mbrown

Thanks Void. I just saw that! Mike

i am getting an error about can not sessions. i have not echoed anything out. my test is with correct data. so the user trying to log in is a user in the user db Errors: Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\webserver\xampp\htdocs\mits\index.php:11) in C:\webserver\xampp\htdocs\mits\includes\functions.php on line 120 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\webserver\xampp\htdocs\mits\index.php:11) in C:\webserver\xampp\htdocs\mits\includes\functions.php on line 120 Warning: Cannot modify header information - headers already sent by (output started at C:\webserver\xampp\htdocs\mits\index.php:11) in C:\webserver\xampp\htdocs\mits\includes\functions.php on line 128 index.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>MITS Login</title> <link type="text/css" rel="stylesheet" href="./css/login.css" /> </head> <body> <?php /* Copyright (c) 2009 Michael Brown. All rights reserved */ /* Mike Brown's Asset Tracking System Copyright (C) 2009 Michael Brown This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>*/ require_once("./includes/functions.php"); ?> <div class="loginForm"> <div style="text-align: right;"> <?php visitorIP() ?> </div> <?php if (!($_POST['submit'])) { //Debug Code //echo "Request Method: " . $_SERVER['REQUEST_METHOD']; loginForm(); } else { $username=$_POST['user']; $password=$_POST['password']; validateLogin($username, $password); } loadTime(); ?> </div> </body> </html> functions.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <?php /* Copyright (c) 2009 Michael Brown. All rights reserved */ /* Mike Brown's Asset Tracking System Copyright (C) 2009 Michael Brown This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>*/ function loadTime() { // Insert this block of code at the very top of your page: $time = microtime();$time = explode(" ", $time); $time = $time[1] + $time[0];$start = $time; // Place this part at the very end of your page$time = microtime(); $time = explode(" ", $time);$time = $time[1] + $time[0]; $finish = $time;$totaltime = ($finish - $start); printf ("<div style='text-align: right;'>Page genearted in: %f seconds.</div>", $totaltime); } function emailverify($email) { if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) { echo "Valid email address."; } else { echo "Invalid email address."; } } function visitorIP() { $ip = getenv('REMOTE_ADDR'); echo "IP Address: $ip"; } function validateLogin ($username, $password) { global $errorMessage; if ($username == "") { $errorMessage = "Please enter your username.<br />"; } if ($password == "") { $errorMessage .= "Please enter a password.<br />"; } if (strlen($password)< 5) { //Debug: echo "Password $password <br />"; //Debug: echo "Length: " . strlen($password) . "<br />"; $errorMessage .= "Your password is too short"; } if ($errorMessage == "") { //connect to the database dbconnect(); //convert to sha1 hash $pwverify = sha1($password); //query string $query = "SELECT * FROM users WHERE username = '$username' AND password='$pwverify'"; //result $userResult = mysql_query($query) or die (mysql_error()); //number of rows $numrows = mysql_num_rows($userResult); //Debug Information //echo "Username: " . $username . "<br />"; //echo "Pw Verify: " . $pwverify . "<br />"; //echo "Num Rows: " . $numrows . "<br />"; if ($numrows == "1") { //getting the ip address of the user $ipaddress = $_SERVER['REMOTE_ADDR']; //getting current date and time $date = date("F j, Y, g:i a"); //connecting to the database include ("connect.php"); //Updating the user table with the most recent ip address and time user logged in with $SQL = "UPDATE users SET "; $SQL .= "ipAddress = '$ipaddress', "; $SQL .= "date = '$date' "; $SQL .= "WHERE username = '$username'"; //running the sql query $result = mysql_query($SQL, $db) or die (mysql_error($db)); //starting the session session_start(); //setting the variable loggIn to true $_SESSION['loggedIn'] = TRUE; //setting the username variable to the username that user used to logged in $_SESSION['username'] = $username; //sending the user to the administrative homepage header("Location: ../administration/index.php"); exit(); } else { echo "Invalid User"; } } else { echo $errorMessage; } } function loginForm() { ?> <form action='index.php' method='post'> Username: <input type='text' id='user' name='user' /><br /> Password: <input type='password' id='password' name='password' /><br /> <input type='submit' name='submit' value='Submit' /> <input type='reset' name='reset' /> </form> <?php } function greeting($username) { global $greeting; $theDate = date("H"); if($theDate < 12) { $greeting = "Good morning, " . $username; } else if($theDate < 18) { $greeting = "Good afternoon, " . $username; } else { $greeting = "Good evening, " . $username; } echo $greeting; } function dbconnect() { $host="localhost"; $dbuser="mits"; $dbpw="Fu59e123#"; $database="mits"; global $db; $db = mysql_connect($host,$dbuser, $dbpw) or die("Unable to connect to MySQL"); //mysql_select_db( $database ,$db) or die("Could not select database"); mysql_select_db($database, $db) or die ($database . " Database not found." . $dbuser); //echo "<br />Database " . $database . " is selected"; if (!$db) { die('Could not connect: ' . mysql_error()); } } ?> Any help would be great! Thanks Mike

