true show the form other wise display login function and please let me know why this code doesn't show the form, when I go to browser localhost/login.php? Thanks, <?php /** * Checks whether or not the given username is in the * database, if so it checks if the given password is * the same password in the database for that user. * If the user doesn't exist or if the passwords don't * match up, it returns an error code (1 or 2). * On success it returns 0. */ function confirmUser($username, $password){/** ---------------------------------CONFIRM USER-----------*/ global $conn; /** Add slashes if necessary (for query) */ if(!get_magic_quotes_gpc()) { $username = addslashes($username); } /** Verify that user is in database */ $q = "select password from users where username = '$username'"; $result = mysql_query($q,$conn); if(!$result || (mysql_numrows($result) < 1)){ return 1; /** Indicates username failure */ } /** Retrieve password from result, strip slashes */ $dbarray = mysql_fetch_array($result); $dbarray['password'] = stripslashes($dbarray['password']); $password = stripslashes($password); /** Validate that password is correct */ if($password == $dbarray['password']){ return 0; /** Success! Username and password confirmed */ } else{ return 2; /** Indicates password failure*/ } }/** --------------------------------CONFIRM USER--------------------------------------------- */ /** * checkLogin - Checks if the user has already previously * logged in, and a session with the user has already been * established. Also checks to see if user has been remembered. * If so, the database is queried to make sure of the user's * authenticity. Returns true if the user has logged in. */ function checkLogin(){ /** Check if user has been remembered */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){ $_SESSION['username'] = $_COOKIE['cookname']; $_SESSION['password'] = $_COOKIE['cookpass']; } /** Username and password have been set */ if(isset($_SESSION['username']) && isset($_SESSION['password'])){ /** Confirm that username and password are valid */ if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){ /** Variables are incorrect, user not logged in */ unset($_SESSION['username']); unset($_SESSION['password']); return false; } return true; } /** User not logged in */ else{ return false; } } /** * Determines whether or not to display the login * form or to show the user that he is logged in * based on if the session variables are set. */ function displayLogin(){ global $logged_in; if($logged_in){ echo "<h1>Logged In!</h1>"; echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>"; } else{ ?> <h1>Login</h1> <form action="" method="post"> <table align="left" border="0" cellspacing="0" cellpadding="3"> <tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr> <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr> <tr><td colspan="2" align="left"><input type="checkbox" name="remember"> <font size="2">Remember me next time</td></tr> <tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr> <tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr> </table> </form> <?php } } /** * Checks to see if the user has submitted his * username and password through the login form, * if so, checks authenticity in database and * creates session. */ if(isset($_POST['sublogin'])){ /** Check that all fields were typed in */ if(!$_POST['user'] || !$_POST['pass']){ die('You didn\'t fill in a required field.'); } /** Spruce up username, check length */ $_POST['user'] = trim($_POST['user']); if(strlen($_POST['user']) > 30){ die("Sorry, the username is longer than 30 characters, please shorten it."); } /** Checks that username is in database and password is correct */ $md5pass = md5($_POST['pass']); $result = confirmUser($_POST['user'], $md5pass); /** Check error codes */ if($result == 1){ die('That username doesn\'t exist in our database.'); } else if($result == 2){ die('Incorrect password, please try again.'); } /** Username and password correct, register session variables */ $_POST['user'] = stripslashes($_POST['user']); $_SESSION['username'] = $_POST['user']; $_SESSION['password'] = $md5pass; /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his username, * and one to hold his md5 encrypted password. We set them both to * expire in 100 days. Now, next time he comes to our site, we will * log him in automatically. */ if(isset($_POST['remember'])){ setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/"); setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/"); } /** Quick self-redirect to avoid resending data on refresh */ echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[php_SELF]\">"; return; } /** Sets the value of the logged_in variable, which can be used in your code */ $logged_in = checkLogin(); ?>

Hello everyone, I am wondering how to check a users input, such as is the user input number, character, and the length of character, etc. And for example if I create a field in the table as: text, for a supposely number input can I check it if the user is inputting a number instead of text? phone varchar(30); Any code examples or links would be greatly appreciated. thanks

Ok, I create a table like this in mysql PHP Code: create table test( day tinyint(2), year int(4)); and I create a form with this two fields and fill in the form, all, or one of the fields and leave one blank. It seems that fill all of them works and the info gets insert into the database, but if i were to fill one field and leave one blank it doesn't work, the info doesn't get inserted into the database. Any idea why? Thanks

Could you show me an example of what you mean? blueman378 The only difference with this code and the other code you have is that this one has <b> day newfield</b> and for this one you didn't have a comma. isn't this a mistake? so to answer your question i am doing this thx

Xajel I think your code is not doing what I want, it seems your code is adding more records with the same amt of data field. <b>What I want to do is add more fields besides the 5 fields I have, then add more record to those fields</b>. when I add an extra field, say the 6th field, it doesn't insert any data into mysql.

