Eggzorcist

I added a checkpoint echo to see if the function was actually being used, and it seems like the function being called isn't making the function work. Am I doing something wrong? also changed a few things. But doesnt seem to make the function work or even being used either... <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>One Project Organizer </title> <link rel="stylesheet" type="text/css" href="onestylesheet.css"/> </head> <?php include('functions.php'); ?> <?php if(isset($_POST['login'])){ login_user($_POST['username'], $_POST['password']);}?> <body> <div id="onewrap"> <div id="oneheader"> <div class="oneheadertext">One Project Organizer</div> </div> <div id="onesubheader">Log-in</div> <div class="oneerror"><?php echo $errormessage; ?></div> <div class="onecontent"><form id="form1" name="form1" method="post" action=""> <label>Username: <input type="text" name="username" id="username" /> </label> Password: <label> <input type="password" name="password" id="password" /> </label> <input name="Login" type='button' id="login" value="Login"/> </form> </div> </div> </body> </html> thanks

The method I used to use was the isset($_POST['submit']), I know this is a possibility but it gets more messy with php in the design files, is there very clean way of doing it, because obviously the way I did it above isn't working.

I still don't get any response. I believe I'm using the onclick in a bad manner is it possible?

I've been trying to create an application which has hardly any php within the design files and a large core function files. I'm trying to create a login however it seems like it isn't working... I think my problem is in the design php file, though I will also attach my function that I've created. login_user function function login_user($username, $password){ $username1 = secure_var($username); $password1 = md5(secure_var($password)); if ($username != NULL and $password != NULL){ $login_query = mysql_query("SELECT * FROM user_info WHERE username = {$username1} AND password = {$password1}"); $login_status = mysql_num_rows($login_query); if($login_status == 1){ echo "good"; set_login_sessions($username, $password); } } else { echo "Please enter a Username and Password"; } That includes a config.php file also... design file <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>One Project Organizer </title> <link rel="stylesheet" type="text/css" href="onestylesheet.css"/> </head> <? require('functions.php'); ?> <body> <div id="onewrap"> <div id="oneheader"> <div class="oneheadertext">One Project Organizer</div> </div> <div id="onesubheader">Log-in</div> <div class="oneerror"></div> <div class="onecontent"><form id="form1" name="form1" method="post" action=""> <label>Username: <input type="text" name="username" id="username" /> </label> Password: <label> <input type="password" name="password" id="password" /> </label> <input type='button' onclick="<?php login_user($_POST['username'], $_POST['password']); ?>" value="Login"/> </form> </div> </div> </body> </html> Thanks for any help!

Also there is no real need for the else statement as it does nothing, that's what the if statement is for. if file does not exist it will just pass it without executing anything so by doing else { echo ""; } no real purpose to it...

Yes I have, their captcha is indeed fairly difficult You're never sure if your password as wrong or the catcha...

It's commonly used with database. Say you have multiple pages of information, all somewhat the same format. for example a member profile page. blabla.php?user=fred then you can make a sql query using $_GET['user'] (which would = fred) and get all the information on fred providing how you set the variables on the page. Although beware, as any user can manipulate the URL, there are security issues which should be looked up and taken care of in order to well secure your url and sql queries...

Should we track as Sessions, Cookies or sql queries? Ultimately I'm certain a $_SERVER for IP via sql but this would take up more resources no?

Yes, I can relate to that. I will be creating a cookie which will make it unable to it so you try to login more than 5 times. But would that stop a brute force attack? I'm not sure if the brute-force software can get cookies or sessions placed upon.

Well, the software I'm making doesn't have any registration page only a login. And that similar to what a brute force attack is. Where million of tries and attempts to crack your username and password combination...

In my script I made a quick function which secures the inputed variable like this. function secure_var($var){ $var = mysql_real_escape_string(htmlentities($var)); } I have a quick question of something I'm unsure of. To use a variable like this one. Should I be doing... <?php $var = secure_var($var) // or would this just work? secure_var($var) ?> I will be retrieving the variable like "$var" I think the first option is best but I'm unsure of the right way of doing this. Thanks

Then I would start by creating a sql database with all the variables you will be using. To store Users (with and/or without admin status), then creating a safe login and registration script. After you would have to create your way of creating a way in order to organize all your freebie stuff with a pagination system. That'd be the way to do it...

Well it all depends on how do you wish to do to update your site. Do you want a admin login where you just have to upload things and it will just add it to the database? Or do you wish to just upload them in a html fashion. What features do you wish to add? People registering to your site and having the ability to add some things themselves? It would help to give us a bit more information about you wish to do.

Hello, I'm creating a web application and I'm currently in the process of designing my login page, but I was wondering if I should put a captcha system on the login page. I have one for registration, though I was wondering is it really needed for login. Would a captcha help stop any kind of brute force attack? Thanks

The expression "=>" that's normally used in some-kind of if statement. and it means for example $variable1 => $variable2 which means varriable2 is either equal or less than variable1. The expression "->" looks like object oriented programming to me but I could be wrong. I don't use OOP normally. But in OOP it goes after a variable for example " $variable->status" But I could be wrong but I'm certain about the first one.

I second that. What are you trying to explain or talk about in your thesis?

Yea I just relized. I had fixed that on one of the copy of this but not on the other. Thanks onclick="showUser(document.getElementById('id').value)" works

I've added that however, the command still gets passed to the else command. I know this isn't the problem but here is how the information is showing. <form> Package ID:<input name="id" id='id' type="text" size="10" maxlength="10" /> <br /> <input type='button' onclick='showUser(this.value)' value="Track"/> </form>

I'm sorry it's very basic it's just its for a school project and I can't seem to get it to work. here my code function showUser(str) { if (str==5){ string = "Name: Harold<br>Location: Montreal, Canada" document.getElementById('txtHint').innerHTML = string; } else { alert("Wrong ID, Please try again"); } } I can't seem to find the issue. Thanks

is there another way of doing this? As it is interfeering with my ajax script?

Hi, What I am trying to do is change the this.value to the value of "f" of the text box above rathger than the value of the button. How what would the code be? Thanks <form> Package ID:<input name="id" type="text" id='id' value="f" size="10" maxlength="10" /> <br /> <input type='button' onclick='showUser(this.value)' value="Track"/> </form><br />

ah here is there error: <form> Package ID:<input name="id" type="text" id='id' value="f" size="10" maxlength="10" /> <br /> <input type='button' onclick='showUser(this.value)' value="Track"/> </form><br /> What is being tracker is the wrong value. I want it to pickup the value to value="f" but what it is picking up now is value="track" which is the button value, what is the command to change it to the text box?

I did alert(url) and it seem slike its not passing to the get becuase it's not alerting whatsoever... However, it is getting data from "trackeractions.php"; its a little strange

Does anyone have an alternate script which does the same thing?

I would like to also add that, if I go to the php page on its own and add /trackeractions.php?id=55583 a correct id to the URL it works.