DeanWhitehouse

ok, thanks, the only thing is, that i can't tell if this is working, as i always remain logged in anyway.

soz, lol, i got a bit confused, as it is the first time i used something like that

i get an unexpected TSTRING error with this $length = int strlen(string $user_password); how can i fix this, as adding "" to it doesn't work

o rite, thanks, and i didn't want to test it as it is emebbed in this code, and it would mean i would have to delete my tables in the database to test, but i will make a register page to test it on. <?php /*Random Game Design: PHP Website Template/CMS Version 1 Copyright Dean Whitehouse, 2008*/ require_once '../includes/db_connect.php'; if(isset($_POST['admin_signup'])){ $user_name = mysql_real_escape_string($_POST["user_name"]); $user_password =mysql_real_escape_string($_POST["user_password"]); $user_password2 =mysql_real_escape_string ($_POST["user_password2"]); $user_email =mysql_real_escape_string ($_POST["user_email"]); $user_email2 =mysql_real_escape_string ($_POST["user_email2"]); $ip = $_SERVER['REMOTE_ADDR']; if ($user_name && $user_password && $user_password2 && $user_email && $user_email2) { $user_check = mysql_num_rows(mysql_query("SELECT * FROM `$user` WHERE userlevel=1 ")); $length = strlen($user_password); if ($length >= 6) { if ($user_check >= 1) { echo "Sorry, but the head admin account is already created. Please delete the table in your mysql database and run the install.php file."; } elseif ($user_password == $user_password2 && $user_email == $user_email2) { $userPswd = md5($user_password); $userpwsd = sha1($userPswd); mysql_query("INSERT INTO `$user` (user_id, user_name, user_password, user_email, user_ip, userlevel) VALUES ('','$user_name','$userpwsd','$user_email','$ip','1')") or die('Error ' . mysql_error()); require_once 'main_write.php'; require_once 'redirect_install.php'; } } else { echo "Either the passwords or emails you entered do not match. Please check these details and try again"; } } else { echo "Please fill in all of the required fields."; } } mysql_close(); ?> <?php if(isset($_POST['continue_saved'])) { ?> <html> <table bgcolor='#999999' align='center' width="400px"> <form action='<?php $_SERVER['PHP_SELF']; ?>' method='POST'> <tr><td width="10px">Username: </td><td><input type='text' name='user_name' maxlength="20" width="400px" /><br /></td></tr> <tr><td width="10px">Maximum Length<br /> 20 characters.</td></tr> <tr><td width="10px">E-mail Address:</td> <td><input type='text' name='user_email' /><br /></td></tr> <tr><td width="10px">Confirm E-mail Address: </td><td><input type='text' name='user_email2' /><br /></td></tr> <tr><td width="10px">Password:</td><td> <input type='password' name='user_password' maxlength="30" /><br /></td></tr> <tr><td width="10px">Maximum Length<br /> 20 characters.</td></tr> <tr><td width="10px">Confirm Password:</td><td> <input type='password' name='user_password2' maxlength="30"/><br /></td></tr> <tr><td><input type='submit' value='Complete Registration' name='admin_signup' /></td><td><input type="reset" value="Reset Fields" name="reset" /></td></tr> </form> </table> </html> <?php exit(); } if(isset($_POST['table_saved'])) { require_once '../includes/db_connect.php'; mysql_connect($dbhost,$dbuser,$dbpass) or die('Could not connect: ' . mysql_error()); // Select database mysql_select_db($dbname) or die('Could not find the database: ' . mysql_error()); $sql_user = "CREATE TABLE $user( user_id int(11) AUTO_INCREMENT NOT NULL PRIMARY KEY, user_name varchar(100) NOT NULL, user_password varchar(100) NOT NULL, user_email varchar(100) NOT NULL, user_ip varchar(20) NOT NULL, user_ban varchar(3) NOT NULL, ban_reason varchar(100) NOT NULL, ban_length varchar(25) NOT NULL, userlevel tinyint(1) unsigned NOT NULL, random_key varchar(32) NOT NULL, user_activated varchar(25) NOT NULL )"; $sql_forum1 = "CREATE TABLE $forum_quest( id int(4) NOT NULL AUTO_INCREMENT PRIMARY KEY, topic varchar(255) NOT NULL default '', detail longtext NOT NULL, name varchar(65) NOT NULL default '', email varchar(65) NOT NULL default '', datetime varchar(25) NOT NULL default '', view int(4) NOT NULL default '0', reply int(4) NOT NULL default '0' )AUTO_INCREMENT=1"; $sql_forum2 = "CREATE TABLE $forum_answ( question_id int(4) NOT NULL default '0', a_id int(4) NOT NULL default '0', a_name varchar(65) NOT NULL default '', a_email varchar(65) NOT NULL default '', a_answer longtext NOT NULL, a_datetime varchar(25) NOT NULL default '', KEY a_id (`a_id`) )"; $make_user= mysql_query($sql_user); $make_forum = mysql_query($sql_forum1); $make_forum1 = mysql_query($sql_forum2); $checkifexist_user = mysql_query ("SELECT * FROM '$user' LIMIT 0,1"); $checkifexist_quest = mysql_query ("SELECT * FROM '$forum_quest' LIMIT 0,1"); $checkifexist_answ = mysql_query ("SELECT * FROM '$forum_answ' LIMIT 0,1"); if (!