Jump to content

Andy-H

Members
 View Profile  See their activity

  • Posts

    2,000

  • Joined

  • Last visited

  • Days Won

    1

 Content Type 

Everything posted by Andy-H

  1. Andy-H
    No probs
  2. Andy-H
    if (!ctype_digit($var)){ echo "Integers only please..."; }else{ http://us3.php.net/manual/en/function.ctype-digit.php
  3. Andy-H
    Login Looks like you reached a page that requires a login, enter your email and password on the right hand side to log in. If you don't have an account with us, click on "Create Account" under the login button. The account creation period only takes a few minutes, just answer a few simple questions, confirm your email, and sign in. Within minutes you can have a page with us, and start creating your pages for users to come to. Make some friends, watch some movies, and look at some pictures. Creating, operating, and maintaining your account is free of charge (unless you hire someone to do it for you). If you hire someone for this job we are in no way responsible for any losses you may take (password/data/media/etc.). Warning: include(incl/boxes/login.php) [function.include]: failed to open stream: No such file or directory in /home/.marble/ryannaddy/dudeel.com/login.php on line 33 Warning: include() [function.include]: Failed opening 'incl/boxes/login.php' for inclusion (include_path='.:/usr/local/php5/lib/php:/usr/local/lib/php') in /home/.marble/ryannaddy/dudeel.com/login.php on line 33 Duno if you knew??? Entered username: ' Password: '
  4. Andy-H
    Usually it can be done by anyone with special ops in a channel. /bs say #channelName Hi, my name is buster...
  5. Andy-H
    if(empty($titre)) { print("<center>Le '<b>Titre</b>' est vide !</center>"); exit(); } Where is the variable "$titre" coming from?? Also you could do with looking into security a little...
  6. Andy-H
    Yup, thats the one lol Also I heard that regex is like 40 times slower than if (!ctype_alnum($_POST['username'])){
  7. Andy-H
    $num2 = mysql_numrows($result2); if ($num2 != 0){ while(list($id, $title) = mysql_fetch_row($result2)) { echo '<a href="reviews.php?rtyp=music&id='.$id.'">'.$title.'</a><br />'; } } else { echo '<br /><br /><br />'; } $num3 = mysql_numrows($result3); if ($num3 != 0){ mysql_data_seek ($result3, 0) or NULL; // rewind to row 0 echo '<br /> <br /> <strong class="red">Articles</strong><br />'; while(list($id, $title) = mysql_fetch_row($result3)) { echo '<a href="articles.php?rtyp=music&id='.$id.'">'.$title.'</a><br />'; } } else { echo '<br /><br /><br />'; ??????
  8. Andy-H
    To kick off the "php biased opinion here", sounds like a job for PHP. lol AJAX would be kool too xD
  9. Andy-H
    I think that he means... <input type="text" name="street" value="<?php echo $street; ?>" onBlur="validate()" />
  10. Andy-H
    use stripslashes(htmlentities($data, ENT_QUOTES)); It needs a little more formatting but I never got that far...
  11. Andy-H
    It doesn't seem to connect to a database... It's also poorly coded in caps for some strange reason and variables are un-protected. I know it's an admin script but even so.... Also it has no userlevel protection, I could make a form on my hosting and post data to it. <?php IF( ISSET($_POST['Submit']) ){ $NAME=$_POST['name']; $COMPANY=$_POST['COMPNAME']; $SEQUENCE=$_POST['sequence']; $PAGE_INFO=$_POST['INFO']; $pageID=$_GET['pageID']; IF( EMPTY($NAME) ){ $MESSAGE=("PAGE NAME WAS LEFT BLANK PLEASE FILL IT IN BEFORE MOVING ON"); } ELSE IF( EMPTY($COMPANY) ){ $MESSAGE=("COMPANY NAME FOR PAGE WAS LEFT BLANK PLEASE FILL IT IN BEFORE MOVING ON"); } ELSE IF( EMPTY($SEQUENCE) ){ $MESSAGE=("SEQUENCE FOR PAGE WAS LEFT BLANK PLEASE FILL IT IN BEFORE MOVING ON"); } ELSE IF( EMPTY($PAGE_INFO) ){ $MESSAGE=("PAGE INFO WAS LEFT BLANK PLEASE FILL IT IN BEFORE MOVING ON"); }ELSE{ $SQL="UPDATE `page` SET `Name` ='$NAME', `Company` ='$COMPANY', `Sequence` ='$SEQUENCE', `pageInfo` ='$PAGE_INFO' WHERE `pageID` ='{$pageID}'"; $Result=mysql_query($SQL); IF( $Result ){ header("Location: ../admin.php?page=edit&strErr=Page Edited"); } ELSE{ header("LOCATION: admin.php?strErr=".mysql_error().""); } } } ?>