bump

I am trying to set up a web application that uses pki. does anyone have a good tutorial to set this up? I have a "dedicated server" to do all this on.

I have an issue with the error "Invalid Field County when I upload a csv to my database via my phpmyadmin. Everything up the the line it says uploads but that line below does not. Here is the structure of my database Attached are my csv files. [attachment deleted by admin]

i can do either. it does not matter. probably will have headers for each column.

I was wondering if anyone has created a script that would let the user choose a csv file and upload them to a certain database. I need to do this for a project and i have seen some but they would allow the user to edit the file. I do not want that. I want the admin to be able to edit the files only but I want the user to choose the file and what database.

those can be used like mysql_real_escape_string? you mean the register validation page correct? can you provide me an example or two if my first question is wrong?

Is mysql_real_escape_string the only thing i should use to prevent sql injection when i am validating a log in like the following $username = mysql_real_escape_string($_POST['username']; $password = mysql_real_escape_string($_POST['password']; what else can i do?

i would just have a .csv file. I would upload it via phpmyadmin

Here is my csv file ID,DistrictTag,SerialNumber,ItemName,Type,Type1,Model,month,day,year,DateofPurchase,Grant,Building,Room,Status,Specs,WorkedOn,Surplus, ,987654321,987654321,Test Item 2,Laptop,N/A,HP,1,22,2008,1/22/2008,N/A,WASHS,203,In Use,N/A,No,No, I am getting the following error Invalid field count in CSV input on line 1. I have the correct number of fields and what not. ID is auto incrementing

so i understand this fully, $ipsearch are the ones that you want to test and $ipaddresses are the okay ones so i could do the following <?php $ipaddress = $_SERVER['REMOTE_ADDR']; $ipSearch = array('$ipaddress'); $ipaddresses = array('192.168.0.3', '192.168.0.2', '192.168.1.1', '192.168.9.1'); $found = array_intersect($ipSearch, $ipaddresses); if ($found == false) { echo "You can not access this page based on your IP Address"; } die(); ?> [/code]

that code you gave me i get invalid argument supplied for foreach()

so if the ips are in $ipSearch are in $ipaddress? I will be doing it by some ip addresses so certain people can access it off campus but my issue is doing it by subnet at least right now bc some of the subnets are are between 3 and 7 characters xxx.xxx. That is what I am trying to battle right now.

I understand how this works but not sure completely how it is the right thing for me

if(!in_array($ipaddressubnet,$ipaddresses)) .... That is part of my code portion of a page. I would like to have many variables like $ipaddresssubnet, $ipaddresssubnet1, $ipaddresssubnet2, etc to see if it is in the $ipaddresses array Can I do something like that with the in_array function?

premiso, so i can use taht function/

I am using 5.2.8. I am using xampp so it is for a linux distro. I do not see any other version of php other than the version i have on their site.

Since I can not edit my last post I have found a script to do this with that does images but I can easily mod it to do it for .doc files. When I run a query how to do I pull to show you like something you guys said?

I am discussion on how the best way to do a upload that is for a specific record. I am still lost with it.

list($emailusername,$domain)=split('@',$email); if(!checkdnsrr($domain, 'MX')) { $errorMessage .= "<br />The domain entered, $domain, does not have a valid mail server"; } Error Message: Fatal error: Call to undefined function checkdnsrr() in C:\xampp\htdocs\seniorProject\register\validation.php on line 125 Server is running off of Windows Vista SP1 x64 with XAMPP

Fixed. Did a combination of what you two said about 5-10 minutes after I posted. All working now.