$make_user) { echo("'$user' Table already exists.<br>'$user' table could not be created.<br>"); } else { echo("'$user' Table Created.<br>"); } if (!make_forum) { echo("'$forum_quest' Table already exists.<br>'$forum_quest' table could not be created.<br>"); } else { echo("'$forum_quest' Table Created.<br>"); } if (!make_forum1) { echo("'$forum_quest' Table already exists.<br>'$forum_quest' table could not be created.<br>"); } else { echo("'$forum_answ' Table Created.<br>"); } ?><form action="<?php $_SERVER['PHP_SELF'] ?>" method="post"> <input type="submit" value="Continue" name="continue_saved"/> <? mysql_close(); exit(); } if(isset($_POST['table_names'])) { require_once '../includes/db_connect.php'; $dbhost = $_POST["dbhost"]; $user = $_POST["user"]; $forum_quest = $_POST["forum_question"]; $forum_answ = $_POST ["forum_answers"]; if ($user.$forum_quest.$forum_answ) { require_once "config_writetable.php"; echo "Table details saved:<br>User details saved:$user<br>Forum Questions saved:$forum_quest<br>Forum Answers saved:$forum_answ"; ?> <p>Table name's saved, press continue to create the table.<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post"> <input type='submit' value='Continue' name='table_saved'> </form> </p> <?php } else { echo ("Please go back and fill in the required fields"); } exit(); } if(isset($_POST['check'])) { // Database Connection Information $dbhost = $_POST["dbhost"]; // Database Host $dbuser = $_POST["dbuser"]; // Database Username $dbpass = $_POST["dbpass"]; // Database Password $dbname = $_POST["dbname"]; // Database Name // Attempt to connect to the database using the user submitted form. $con = mysql_connect($dbhost, $dbuser, $dbpass); if ($con) { require_once 'config_write.php'; echo "You have successfully connected with these details to '$dbname'. <br>Username - '$dbuser'<br> Password - '$dbpass'<br> Database Host - '$dbhost'<br>Please enter the table names you want, or if you want to use the preset names click continue. NOTE: Each table must be a different name. Please do not leave any blank spaces. "; ?> <table align="center" bgcolor="#333333" width="300px" border="0"> <form method="post" action="<?php $_SERVER['PHP_SELF']; ?>"> <tr><td><font color="#FFFFFF">User Details:</td><td><input type='text' name='user'></td></tr> <tr><td><font color="#ffffff">Forum Questions</td> <td><input type="text" name='forum_question'></td></tr> <tr><td><font color='#ffffff'>Forum Answers</td> <td><input type='text' name='forum_answers'><br></td></tr> <tr><td></td><td><input type='submit' value='Continue' name='table_names'></td></tr> </font> </form> </table> <?php exit(); } else { echo 'Error connecting to database:' . mysql_error() . '\n'; // Database creation failed ?> <p>Welcome to the random game design website template. Please follow this set-up and then you can customise your site fully.<br>Plese only click this button once, as it will reset your progress.<form method='post' action="<?php $_SERVER['PHP_SELF']; ?>"><input type='submit' value='Start' name='start'></form> </p> <?php } // Close connection to the database mysql_close(); } else { ?> <!--<p>Welcome to the random game design website template. Please follow this set-up and then you can customise your site fully.<br>Plese only click this button once, as it will reset your progress.<form method='post' action="<?php $_SERVER['PHP_SELF']; ?>"><input type='submit' value='Start' name='start'></form>--> </p> <?php } if(isset($_POST['simple_start'])) if(isset($_POST['advanced_start'])) { echo ('Please enter the details used to connect to your MySql database.'); ?> <table align='center' bgcolor="#999999" width='300px' border='0'><form method='post' action="<?php $_SERVER['PHP_SELF']; ?>"> <tr><td> Database Host:</td><td> <input type='text' name='dbhost'><br></td></tr> <tr><td> Database Username:</td><td> <input type='text' name='dbuser'><br></td></tr> <tr><td> Database Password: </td><td> <input type='text' name='dbpass'><br></td></tr> <tr><td> Database Name: </td><td> <input type='text' name='dbname'><br></td></tr> <tr><td></td><td><input type='submit' value='Continue' name='check'> </td></tr></form> </table> <?php } } else { ?> <p>Welcome to the random game design website template. Please follow this set-up and then you can customise your site fully.<br> <form method='post' action="<?php $_SERVER['PHP_SELF']; ?>"><input type='submit' value='Simple Setup' name='simple_start'> <form method='post' action="<?php $_SERVER['PHP_SELF']; ?>"><input type='submit' value='Advanced Setup' name='advanced_start'></form> </p> <?php } ?> and this is my updated bit, i believe this is what u ment $length = int strlen(string $user_password);

