adamjones
-
Posts
172 -
Joined
-
Last visited
Posts posted by adamjones
-
-
Thanks
-
Hi.
I'm not sure what it's called, but an example of it could be a profile for a website, and you type in the address with a username eg;
site.com/profile/username
And it would bring up a specific page for that user?
How could I achieve this, or does anyone know of any tutorials out there for this?
My table layout is just a simple one with 'id', 'username' and 'password'.
Cheers!
-
As far as i can see $_SESSION['user'] isn't set. You're using this as the value for a hidden field, so that'll be blank.
Incidentally, why are you putting session variables in hidden fields? That's just asking for the user to manipulate them. If they're in sessions, you can access them on the next page anyway.
Hmm. Right. Thanks for your help.
Do you know of any tutorials related to pasword reset forms?
Cheers.
-
Hi.
I made a password reset form for users on my website, however, it's not working, and I don't really understand why not. The coding looks to have no errors, etc;
This page is where the user types in their username;
<form name="form1" method="post" action="passwordrequest.php" id="formular" class="formular"> <fieldset> <legend>Forgotten Login</legend> <label></label> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="7%" align="left" valign="top"><img src="css/images/frank_14.gif" alt="" width="61" height="85" /></td> <td width="4%"> </td> <td width="89%"> <label><span>Don't worry! Just fill in your Username below;<br /> <br /> Username: </span> <input type="text" name="username" class="validate['required','length[6,16]','alphanum'] text-input" id="username" /> </label> <label></label> <p> <input type="submit" class="submit" value="Next Step" /> </p></td> </tr> </table> </fieldset> <hr /> </form>
Their usename is then passed to this file, where it checks their username, then registers their secret question and answer;
<?php ini_set('error_reporting', E_ALL); session_start(); require_once('config.php'); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } $username = clean($_POST['username']); $qry="SELECT * FROM members WHERE username='$username'"; $result=mysql_query($qry); if($result) { if(mysql_num_rows($result) == 1) { session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['secretq'] = $member['secretq']; $_SESSION['secreta'] = $member['secreta']; session_write_close(); } } ?> <?php header("location: password_question.php"); exit(); ?>They are then taken to this page, where they are asked their secret question;
<form name="form1" method="post" action="reset_check.php" id="formular" class="formular"> <fieldset> <legend>Forgotten Login</legend> <label></label> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="7%" align="left" valign="top"><img src="css/images/frank_03.gif" alt="" width="60" height="85" /></td> <td width="4%"> </td> <td width="89%"><label><span>Secret Question : </span> <input name="secretq" type="text" class="validate['required','length[6,16]','alphanum'] text-input" value="<?php echo $_SESSION['secretq'];?>" readonly/> </label> <label> <span>Answer : </span> <input type="text" name="secreta" class="validate['required','length[3,-1]','nodigit'] text-input" /> <input name="username" type="hidden" class="validate['required'] text-input" value="<?php echo $_SESSION['user']; ?>" /> </label> <p> <input type="submit" class="submit" value="Reset My Password" /> </p></td> </tr> </table> </fieldset> <hr /> </form>
Once they have filled in the answer, it's sent to this;
<?php session_start(); require_once('config.php'); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } $secretq = clean($_POST['secretq']); $secreta = clean($_POST['secreta']); $username = clean($_POST['username']); $qry="SELECT * FROM members WHERE username='$username' AND secreta='$secreta'"; $result=mysql_query($qry); if($result) { if(mysql_num_rows($result) == 1) { session_regenerate_id(); $resetyes = mysql_fetch_assoc($result); $_SESSION['resetcode'] = $resetyes['resetcode']; session_write_close; header("location: reset_password.php"); exit(); }else { header("location: invalid_answer.php"); exit(); } }else { die("Query failed"); } ?>However, I'm always being redirected to 'invalid_answer.php'. I can't see any mistakes in the code? Could anyone have a look at it please
Cheers.
-
Well you can test this out easily.