I did that: mysql_query("insert into register(firstname, lastname, gender, month, day) values('$firstname', '$lastname', '$gender', '$month', '$day')"); mysql_query("insert into register(year, country, address, State, postal) values('$year', '$country', '$address', '$state', '$postal')"); and it doesn't work, it doesn't enter more that 5 data fields at the same time.

doesn't work, thz

Xajel-- i just tried your method and it still doesn't work, it can't add more than 5 records at a time.

it seems you did this for every 5 records, and you didn't include $ sign infront of each variable.

is there an limit amt of data that insert into mysql at once? Such as this code: PHP Code: mysql_query("insert into register(firstname, lastname, gender, month, day) values('$firstname', '$lastname', '$gender', '$month', '$day')"); If i add more field would there be a problem? It seem like it is because when I add more field it won't insert any data. Thanks

Hello all, I am a bit curious on how the php email works, for example if I have a blog and when someone post, I would like for what they post send to specific users such as myself. Or if I have a login and some users register and click submit I want to send them a welcome email. Could someone provide code examples of how this can work or if it can. Thanks

Hi everyone, was wondering if it's possible or if anyone know how to do a pop up interface that ask a question and then option yes/no? thanks

If i input this code Code: header("Location: " . $_SERVER['PHP_SELF']); after this code Code: this code won't print Code: echo "<font color =red> The file </font><b>". basename( $_FILES['uploaded']['name']). "</b> <font color=red>has been uploaded to the</font>". "<b> $dir </b></font>"."<font color=red> directory.</font><br><br>"; Code: mysql_query("insert into upload3(photo, caption) values('$fileName','$caption')"); header("Location: " . $_SERVER['PHP_SELF']); echo "<font color =red> The file </font><b>". basename( $_FILES['uploaded']['name']). "</b> <font color=red>has been uploaded to the</font>". "<b> $dir </b></font>"."<font color=red> directory.</font><br><br>"; Do you know why or how I can fix it? thanks

I did use POST. <form enctype="multipart/form-data" action="upload.php" method="POST"> Please choose a file: <input type="file" name="uploaded" /><br /> <input type="submit" name="submit" value="Upload" /> </form> could you provide an example? thanks -

here is the code, it seems that the variable $filename is always there and is always the same name of the last uploaded picture. so when you refresh the page this variable name gets inserted into the sql, again and again and again when you keep refreshing it. but when you upload a new picture, this variable will have a new name, and then when you refresh this name will be inserted into the database again and again, therefore repeating the pictures (doubling it). so in essence when you refresh you are running the code to insert the variable name to the sql. we need to change this from happening, if you have any suggestion let me know. <?php $dir = "pictures/"; $target = $dir . basename( $_FILES['uploaded']['name']) ; //$ok=1; $fileName = $_FILES['uploaded']['name']; //connects to database mysql_connect("localhost", "TEST1", "TEST") or die (mysql_error()); mysql_select_db("test") or die (mysql_error()); mysql_query("insert into picture(photo) values('$fileName')"); $allowed_type = array('image/jpg','image/tif','image/gif','image/pjpeg','image/png','image/jpeg'); if(in_array($uploaded_type,$allowed_type)){ if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { echo "<font color =red> The file </font><b>". basename( $_FILES['uploaded']['name']). "</b> <font color=red>has been uploaded to the</font>". "<b> $dir </b></font>"."<font color=red> directory.</font><br><br>"; $data = mysql_query("SELECT * FROM picture") or die(mysql_error()); while($info = mysql_fetch_array( $data ))//Puts it into an array { Echo "<img src=$dir".$info[photo]." width=200 height=200> <br>"; } }else { echo "<font color=red> Sorry, there was a problem uploading your file. Please try again!</font><br><br>"; } } ?>

anyone know how I can fix this? thanks

do you know why that when I refresh the browser the last upload pic doubles? know how i can fix that?

thanks -

Thanks all, Echo "<img src=images".$info[photo]."> <br>"; this seems to work but I am trying to size the pix, like adding width and height for example like Echo "<img src=images".$info[photo]. width=200 height=200"> <br>"; and this doesn't work, any idea?