I don't no if i used cookies properly in this , can someone check please, also can some explain why the bottom bit in the form isn't working, where i have the echo in the form? <?php session_start(); /*Random Game Design: PHP Website Template/CMS Version 1 Copyright Dean Whitehouse, 2008*/ if (isset($_GET['logout'])) { //setcookie("cookname", $_SESSION['username'], time() - 3600, "/"); //setcookie("cookpass", $_SESSION['user_password'], time() - 3600, "/"); session_unset(); session_destroy(); } if ($_SESSION['is_valid'] == true) { if ($_SESSION['user_level'] == 2) { ?> <table class='logged_in'><tr><td> <p>Welcome, <br><?php echo $_SESSION['id_username']; ?> <br><a href='user_profile.php?id=<?php echo $_SESSION['user_id']; ?>'>User Profile</a><br> <a href='user_setting.php'>Settings</a><br> <a href="<?php print $_SERVER["PHP_SELF"]; ?>?logout=true">Logout</a><br /> </td></tr><tr><td>Logged In</td></tr></table></p> <?php } if ($_SESSION['user_level'] == 1) { ?> <table class='logged_in'><tr><td> <p>Welcome, <?php echo $_SESSION['id_username']; ?> <br><a href='user_profile.php?id=<?php echo $_SESSION['user_id']; ?>'>User Profile</a><br> <a href='user_setting.php'>Settings</a><br> <a href='admin_centre.php'>Admin Area</a><br> <a href="<?php print $_SERVER["PHP_SELF"]; ?>?logout=true">Logout</a><br /> </td></tr><tr><td>Logged In</td></tr></table></p> <?php } } else { require_once 'includes/db_connect.php'; if ($_SESSION['is_valid'] == false) { if (isset($_POST['login'])) { $user_name = $_POST["user_name"]; $user_password = $_POST["user_password"]; $cookiename = forumcookie; $verify_username = strlen($user_name); $verify_pass = strlen($user_password); if ($verify_pass > 0 && $verify_username > 0) { $userPswd = md5($user_password); $userpwsd = sha1($userPswd); $sql = "SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userpwsd' LIMIT 1;"; $result = mysql_query($sql) or die(mysql_error(). " in $sql"); if (mysql_num_rows($result) == 1) { $row = mysql_fetch_assoc($result); $user_level = $row['userlevel']; if ($user_level == 1) { $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); $_SESSION['id_username'] = $row['user_name']; $_SESSION['id_user_password'] = $row['user_password']; $_SESSION['user_level'] = $row['userlevel']; $_SESSION['user_id'] = $row['user_id']; header("Location:http://".$_SERVER[HTTP_HOST].$_SERVER[REQUEST_URI]); $_SESSION['is_valid'] = true; if(isset($_POST['remember'])) { setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/"); setcookie("cookpass", $_SESSION['user_password'], time()+60*60*24*100, "/"); } } elseif ($user_level == 2){ $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); $_SESSION['id_username'] = $row['user_name']; $_SESSION['id_user_password'] = $row['user_password']; $_SESSION['user_level'] = $row['userlevel']; $_SESSION['user_id'] = $row['user_id']; header("Location:http://".$_SERVER[HTTP_HOST].$_SERVER[REQUEST_URI]); $_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files if(isset($_POST['remember'])){ setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/"); setcookie("cookpass", $_SESSION['user_password'], time()+60*60*24*100, "/"); } } } else{ echo "Login failed. Username and Password did not match database entries."; } } else { echo "Form was not completed. Please go back and make sure that the form was fully completed."; } } $server = str_replace("?logout=true","",$_SERVER['PHP_SELF']); ?> <table bgcolor='#999999' align='right'><form action=" <?php echo $server ?> " method='POST'> <tr><td>Username: </td><td><input type='text' name='user_name' value="<?php echo $_COOKIE["cookname"]; ?>" /><br /></td></tr> <tr><td>Password:</td><td> <input type='password' name='user_password' /><br /></td></tr> <tr><td><input type="hidden" name="login" value="true"><input type="submit" value="Submit"></td></tr> <tr><td><input type="checkbox" value="1" name="remember"> Remember Me </td></tr><tr><td><a href="register.php">[Register]</a></td></tr><tr><td><a href="forgot_password.php">[Forgot Password?]</a></td></tr></table> </form> <?php mysql_close(); } else { header("Location:http://".$_SERVER[HTTP_HOST]); } } ?>