  12. Andy-H
    Take the closing php tag from includes/header.php let me know if it works (I read about it on php.net but it was a little confusing lol)
  13. Andy-H
    Doesn't that only check their browser?...
  14. Andy-H
    Jus add to your functions script $now = time() + 300; $query = "UPDATE users SET activity='$now' WHERE username = '$username' LIMIT 1"; mysql_query($query); And for login $time = time(); $query = "SELECT activity FROM users WHERE username='$user' AND password='$pass' LIMIT 1"; $result = mysql_query($query); $num = mysql_numrows($result); if ($num != 0){ $row = mysql_fetch_row($result); $activity = $row[0]; if ($activity > $time){ echo "You have already been active within the past 5 minutes, please try again in a few minutes."; }else{ $_SESSION['username'] = $user; Header("Location: blah.blah"); }}
  15. Andy-H
    Is there a JavaScript function (like the PHP !ctype_alnum()) to test if a string is alphanumeric. Also how do I test for a valid email address. Thanks for any help.
  16. Andy-H
    <?php if ( !empty($_SESSION['username']) ){ Header("Location: blah.php"); } $query = "SELECT user FROM members WHERE user = '$user' and pass = '$pass' LIMIT 1"; $result = mysql_query($query)or die(mysql_error()); $num = mysql_numrows($result); if ($num == 0){ echo "Incorrect username/password combination"; }else{ $row = mysql_fetch_row($result); $username = $row[0]; $_SESSION['username'] = $username; Header("Location: blah.php"); } ?> Like that...
  17. Andy-H
    Also you should fetch the data from the database and start a session with the fetched data rather than starting the session with the user input.
  18. Andy-H
    if ( strtolower($variable1) != strtolower($variable2) ){ echo "Error message."; }else{ blah; }
  19. Andy-H
    This is how mine worked when I used it... <?php require("db.php"); $loginValidation = mysql_real_escape_string($_GET["loginname"]); $loginNameValidation = md5($loginValidation); if ( !empty($loginValidation) ){ $q_s = "SELECT id FROM accounts WHERE loginname = '$loginNameValidation' LIMIT 1"; $q_r = mysql_query($q_s)or die(sqlErr(__LINE__,__FILE__,mysql_error())); $n_r = mysql_numrows($q_r); if ( !ctype_alnum($loginValidation) ){ echo '<font color="red"><strong>Invalid - (alpha-numeric characters only)</strong></font>'; }elseif ( strlen($loginValidation) < 3 || strlen($loginValidation) > 20 ){ echo '<font color="red"><strong>Invalid - (character limit of 3-20)</strong></font>'; }elseif ($n_r == 1){ echo '<font color="red"><strong>Invalid - (Login-name in use)</strong></font>'; }else{ echo '<font color="green"><strong>Valid login-name</strong></font>'; } } ?> <tr> <td align="center" width="200">Login-name:</td> <td align="center" width="200"> <input type="text" name="loginname" id="loginname" size="25" maxlength="20" class='input' onKeyUp="javascript: AjaxRequest('Login-name','AJAX/registerchk.php?loginname=','this.value')" /></td> <td align="center" width="200" valign="top"> <span id="Login-name">Loading...</span> </td> </tr>
  20. Andy-H
    Whats the new code you got so far?
  21. Andy-H
    Could you use if ( (count($completed) > 0) ) { $completed = implode(', ', $completed); } else { $completed = 'None'; }
  22. Andy-H
    $to = $_POST['to']); $text = $_POST['text']); I duno what the problem is but I just noticed that in your code...
  23. Andy-H
    $completed = array(); Shouldn't that be declared outside of the foreach statement?
  24. Andy-H
    <?php $number_field = $_POST['number_field']; $number_field = intval($number_field); ?>
  25. Andy-H
