[UPDATE Query displaying duplicate data]

Heres the code im currently in progress with:

 

Cpanel.php: ( http://lockpick.lukeidiot.com/?go=cpanelpreview )

<p><strong><strong>
  <?
$_SESSION['username'] = $username;
echo 'Welcome <b>'. $_COOKIE['username'].'</b><br />'; ?>
  <?php
$iplog = $_SERVER['REMOTE_ADDR'];
$sql = mysql_query("SELECT * FROM users");
while($result = mysql_fetch_array($sql)) {
if (!empty($online['id'])){ 
# Check to see if they're logged in 

echo 'Welcome <b>'.stripslashes($online['username']).'</b><br />'; 
# An example of how to display the browsing members name 
} 
else { 
# Else, they are not logged in. 
echo 'You must be logged in to access this page.'; 
?>
  </strong>Profile</strong> | <strong><a href="?go=memberlist">Memberlist</a></strong> | <strong><a href="?go=logout">Logout</a></strong><br>
   <strong><br>
   Account Type: </strong>Admin/Staff/Moderator/Customer 
  <strong><br>
  Job Position:</strong> <?php echo 'Account type: <b>' .$result['type'] . '</b>'; }?><br>
  <strong>Job Status:</strong> Accepted <br>
  <strong>Payout</strong>: $<?php echo '<b>'.$result['payout'] . '</b>'; }?><br>
  <strong>Signup Date:</strong> 
  <?=$signup?>
  <br />
  <strong>IP Logged:  </strong><?php echo '$iplog';?><br>
  <strong>Resume:</strong> http://lockpick.lukeidiot.com/upload/example.doc</p>

 

And it displays this:

User Selected: Lukeidiot

Account type: AdminAccount type: CustomerAccount type: CustomerAccount type: CustomerAccount type: Customer

 

Any idea why this is happeing?

[[SOLVED] Help With User Update Form]

Hi,

 

I tried this and it has helped in a way , and it seems to be unable to carry the 'id' field .

 

It does exist in the MySQL table and works perfectly well when the form collects the editable data.

 

The actual SQL statement is below followed by what it echoed out. -

 

$sql99 = "UPDATE fb_users SET name='$name', surname='$surname', email='$email' WHERE id='$id' LIMIT 1";

 

The user has been edited

'UPDATE fb_users SET name='Nil', surname='Patel', email='xxxxxx@hotmail.com' WHERE id='' LIMIT 1'

 

 

Any ideas?

I'm also working on an adminpane/edit user script for my member's system.

http://lockpick.lukeidiot.com/?go=adminpanel

 

I have had the problem of not getting the values in the right order like:

"UPDATE fb_users SET name='$name', surname='$surname', email='$email' WHERE id='$id' LIMIT 1";

 

Should be:

"UPDATE fb_users SET surname='$surname', name='$name', email='$email' WHERE id='$id' LIMIT 1";

 

Give me a hit on aim or msn..

AIM: Lukeidiots

MSN: Lukeidiot@gmail.com

 

[Says "Successfully Registered" But doesnt add data into mysql?]

Any idea?

[Exploit Please Help]

With just a little research I myself was able to potentially hack your site:

http://www.freemmorpgmaker.com/index.php

[Says "Successfully Registered" But doesnt add data into mysql?]

Well there you are then, you're missing a quote:

$add = "INSERT INTO `users` VALUES ('', '$username', '$md5pass', '$email', '$ip', '$signup', '$type', $payout')";

Should be:

$add = "INSERT INTO `users` VALUES ('', '$username', '$md5pass', '$email', '$ip', '$signup', '$type', '$payout')";

 

Thanks, sometimes the small mistakes really get you lol

PS: When I try to login, it says "Successfully logged in" but when i try to goto cpanel, it says "you need to be logged in"?

[Says "Successfully Registered" But doesnt add data into mysql?]

This is what it gave me:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '')' at line 1

Query was:INSERT INTO `users` VALUES ('', 'paytest', '098f6bcd4621d373cade4e832627b4f6', 'test', '76.106.186.10', '05/11/08', 'Customer', 0.00')

Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0

[Says "Successfully Registered" But doesnt add data into mysql?]