$result = mysql_query($Query, $db); $WASD = mysql_fetch_assoc($result); Error Messages for the Above Code: Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in C:\xampp\htdocs\seniorProject\administration\showEquipmentData.php on line 141 $numRows = mysql_num_rows($result); if ($numRows <= 0) Gives the following error: Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\xampp\htdocs\seniorProject\administration\showEquipmentData.php on line 162 I am going to still mess around and research some to see if ic an find a solution. If anyone else knows what it is please let me know please. Thanks [/code]

Now it is working. That is why I said thank you. I just included the code because aschk was saying about he didnt know how it was being outputted. thanks again!

<?php session_start(); if ($_SESSION['loggedIn'] == TRUE) { $username = $_SESSION['username']; echo "User Logged In: $username"; echo "<br /><a href='../administration/index1.php'>Main Admin</a>"; echo "<br />"; echo "<div align='center'><img src='../images/wasdBanner.gif' alt='header' /></div>"; //including the database connection script include("../includes/connect.php"); echo "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'> <html xmlns='http://www.w3.org/1999/xhtml'> <head> <meta http-equiv='Content-Type' content='text/html; charset=utf-8' /> <title>Modify Software</title> </head> <body>"; $userquery = "SELECT * FROM users WHERE username = '$username'"; $query = mysql_fetch_assoc(mysql_query($userquery)); if($query[usergroup] != "Super Administrator") { echo "<br />You need to have administration privleges"; //meta refresh }//end of if($query[usergroup] == "Super Administrator") else { $SKU = $_POST['sku#']; $softwareQuery = "SELECT * FROM `software` WHERE `SKU` = '$SKU'"; $softwareResultNumRows = mysql_query($softwareQuery) or die (mysql_error()); $softwareResult = mysql_fetch_assoc(mysql_query($softwareQuery)); $softwareNumRows = mysql_num_rows($softwareResultNumRows); //Debuggin: echo "$SKU"; if ($softwareNumRows == 0) { if ($SKU == "") { echo "Please enter a SKU Number"; }//end of if ($SKU == "") }//end of if ($numrows == 0) else { echo "<style type='text/css'> <!-- .style1 { color: #0000FF; font-weight: bold; } .style2 {color: #0000FF} .style3 {font-size: 12px} --> </style> "; echo "<form id='software' name='software' method='post' action='softwareModifyCheck.php'> <div align='center' > <p class='style1'>Software<br /> <hr width='50%' /> <p align='left'> <label>ID: <input type='text' name='ID' id='ID' value='$softwareResult[iD]' readonly='readonly' length='4'/> </label> </p> <p align='left'> <label>Software Title: <input type='text' name='softwareTitle' id='softwareTitle' value='$softwareResult[softwareTitle]'/> </label> </p> <p align='left'> <label>SKU #: <input type='text' name='sku#' id='sku#' value='$softwareResult[sKU]'/> </label> </p> <p align='left'>Building: <select name='building' id='building'> <option value='$softwareResult[Location]'>$softwareResult[Location]</option> <option value='Summitview'>Summitview</option> <option value='WAMS'>WAMS</option> <option value='WASHS'>WASHS</option> <option value='Hooverville'>Hooverville</option> <option value='Mowery'>Mowery</option> <option value='Fairview Ave'>Fairview Ave</option> <option value='Clayton Ave'>Clayton Ave</option> </select> </p> <p align='left'>Room: <label> <input name='room' type='text' id='room' size='3' maxlength='3' value='$softwareResult[Room]'> </label> </p> <p align='left'>Grant: <label> <input type='text' name='grant' id='grant' value='$softwareResult[Grant]'/> </label> </p> <p align='left'>Other Information: <label><br /> <textarea name='otherinfo' id='otherinfo' cols='45' rows='5'>$softwareResult[OtherInfo]</textarea> </label> </p> <p align='left'> </p> <div align='center'> <input type='submit' name='submit2' id='submit2' value='Submit' /> <input type='reset' name='button' id='button2' value='Reset' /> </div> </div> </form>"; }//end of else }//end of else }//end of if ($_SESSION['loggedIn'] == TRUE) else { header('Location: ../login.php'); } echo" </body> </html>"; ?> I implemented timmah1's solution <textarea name='otherinfo' id='otherinfo' cols='45' rows='5'>$softwareResult[OtherInfo]</textarea>