Run the same program/website and instead of using your subdomain, just make it a regular path on your server like:
www.mywebsite.com/admin
www.mywebsite.com/somethingelse
If your code works that way, then we can probably say it's a subdomain thing...
Again, I could be way off though...
Done, it works perfectly. Thank's for your help.
Guess I'll just have to wave goodbye to my subdomain.
-
Ok well I'm about to sound really wrong on this, but I don't think your sessions can cross domains.
For example:
www.mydomain.website.com
and
www.website.com
They are both 2 different domains.....
But it's the same website, the subdomain is just a redirect to the same website, just /secure/blahblah
Hmm..?
-
I have a subdomain for an administration panel on my website. The idea is the user logs in on the normal website, and if they type in the subdomain, they will be directed to the admin panel. On the admin panel, it checks if the user is logged in, and if not directs them back to the website. If they are logged in, it checks their rank, and if their rank is over 1, it allows them access.
Only problem I'm having is related to sessions I think. If I'm logged in, and go to the admin panel, using the subdomain, it just directs me to the website, as if I wasn't even logged in. But, if I go to the real URL of the admin panel, instead of the subdomin, it works perfectly?..
Hmm..
Here is the code for my admin panel;
<?php session_start(); if(!session_is_registered(name)){ header("location:http://www.mysiteblahblah.co.uk"); } { if($_SESSION['rank'] > 0){ header("location:admin.php"); } else { header("location:http://www.mysiteblahblah.co.uk"); } } ?>Eg:
www.mysite.com/secure/house-keeping/index.php
will work...
www.subdomain.mysite.com
wont.
-
Sure;
`ID` int(11) NOT NULL auto_increment, `Title` text NOT NULL, `Date` date NOT NULL default '0000-00-00', `Time` time NOT NULL default '00:00:00', `Message` text NOT NULL, `Name` text NOT NULL, PRIMARY KEY (`ID`) [code] Also, how would I have the date as 'Thu-19-2009', instead of it coming up as '2009-02-19', if you know? Cheers.
You can do it that way but I'm unfamiliar with using date as the column type in MYSQL. that's why i said I use int(10) and then put int he date as a unix timestamp value.
As for displaying dates, that's easy:
'Thu-19-2009' = date("D-d-Y")
So the correct format is:
$mydate = date("D-d-Y",$timestamp_from_db);
Hmm, ok.
When I tried changing the date to int(10), and timestamp, I get this error;
"SQL query:
ALTER TABLE `uknews` CHANGE `Date` `Date` INT( 10 ) ON UPDATE CURRENT_TIMESTAMP NOT NULL
MySQL said:
#1294 - Invalid ON UPDATE clause for 'Date' column "
-
Sure;
`ID` int(11) NOT NULL auto_increment, `Title` text NOT NULL, `Date` date NOT NULL default '0000-00-00', `Time` time NOT NULL default '00:00:00', `Message` text NOT NULL, `Name` text NOT NULL, PRIMARY KEY (`ID`)
Also, how would I have the date as 'Thu-19-2009', instead of it coming up as '2009-02-19', if you know?
Cheers.
-
...so I would need to also add a time function, to check the time submitted too, correct?
that sounds about right. When I do my dates in mysql, I just make the columns INT(10) and put in
the timestamp using PHP's time() function.
Then when I pull the data out, I use the date() function to properly display the date.
By using timestamp, you cover everything, the date as well as time...
Ok, so I've added a time field to the database, but I'm not really sure how I would quiery the database to do it for the date and time?
Would it be;
$DB_Query = @mysql_query("SELECT * FROM `uknews` ORDER BY date AND time DESC LIMIT 5") OR die('MySQL error: '.mysql_error());No, that has to be wrong, lol!
-
Hi.