    db.php <?php /* BLOCK COMMENT(multi-line) replace `sql_user` with your mysql database user,`sql_pass` with your mysql password and `sql_database` with the name of your mysql database. */ $mysql_user = "sql_usr"; $mysql_password = "sql_pass"; $mysql_database = "sql_db"; ///// SINGLE LINE COMMENT --> create a connection or give an error reading if not possible. $link = mysql_connect("localhost",$mysql_user,$mysql_password) or die ("Unable to connect to MySQL server." . mysql_error); ///// Select your mysql database or give an error reading if not possible. $db = mysql_select_db($mysql_database) or die ("Unable to select requested database." . mysql_error); ?> login.php <?php ///// start a session to store $_SESSION variables which can be passed to any script with session_start() in it. session_start(); ///// require the db.php file to secure a connection to the mysql database. require("db.php"); ///// Store the postdata from the form into php variables. $name = $_POST['username']; $pass = $_POST['password']; ///// Secure the username variable $name from sql injection and encrypt the data stored in the $pass variable ///// it now doesn't need to be escaped from sql injection as md5() encrypts it to alpha-numeric characters. $name = mysql_real_escape_string($name); ///// for more info on this function visit >>> http://uk2.php.net/mysql_real_escape_string $pass = md5($pass); ///// for more info on this function visit >>> http://uk2.php.net/md5 ///// If submit button is clicked. if (htmlspecialchars($_POST['submit']){ ///// check if the variables have any data posted and stored in them... if ( empty($name) && empty($pass) ){ ///// for more info on this function visit >>> http://uk2.php.net/empty ///// If the variables are empty echo an error reading. echo "Please fill in all fields with the required information."; ///// echo the string in the "quotationmarks" ///// If the variables are not(!) empty. }else{ ///// Selects the given fields from the table of the database where the username is equal to the name given ///// in the pist data. $query = "SELECT username , password FROM users WHERE username='$name' LIMIT 1"; ///// querys the database or gives a mysql error if this isn't possible. $result = mysql_query($query)or die(mysql_error()); /* for more info on these function's visit >>> http://uk2.php.net/mysql_query >>> http://uk2.php.net/mysql_error */ ///// Returns the number or rows returned by a database query. $num = mysql_numrows($result); ///// >>> http://uk2.php.net/mysql_numrows if ($num == 0){ ///// If the number of rows returned by the query is equal to (==) zero(0) ///// Echo an error reading echo "The username " . stripslashes(htmlentities($name, "ENT_QUOTES")) . " is not logged in our database."; /* >>> http://uk2.php.net/stripslashes Does what it says on the tin..... >>> http://uk2.php.net/htmlentities Basically is a secure way of displaying user input (never trust your users) */ }else{ ///// If returned rows are greater that (>) zero(0). $row = mysql_fetch_row($result); /* Retrieve the data from the quiried row in the database. >>> http://uk2.php.net/mysql_fetch_row */ $realName = $row[0]; ///// This is to start a session with correctly capitalised data. (get the username). $realPass = $row[1]; /////Get the correct password (stored data should already be encrypted with md5() from registration). if ($pass != $realPass){ ///// If given password is incorrect echo error reading. echo "The password you have given is incorrect."; }else{ ///// If password is correct and matched with the password in the database. ///// Begin a session `username` with the correctly capitalised username from the database. $_SESSION['username'] = $realName; ///// Direct the user to the members area of your site. Header("Location: membersArea.php"); }}}} ?> ///// The form for your login page. <p align="center"> <form action="" method="post"> Username: <input type="text" name="username" value="Username" onFocus="this.value='';" /><br /> Password: <input type="password" name="password" value="password" onFocus="this.value='';" /><br /> <input type="submit" name="submit" value="Login" /> </form> </p> logout.php <?php session_start(); ///// >>> http://uk2.php.net/session_start session_destroy(); ///// >>> http://uk2.php.net/session_destroy Header("Location: index.php"); ///// >>> http://uk2.php.net/header ?>
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.