Jump to content

brentech

Members
  • Posts

    12
  • Joined

  • Last visited

    Never

Everything posted by brentech

  1. Is the item # coming from a form element such as a <select> box? Just not sure what method you're using to send that data to the next page. Getting the info into a field on the next page is pretty simple though. as easy as having the form on next page do something like : <input type="hidden" name="itemnumber" value="<?php echo "$item_num"; ?>" /> Would just need to see what you're working with or get a better description of where that info is coming from to flesh it out. It is a pretty simple process though. Just look at some tutorials of php forms.
  2. if (isset($_SESSION['logged'])) { display page } else { do nothing } ---- edit: what he said! ^
  3. Was definitely making things way too complicated. Edited my query to randomize the order and limit the result to 1 row...so it just returns the one name as need. Thought I'd share my solution. $fq = "SELECT name FROM firstnames WHERE nat = '$nat' ORDER BY RAND() LIMIT 1"; $result = mysql_query($fq, $conn); $name = mysql_fetch_row($result); $name[0] becomes the value I needed.
  4. That's because when you're using ISSET, you're storing the value 1 (as in, it is set), not the variable itself. You need remove the ISSET function. The whole code would be: <html> <head> <title></title> </head> <body> <form method ="post" action=""> <table border = 1 > <tr> <td> First Name: <input name="firstname" type="text" value="<?php echo $_POST['firstname']; ?>" /></td> </td> </tr> <tr> <td> Last Name: <input name="lastname" type="text" value="<?php echo $_POST['lastname']; ?>" /></td> </td> </tr> <tr> <td><input name="submit" type="submit" value="Enter the information"> </tr> </td> Isset() just returns 1(True) 0(false). So that's what you were storing in your field values. If your goal with the ISSET function is to ensure the form was used, you actually want to check that the submit button "is set". You would use <?php If (isset($_POST['submit'])) { // the actions taken on the information from the form } ?>
  5. Just missing the echo statements really. Also need the php tags in each area as I edited.
  6. /* Get Names */ If (rand('1', '10') < { $nat = $u_a["tloc"]; } else { $foreign = array(1 => 'Brazil', 'Canada', 'Japan', 'Mexico', 'Russia', 'Thailand', 'U.S.A.'); $nat = $foreign[rand('1', '7')]; } $fq = "SELECT name FROM firstnames WHERE nat = '$nat'"; $result = mysql_query($fq, $conn); So the last 2 lines are what we're looking at here. I'm doing a query which returns all the first names in my table that holds ID|NAME|NAT (nationality). The code above is deciding which nationality the name should be coming from...based on an % chance that generated person doesn't come from the same country as the team. (kinda meaningless to my real question, but background always helps) My problem is with randomizing the selection of names. I can't seem come across a great way go about what I need done - and I feel like it should be simple. So I'm wanting to select all the names which would be set to the particular nationality: $fq = "SELECT name FROM firstnames WHERE nat = '$nat'"; I couldn't find a MySQL function that could randomize from my select criteria, so I began thinking that it would be easier to do this by storing all the names of that nationality into an array and picking a random element of the array - which would be the name.....then, I ran into the problem of not being able to find a PHP function that would store more than a single row's values into an array. I feel like I'm completely overlooking a function, or just WAY over-thinking the solution to my problem. A friend at work suggested creating MySQL table views, but I'm not real familiar with those, or if that would be the best answer. Anyone have any tips or suggestions on functions/methods? Thanks, -Brent
  7. Ohhh, that makes sense. I'll have to play around with that idea. Appreciate the discussion.
  8. I guess I should of been clearer in stating that I am already using MD5 on my passwords. The code I provided was ONLY for re-authenticating a user that has already logged in. Although I didn't realize 'salting' was as easy as stated. My login script does in fact use mysql_real_escape _string when the user submits the login form. $user = mysql_real_escape_string($_POST['user']); $pass = mysql_real_escape_string($_POST['pass']); $pass = md5($pass); Then, after quering to ensure a legit user, the cookie I created would be set with that info setcookie("site","$user:$pass", time()+3600); Would look like myid:2c3ae6a9099114fef22d337bf5a6983f1 I guess the most general portion of my question has probably been answered. It would seem cookies aren't to be used for passwords regardless of encryption methods. So then my question becomes - Is the concept of holding the username and password in a session variable how people are re-authenticated in practice? I'm sure I could make it work, but is that really how it's done?
  9. That would be why I'm asking... maybe elaborate on why it's bad practice, or "you shouldn't need to..." what. That kind of comment goes no where.
  10. Yeah, the password stored in database is MD5 encrypted, as is the cookie's password content. I'm more interested if my auth logic has some large loophole that I'm too green to see?
  11. I recently began dabbling with PHP. I've had a few tries with it, but I never got into scripting/programming much before. I decided to give it another shot and just have a few questions about my methods. The following script does work correctly with my login register/login scripts, but I just want to know if I am way off base for a sturdy authentication system or if it really needs a lot more to it. <?php include("dbconn.php"); function failedAuth($username, $password) { global $conn; $q = "SELECT uname, pword FROM accounts WHERE uname = '$username' AND pword = '$password'"; $result = mysql_query($q, $conn); return (mysql_num_rows($result) != 1 ); } if (!isset($_COOKIE['site'])) { // If cookie doesn't exist, non-user content used echo 'Default info retrieved from DB<br />Page loads with no special content.'; } else { $logged_in = explode(":", $_COOKIE['site']); // Exploding cookie! Pull the username and password out of cookie // Checked stored cookie's creditials against database if (failedAuth($logged_in[0], $logged_in[1])) { echo 'Default info retrieved from DB<br />Page loads with no special content.'; } else { setcookie("site", "$user:$pass", time()+3600); // extend cookie 1hr. echo 'Pull user row from DB and use data for the page'; } } ?> Most articles I could find on the subject seem 4+ years old, but are cookies still valid or should I only be using sessions for this kind of thing? And while the script runs and does exactly what I think it should, is there something I've done that doesn't seem to make sense for the concept of authenticating a user? Appreciate any guidance.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.