-
Posts
187 -
Joined
-
Last visited
Posts posted by Lukeidiot
-
-
Hi,
I tried this and it has helped in a way , and it seems to be unable to carry the 'id' field .
It does exist in the MySQL table and works perfectly well when the form collects the editable data.
The actual SQL statement is below followed by what it echoed out. -
$sql99 = "UPDATE fb_users SET name='$name', surname='$surname', email='$email' WHERE id='$id' LIMIT 1";
The user has been edited'UPDATE fb_users SET name='Nil', surname='Patel', email='xxxxxx@hotmail.com' WHERE id='' LIMIT 1'
Any ideas?
I'm also working on an adminpane/edit user script for my member's system.
http://lockpick.lukeidiot.com/?go=adminpanel
I have had the problem of not getting the values in the right order like:
"UPDATE fb_users SET name='$name', surname='$surname', email='$email' WHERE id='$id' LIMIT 1";
Should be:
"UPDATE fb_users SET surname='$surname', name='$name', email='$email' WHERE id='$id' LIMIT 1";
Give me a hit on aim or msn..
AIM: Lukeidiots
MSN: Lukeidiot@gmail.com
-
-
With just a little research I myself was able to potentially hack your site:
-
Well there you are then, you're missing a quote:
$add = "INSERT INTO `users` VALUES ('', '$username', '$md5pass', '$email', '$ip', '$signup', '$type', $payout')";
Should be:
$add = "INSERT INTO `users` VALUES ('', '$username', '$md5pass', '$email', '$ip', '$signup', '$type', '$payout')";
Thanks, sometimes the small mistakes really get you lol
PS: When I try to login, it says "Successfully logged in" but when i try to goto cpanel, it says "you need to be logged in"?
-
This is what it gave me:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '')' at line 1
Query was:INSERT INTO `users` VALUES ('', 'paytest', '098f6bcd4621d373cade4e832627b4f6', 'test', '76.106.186.10', '05/11/08', 'Customer', 0.00')
Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0
-
No idea. Post your relevant code.
also: http://lockpick.lukeidiot.com/?go=register
and login.php
<?php $_SESSION['username'] = $username; if (empty($online['id'])){ if ($_POST['Login']) { $user = clean($_POST['username']); $pass = clean($_POST['password']); if (!$user | !$pass){ echo 'You left a field empty. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; } else { $pass = md5($pass); $query = "SELECT * FROM `users` WHERE username = '$user' AND password = '$pass'"; $query = mysql_query($query); $values = mysql_fetch_array($query); if (mysql_num_rows($query) == 1){ $expire = time() + (7*86400); setcookie("username", $user, $expire); echo 'Success, you have been logged in!<br />'; echo '<a href="?go=cpanel">Continue to Cpanel</a>.'; } else { echo 'Incorrect username and password. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; } } } else { ?> <form method="post" action="<?=$_SERVER['REQUEST_URI']?>"> Username:<br /> <input name="username" type="text" id="username"> <br /> Password:<br /> <input name="password" type="password" id="password"> <br /> <input name="Login" type="submit" id="Login" value="Login"> </form> <? } } else { echo 'You are already logged in!<br>'; echo '<a href="?go=cpanel">Continue to Cpanel</a>.'; } ?>
-
any idea guys?
http://lockpick.lukeidiot.com/?go=login
Register.php
<?php # include the config file //included in index.php as my navigation naturally includes all pages "?go=page".. if ($_POST['Submit']){ # check to see if the form was submitted # if so... $payout = clean($_POST['type']); //Luke: Adds user's payout.. $type = clean($_POST['type']); # adds user's account type $username = clean($_POST['username']); # post the form fields and clean the strings $password = clean($_POST['password']); $password_con = clean($_POST['password_con']); $email = clean($_POST['email']); $ip = clean($_SERVER['REMOTE_ADDR']); # get the IP of the browsing computer $signup = date('m/d/y'); # get the timestamp of the signup if (!$username | !$password | !$password_con | !$email){ # if any of the strings form the form are empty echo 'You must fill in every field. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; } else { if ($password != $password_con){ # if the passwords do not match echo 'Password fields did not match. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; } else { $username_test = "SELECT * FROM `users` WHERE username = '$username'"; $username_test = mysql_query($username_test); # check if the username is already in use if (mysql_num_rows($username_test) == 1){ # if the username is being used echo 'Username is already being used. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; } else { $md5pass = md5($password); # change the password to an md5 hash $type = 'Customer'; //sets default "type" $payout = '0.00'; //sets default payout when registering. "payout" #default signup is customer. $add = "INSERT INTO `users` VALUES ('', '$username', '$md5pass', '$email', '$ip', '$signup', '$type', $payout')"; # setup a query to insert the data into the table. mysql_query($add); # run the query echo 'Success. You are now registered.<br />'; echo 'Login using the following information:<br />'; echo 'Username: '.$username.'<br />'; echo 'Password: '.$password; } } } } else { # else the form was not submitted ?> <form method="post" action="<?=$_SERVER['REQUEST_URI']?>"> Username:<br /> <input type="text" name="username"> <br /> Password:<br /> <input type="password" name="password"> <br /> Confirm Password:<br /> <input type="password" name="password_con"> <br /> E-mail:<br /> <input type="text" name="email"> <br /> <input type="submit" name="Submit" value="Register"> </form> <? } ?>
-
Well I've made a customer member system and needed a little guided assistance
for my new any up coming small business.
Link to admin panel: http://lockpick.lukeidiot.com/?go=adminpanel
It's mostly a rough draft, meaning not all of it has coding behind it yet. (which is why im requesting a bit of help from you guys.)
If you have any helpful information to post, please please feel free!
-
Okay i've been working on my new site:
http://lockpick.lukeidiot.com/?go=apply
And I have the Job Application pretty much done, except I want it to be a little more secure. Is it possible to limit the number of 'Submits' a user from a certain IP is capible of submitting a Job Application? (example: user1 from ip: 127.0.0.1 sends in a Job Application Form, and is only allowed one submit per day/week/year) Is this possible?
AKA One submit per IP, per time limit?
===================================
Lukeidiots: when one goes to http://lockpick.lukeidiot.com/resume.php I only want them able to submit once, then the submit button will be disabled for a set amount of time aka day/week/yearfriendl: log their IP
friendl: to a list
friendl: and on the process page, compare their ip
friendl: to the list
friendl: and if they're on it, don't let them go on
Is also an idea.
Logging the IP to a MySQL or Writable Text file.
Maybe have 3 Submits, then they cant submit anymore.
=====================================
Basically heres my other help TOPIC:
http://www.vbforums.com/showthread.php?p=3223427#post3223427
Read over it, it will better help you understand my problem
THANKS!
UPDATE Query displaying duplicate data
in PHP Coding Help
Posted
Heres the code im currently in progress with:
Cpanel.php: ( http://lockpick.lukeidiot.com/?go=cpanelpreview )
And it displays this:
Any idea why this is happeing?