Lukeidiot

Any ideas? I'm also working on an adminpane/edit user script for my member's system. http://lockpick.lukeidiot.com/?go=adminpanel I have had the problem of not getting the values in the right order like: "UPDATE fb_users SET name='$name', surname='$surname', email='$email' WHERE id='$id' LIMIT 1"; Should be: "UPDATE fb_users SET surname='$surname', name='$name', email='$email' WHERE id='$id' LIMIT 1"; Give me a hit on aim or msn.. AIM: Lukeidiots MSN: Lukeidiot@gmail.com

Any idea?

With just a little research I myself was able to potentially hack your site: http://www.freemmorpgmaker.com/index.php

Thanks, sometimes the small mistakes really get you lol PS: When I try to login, it says "Successfully logged in" but when i try to goto cpanel, it says "you need to be logged in"?

This is what it gave me:

also: http://lockpick.lukeidiot.com/?go=register and login.php <?php $_SESSION['username'] = $username; if (empty($online['id'])){ if ($_POST['Login']) { $user = clean($_POST['username']); $pass = clean($_POST['password']); if (!$user | !$pass){ echo 'You left a field empty. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; } else { $pass = md5($pass); $query = "SELECT * FROM `users` WHERE username = '$user' AND password = '$pass'"; $query = mysql_query($query); $values = mysql_fetch_array($query); if (mysql_num_rows($query) == 1){ $expire = time() + (7*86400); setcookie("username", $user, $expire); echo 'Success, you have been logged in!<br />'; echo '<a href="?go=cpanel">Continue to Cpanel</a>.'; } else { echo 'Incorrect username and password. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; } } } else { ?> <form method="post" action="<?=$_SERVER['REQUEST_URI']?>"> Username:<br /> <input name="username" type="text" id="username"> <br /> Password:<br /> <input name="password" type="password" id="password"> <br /> <input name="Login" type="submit" id="Login" value="Login"> </form> <? } } else { echo 'You are already logged in!<br>'; echo '<a href="?go=cpanel">Continue to Cpanel</a>.'; } ?>

any idea guys? http://lockpick.lukeidiot.com/?go=login Register.php <?php # include the config file //included in index.php as my navigation naturally includes all pages "?go=page".. if ($_POST['Submit']){ # check to see if the form was submitted # if so... $payout = clean($_POST['type']); //Luke: Adds user's payout.. $type = clean($_POST['type']); # adds user's account type $username = clean($_POST['username']); # post the form fields and clean the strings $password = clean($_POST['password']); $password_con = clean($_POST['password_con']); $email = clean($_POST['email']); $ip = clean($_SERVER['REMOTE_ADDR']); # get the IP of the browsing computer $signup = date('m/d/y'); # get the timestamp of the signup if (!$username | !$password | !$password_con | !$email){ # if any of the strings form the form are empty echo 'You must fill in every field. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; } else { if ($password != $password_con){ # if the passwords do not match echo 'Password fields did not match. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; } else { $username_test = "SELECT * FROM `users` WHERE username = '$username'"; $username_test = mysql_query($username_test); # check if the username is already in use if (mysql_num_rows($username_test) == 1){ # if the username is being used echo 'Username is already being used. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; } else { $md5pass = md5($password); # change the password to an md5 hash $type = 'Customer'; //sets default "type" $payout = '0.00'; //sets default payout when registering. "payout" #default signup is customer. $add = "INSERT INTO `users` VALUES ('', '$username', '$md5pass', '$email', '$ip', '$signup', '$type', $payout')"; # setup a query to insert the data into the table. mysql_query($add); # run the query echo 'Success. You are now registered.<br />'; echo 'Login using the following information:<br />'; echo 'Username: '.$username.'<br />'; echo 'Password: '.$password; } } } } else { # else the form was not submitted ?> <form method="post" action="<?=$_SERVER['REQUEST_URI']?>"> Username:<br /> <input type="text" name="username"> <br /> Password:<br /> <input type="password" name="password"> <br /> Confirm Password:<br /> <input type="password" name="password_con"> <br /> E-mail:<br /> <input type="text" name="email"> <br /> <input type="submit" name="Submit" value="Register"> </form> <? } ?>

Well I've made a customer member system and needed a little guided assistance for my new any up coming small business. Link to admin panel: http://lockpick.lukeidiot.com/?go=adminpanel It's mostly a rough draft, meaning not all of it has coding behind it yet. (which is why im requesting a bit of help from you guys.) If you have any helpful information to post, please please feel free!

Okay i've been working on my new site: http://lockpick.lukeidiot.com/?go=apply And I have the Job Application pretty much done, except I want it to be a little more secure. Is it possible to limit the number of 'Submits' a user from a certain IP is capible of submitting a Job Application? (example: user1 from ip: 127.0.0.1 sends in a Job Application Form, and is only allowed one submit per day/week/year) Is this possible? AKA One submit per IP, per time limit? =================================== Is also an idea. Logging the IP to a MySQL or Writable Text file. Maybe have 3 Submits, then they cant submit anymore. ===================================== Basically heres my other help TOPIC: http://www.vbforums.com/showthread.php?p=3223427#post3223427 Read over it, it will better help you understand my problem THANKS!