I-AM-OBODO

Thanks all. I'm in transit. will try them out. I think the problem should be the path. and my password will change to sha1 or maybe after md5 then I sha1 again or what do u think? my admin uses a different login totally from the users.

Hi all. I'm really having an awful time. Pls what could be the problem with this cos i can login into my local server but cant login when i go live. thanks <?php if(isset($_POST['login'])){ $username=$_POST['username']; $password=$_POST['password']; $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $pass = md5($password); $stmt = $pdo->prepare("SELECT * FROM confirm WHERE username=:username AND password=:password"); $stmt->execute(array( ':username' =>$username, ':password' => $pass )); if ($stmt->rowCount() ==1){ $_SESSION['username'] = $username; $_SESSION['password'] = $password; header("location: ./account/"); exit(); } else { echo 'Invalid Username or Password'; } } ?>

how do I go about implementing it using pdo. guess will need a crash course on pdo

I know something is wrong but dunno how to fix it. My intention is to lock user based on ip after 3 unsuccessful attempts. Its incrementing the login count but after 3 attempts, I just can't figure out how to lock the user and reset the value after some time. I'd like a pointer towards the right/best thing to do should my code not be worthy. Thanks and heres my code: <?php $user_ip = $_SERVER['REMOTE_ADDR']; $table_name = "loginattempts"; $query = "SELECT attempts FROM $table_name WHERE user_ip = '$user_ip'"; $result = mysql_query($query) or die("Invalid Login"); while($row = mysql_fetch_array($result)){ $count = $row['attempts']; } if($count == 3){ echo("Your login attempt is completed"); }else{ $insert = "INSERT INTO $table_name WHERE user_ip = '$user_ip'"; $result = mysql_query($insert); $update = "UPDATE $table_name SET attempts = attempts + 1 WHERE user_ip = '$user_ip'"; $result = mysql_query($update); } $update = "UPDATE $table_name SET attempts = 0 WHERE lastlogin - NOW() = '60000'"; $result = mysql_query($update); ?>

Thanks all. Sometimes clients just want to have it there way even when you try to discourage them of bad practices. Thanks very much. will keep your advise in mind.

Thanks and yes I do.

The reason to move to another table is for easy reference. so that I'll create a link that will contain only transaction to come up in 10 days time. that's what the client wants. thanks

Hi all. I have an issue and don't know how to go about it. I have a table that contains user orders. I want to move only orders that will be due in 10 days time to another table. How can I achieve that? thanks

Hi. how can I control a progress meter/bar to display errors when it failed to reach 100% or on getting to a point? thanks

when I try accessing my site, it just wont see it. I guess the .htaccess cant locate the .htpasswd. I also believe my directory structure is the problem but how do I fix it.

its not working

Hi all. I dont knw why I still can't get it right after many tries. The .htaccess just can't locate the .bypassed file. On my domain I created a folder called hidden in my web root and this is my authfile path: /www/hidden/.htpasswd but still no show. pls what am I missing here. I even tried it on localhost: /www/my_folder/hidden/.htpasswd same no show. help pls. thanks

Hi. firstly, I dunno if I should post here or in php, but my issue seems to Br intertwined. I have a jQuery newsletter form and I want to add PHP validation in it. My problem is I want a jQuery pop to show if the subscription is unsuccessful. meanwhile I have a modal window I'd like to use it with, but the problem is how to call the script as all . thanks

I do not have control over my live server (host) but from my localhost, all is working fine!

the problem is that when the username and password is entered, it suppose to redirect to an index but it is not redirecting, but again i could access other pages inside the target folder (which means the session have been set. because it displays the welcome username)

I do not think the problem is as a result of short tags cos i just tried it with aykay47 method (action="") and still the same behavior. What on earth could be wrong!!!!

thanks and noted

doesnt work means i could not redirect to my intended page. and how do i check if my live server doesn't have short tags enable and can i enable(nope i guess) what beats me is that it works on my wamp and i could reach other pages in my target directory

i decided to try and create a different file for the login page instead using both code and form in same page and it worked! why wont <?=$_SERVER['PHP_SELF']?> work in my live server?

no error, just wont redirect to intended location. works fine on my wamp

thanks. tried it but still same problem though

Its not redirecting to the intended location

Hi all, I am going bald on this one. I wonder what could be wrong. I could login to my local server but cant login in a live server! thanks all <?php if(isset($_POST['login'])){ $tbl_name="reg_users"; // Define $myusername and $mypassword $username=$_POST['username']; $password=$_POST['password']; // To protect MySQL injection $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); if($username == ''){ echo "<font color='red' size='-2'><b>Pls Enter User ID</b></font>"; } if($password == ''){ echo "<font color='red' size='-2'><b>Pls Enter Password</b></font>"; }else{ $crypt_pass = md5($password); //check for existance of username and password $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$crypt_pass'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register username and password and redirect to login page" $_SESSION['username'] = $username; $_SESSION['password'] = $password; header("location: ../folder/filename.php"); exit(); } else { //if no match found, echo out error message echo "<font color='red' size='2'><b>Invalid User ID or Password</b></font><br>"; } } } ob_end_flush(); ?>

@jessica yes I verified and its changing. @christian, I've read Davids post over & over. my login function is same with the reset. I even had to register new users just to verify and they all can login but after reset, the generated password won't login. above is my login and reset script. thanks

@aykay, but what I did with crypt was I changed the md5 to crypt. that is: $crypt_pass = crypt($password);