No idea. Post your relevant code.

also: http://lockpick.lukeidiot.com/?go=register

 

and login.php

<?php

$_SESSION['username'] = $username;

if (empty($online['id'])){ 

if ($_POST['Login']) { 

$user = clean($_POST['username']); 

$pass = clean($_POST['password']); 


if (!$user | !$pass){ 

echo 'You left a field empty. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; 
} 
else { 

$pass = md5($pass); 

$query = "SELECT * FROM `users` WHERE username = '$user' AND password = '$pass'"; 
$query = mysql_query($query); 
$values = mysql_fetch_array($query);

if (mysql_num_rows($query) == 1){ 

$expire = time() + (7*86400); 

setcookie("username", $user, $expire);                                             

echo 'Success, you have been logged in!<br />'; 
echo '<a href="?go=cpanel">Continue to Cpanel</a>.';

} 
else { 

echo 'Incorrect username and password. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; 
} 

} 

} 
else { 

?> 
<form method="post" action="<?=$_SERVER['REQUEST_URI']?>"> 
  Username:<br /> 
  <input name="username" type="text" id="username"> 
  <br /> 
  Password:<br /> 
  <input name="password" type="password" id="password"> 
  <br /> 
  <input name="Login" type="submit" id="Login" value="Login"> 
</form> 
<? 
} 

} 
else { 

echo 'You are already logged in!<br>';
echo '<a href="?go=cpanel">Continue to Cpanel</a>.';

}
?> 

[Says "Successfully Registered" But doesnt add data into mysql?]

any idea guys?

 

http://lockpick.lukeidiot.com/?go=login

 

Register.php

<?php  
# include the config file 
//included in index.php as my navigation naturally includes all pages "?go=page"..
if ($_POST['Submit']){ 
# check to see if the form was submitted 
# if so... 
$payout = clean($_POST['type']);
//Luke: Adds user's payout..
$type = clean($_POST['type']);
# adds user's account type 

$username = clean($_POST['username']); 
# post the form fields and clean the strings 

$password = clean($_POST['password']); 

$password_con = clean($_POST['password_con']); 

$email = clean($_POST['email']); 

$ip = clean($_SERVER['REMOTE_ADDR']); 
# get the IP of the browsing computer 

$signup = date('m/d/y');
# get the timestamp of the signup 

if (!$username | !$password | !$password_con | !$email){ 
# if any of the strings form the form are empty 
echo 'You must fill in every field. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; 
} 
else { 

if ($password != $password_con){ 
# if the passwords do not match 
echo 'Password fields did not match. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; 
} 
else { 

$username_test = "SELECT * FROM `users` WHERE username = '$username'"; 
$username_test = mysql_query($username_test); 
# check if the username is already in use 

if (mysql_num_rows($username_test) == 1){ 
# if the username is being used 
echo 'Username is already being used. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; 
} 
else { 

$md5pass = md5($password); 
# change the password to an md5 hash 

$type = 'Customer'; //sets default "type"
$payout = '0.00'; //sets default payout when registering. "payout"
#default signup is customer.
$add = "INSERT INTO `users` VALUES ('', '$username', '$md5pass', '$email', '$ip', '$signup', '$type', $payout')";
# setup a query to insert the data into the table. 

mysql_query($add); 
# run the query 

echo 'Success. You are now registered.<br />'; 
echo 'Login using the following information:<br />'; 
echo 'Username: '.$username.'<br />'; 
echo 'Password: '.$password; 

} 

} 

} 

} 
else { 
# else the form was not submitted 
?> 
<form method="post" action="<?=$_SERVER['REQUEST_URI']?>"> 
  Username:<br /> 
  <input type="text" name="username"> 
  <br /> 
  Password:<br /> 
  <input type="password" name="password"> 
  <br /> 
  Confirm Password:<br /> 
  <input type="password" name="password_con"> 
  <br /> 
  E-mail:<br /> 
  <input type="text" name="email"> 
  <br /> 
  <input type="submit" name="Submit" value="Register"> 
</form> 
<? 
} 
?> 

[Custom Admin Panel - Modifing info from DB's Editing/Deleteing and such]

Well I've made a customer member system and needed a little guided assistance

for my new any up coming small business.

 

Link to admin panel: http://lockpick.lukeidiot.com/?go=adminpanel

 

It's mostly a rough draft, meaning not all of it has coding behind it yet. (which is why im requesting a bit of help from you guys.)

 

If you have any helpful information to post, please please feel free!

[Adding IP to MySQL DB - And Denying IP's - HELP! :P]

Okay i've been working on my new site:

http://lockpick.lukeidiot.com/?go=apply

 

And I have the Job Application pretty much done, except I want it to be a little more secure. Is it possible to limit the number of 'Submits' a user from a certain IP is capible of submitting a Job Application? (example: user1 from ip: 127.0.0.1 sends in a Job Application Form, and is only allowed one submit per day/week/year) Is this possible?

 

AKA One submit per IP, per time limit?

===================================

Lukeidiots: when one goes to  http://lockpick.lukeidiot.com/resume.php I only want them able to submit once, then the submit button will be disabled for a set amount of time aka day/week/year

friendl: log their IP

friendl: to a list

friendl: and on the process page, compare their ip

friendl: to  the list

friendl: and if they're on it, don't let them go on

 

Is also an idea.

Logging the IP to a MySQL or Writable Text file.

Maybe have 3 Submits, then they cant submit anymore.

=====================================

Basically heres my other help TOPIC:

http://www.vbforums.com/showthread.php?p=3223427#post3223427

 

Read over it, it will better help you understand my problem

 

THANKS!