but JS can be turned off, in certain browsers, so it can be got around

I think it is, this post is about remember me, i am just checking if my code was right,and also if dragen wanted to use it if he didn't get the answer he wanted. BTW, dragen, soz for interupting your thread, but i didn't want to waste forum space. 448191. how do i do that, as i haven't an idea how.

I want to set a minimum password lenght, would this be the right way to do it? if ($user_name && $user_password && $user_password2 && $user_email && $user_email2) { $user_check = mysql_num_rows(mysql_query("SELECT * FROM `$user` WHERE userlevel=1 ")); $length = strlen($user_password); if ($length >= 6) { if ($user_check >= 1) { echo "Sorry, but the head admin account is already created. Please delete the table in your mysql database and run the install.php file."; } elseif ($user_password == $user_password2 && $user_email == $user_email2) { $userPswd = md5($user_password); $userpwsd = sha1($userPswd); mysql_query("INSERT INTO `$user` (user_id, user_name, user_password, user_email, user_ip, userlevel) VALUES ('','$user_name','$userpwsd','$user_email','$ip','1')") or die('Error ' . mysql_error()); require_once 'main_write.php'; require_once 'redirect_install.php'; } } else { echo "Either the passwords or emails you entered do not match. Please check these details and try again"; } } else { echo "Please fill in all of the required fields."; } }

anyone, no about my remeber me feature, or does everything look ok in the code(above)

can u show your signup code

ok, thanks for the code to do the error checking, i found out that i had left out a code to write the tablenames.

this is the error Incorrect table name '' in SELECT * FROM `` WHERE user_name='test' AND user_password='4028a0e356acc947fcd2bfbf00cef11e128d484a' LIMIT 1;

how would i get this remember me feature to work. <?php require_once 'includes/db_connect.php'; if ($_SESSION['is_valid'] == false){ if (isset($_POST['login'])){ $user_name = $_POST["user_name"]; $user_password = $_POST["user_password"]; $cookiename = forumcookie; $verify_username = strlen($user_name); $verify_pass = strlen($user_password); if ($verify_pass > 0 && $verify_username > 0) { $userPswd = md5($user_password); $userpwsd = sha1($userPswd); $sql = "SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userpwsd' LIMIT 1;"; $result = mysql_query($sql); if (mysql_num_rows($result) == 1){ $row = mysql_fetch_assoc($result); $user_level = $row['userlevel']; if ($user_level == 1) { $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); $_SESSION['username'] = $row['user_name']; $_SESSION['user_password'] = $row['user_password']; $_SESSION['user_level'] = $row['userlevel']; $_SESSION['user_id'] = $row['user_id']; header("Location:http://".$_SERVER[HTTP_HOST]); $_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files if(isset($_POST['remember'])){ setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/"); setcookie("cookpass", $_SESSION['user_password'], time()+60*60*24*100, "/"); } } elseif ($user_level == 2){ $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); $_SESSION['username'] = $row['user_name']; $_SESSION['user_password'] = $row['user_password']; $_SESSION['user_level'] = $row['userlevel']; $_SESSION['user_id'] = $row['user_id']; header("Location:http://".$_SERVER[HTTP_HOST]); $_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files if(isset($_POST['remember'])){ setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/"); setcookie("cookpass", $_SESSION['user_password'], time()+60*60*24*100, "/"); } } } else{ echo "Login failed. Username and Password did not match database entries."; } } else { echo "Form was not completed. Please go back and make sure that the form was fully completed."; } } ?> <html> <table bgcolor='#999999' align='right'><form action="<?php $_SERVER['PHP_SELF']; ?>" method='POST'> <tr><td>Username: </td><td><input type='text' name='user_name' /><br /></td></tr> <tr><td>Password:</td><td> <input type='password' name='user_password' /><br /></td></tr> <tr><td><input type="hidden" name="login" value="true"><input type="submit" value="Submit"></td></tr> <tr><td><input type="checkbox" value="1" name="remember"> Remember Me </td></tr><tr><td><a href="register.php">[Register]</a></td></tr><tr><td><a href="forgot_password.php">[Forgot Password?]</a></td></tr></table> </form> </html> <?php mysql_close(); } else { header("Location:http://".$_SERVER[HTTP_HOST]); } ?>

I can't see why this is happening. Can u? <?php require_once 'includes/db_connect.php'; if ($_SESSION['is_valid'] == false){ if (isset($_POST['login'])){ $user_name = $_POST["user_name"]; $user_password = $_POST["user_password"]; $cookiename = forumcookie; $verify_username = strlen($user_name); $verify_pass = strlen($user_password); if ($verify_pass > 0 && $verify_username > 0) { $userPswd = md5($user_password); $userpwsd = sha1($userPswd); $sql = "SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd' LIMIT 1;"; $result = mysql_query($sql); if (mysql_num_rows($result) == 1){ $row = mysql_fetch_assoc($result); $user_level = $row['userlevel']; if ($user_level == 1) { $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); $_SESSION['username'] = $row['user_name']; $_SESSION['user_password'] = $row['user_password']; $_SESSION['user_level'] = $row['userlevel']; $_SESSION['user_id'] = $row['user_id']; header("Location:http://".$_SERVER[HTTP_HOST]); $_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files if(isset($_POST['remember'])){ setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/"); setcookie("cookpass", $_SESSION['user_password'], time()+60*60*24*100, "/"); } } elseif ($user_level == 2){ $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); $_SESSION['username'] = $row['user_name']; $_SESSION['user_password'] = $row['user_password']; $_SESSION['user_level'] = $row['userlevel']; $_SESSION['user_id'] = $row['user_id']; header("Location:http://".$_SERVER[HTTP_HOST]); $_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files if(isset($_POST['remember'])){ setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/"); setcookie("cookpass", $_SESSION['user_password'], time()+60*60*24*100, "/"); } } } else{ echo "Login failed. Username and Password did not match database entries."; } } else { echo "Form was not completed. Please go back and make sure that the form was fully completed."; } } ?> <html> <table bgcolor='#999999' align='right'><form action="<?php $_SERVER['PHP_SELF']; ?>" method='POST'> <tr><td>Username: </td><td><input type='text' name='user_name' /><br /></td></tr> <tr><td>Password:</td><td> <input type='password' name='user_password' /><br /></td></tr> <tr><td><input type="hidden" name="login" value="true"><input type="submit" value="Submit"></td></tr> <tr><td><input type="checkbox" value="1" name="remember"> Remember Me </td></tr><tr><td><a href="register.php">[Register]</a></td></tr><tr><td><a href="forgot_password.php">[Forgot Password?]</a></td></tr></table> </form> </html> <?php mysql_close(); } else { header("Location:http://".$_SERVER[HTTP_HOST]); } ?> this is the code, and this is where the error is if (mysql_num_rows($result) == 1){

I am doing research into what websites attract people. Please post below what type of site would attract you. Anything from social networks, to sites like wikipedia.

how can i fix this?

If you give me a email, i can send you a script i have, but adjust it to your needs. my email: deanwhitehouse6@hotmail.com

you use IF

er, what you do in the login code set the session if they login successfully, then in the header of all the pages you need session start. then on protected pages check for the session.

u will have to use sessions to make the ?id=

create a username and password for each user who can edit it , and make a login form on the page, then check the data they enter against the database then set them a session and check for that session on the protected pafge

To turn it off(fix it) i need to create a .htacces file or a php.ini file?? what do i need to write in these

sorry, i was just saying, i haven't had access to the files yet, i will try when i have time , i was just saying

the user_id is also saved in a session, but this session seems to be overwrote when i click on another users id

also ,i just found out that the user level is also transfered so the user, can now see the admin area