I have a news oage with the following code;
<?php require_once('config.php'); $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } $DB_Query = @mysql_query("SELECT * FROM `uknews` ORDER BY date DESC LIMIT 5") OR die('MySQL error: '.mysql_error()); while ($data = mysql_fetch_array($DB_Query)) { $data['Message'] = nl2br($data['Message']); echo " <div class='start'>{$data['Title']}</div> <div id='latest-news' class='box'> <p>{$data['Message']}</p> <p><b>Posted by {$data['Name']}</b></p> </div> <div class='end'></div>"; } ?>This quiries the database, and gets my news items, then organizes them by their date submitted. My problem, however, is that, for example, there are two news articles submitted on the same date, then it no longer organizes them on that date.
...so I would need to also add a time function, to check the time submitted too, correct?
How would i go around doing this? This is table layout;
`ID` int(11) NOT NULL auto_increment, `Title` text NOT NULL, `Date` date NOT NULL default '0000-00-00', `Message` text NOT NULL, `Name` text NOT NULL,
Cheers,
Adam.[/code]
-
Might want to change
if (isset($_SERSSION['name'])) {
to
if (isset($_SESSION['name'])) {
Saw that; It was the only one I could change by myself! Lol.
-
Youve already called echo, no need to do it again.
<?php session_start(); if (isset($_SERSSION['name'])) { echo "<li class='right active'><a href='account_settings.php' rel='facebox'><span>Welcome back {$_SESSION['name']}!</span></a></li> <li class='right active'><a href='' rel='facebox'><span>Last login on {$_SESSION['lastlogin']}</span></a></li>"; } else { echo "<li class='right logout'><a href='create.php' rel='facebox'><span>Create An Account</span></a></li> <li class='right logout'><a href='login.php' rel='facebox'><span>Login</span></a></li>"; } ?>ps: session_is_registered has LONG been depricated.
Thankyou very much for your help.
All working now; I'm still learning, well, trying to! Haha.
-
<?php session_start(); if(session_is_registered(name)){ echo "<li class='right active'><a href='account_settings.php' rel='facebox'><span>Welcome back ".echo $_SESSION['name'];."!</span></a></li> <li class='right active'><a href='' rel='facebox'><span>Last login on ".echo $_SESSION['lastlogin'];."</span></a></li>"; } else { echo "<li class='right logout'><a href='create.php' rel='facebox'><span>Create An Account</span></a></li> <li class='right logout'><a href='login.php' rel='facebox'><span>Login</span></a></li>"; } ?>Try that (Only fixed a few things, not the depreciated functions..)
Hi, thanks. But now I get this error;
"Parse error: syntax error, unexpected T_ECHO in /home/wowdream/public_html/designbyfreedom/habhub/index.php on line 4"
-
I'm pretty sure the problem is trying to echo the variables? I'm not sue how I would echo them, in an echo; If that makes sense?
-
Hi.
The idea of this code is to echo some user information if the user is logged in, or if they aren't logged in, to echo a login menu;
<?php session_start(); if(session_is_registered(name)){ echo "<li class='right active'><a href='account_settings.php' rel='facebox'><span>Welcome back echo $_SESSION['name'];!</span></a></li> <li class='right active'><a href='' rel='facebox'><span>Last login on echo $_SESSION['lastlogin'];</span></a></li>"; } else { echo "<li class='right logout'><a href='create.php' rel='facebox'><span>Create An Account</span></a></li> <li class='right logout'><a href='login.php' rel='facebox'><span>Login</span></a></li>"; } ?>But I get this error;
"Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/wowdream/public_html/designbyfreedom/habhub/index.php on line 4"
-
1) When the person first creates their password, encrypt it and store it in the database
2) If they forget their password, create a random string, and store that in the database. Email them a link to a script with that random string appended (something.php?string=adfkl234rjklsa for example)
3) When they access that script (something.php), use $_GET['string'] to find the string, and search the database to see if it exists.
4) If it does, output a form asking them to input their username (this is to prevent people from randomly trying a bunch of different strings until they hit one that works)
5) if they input the correct useraname, give them a form that allows them to create a new password
6) encrypt that password, and insert it into the database
Right, ok.
Thank's for your help.
-
You shouldn't be storing your passwords unencrypted in the database, and you shouldn't be emailing them to people. Big security risk. If someone forgets their password, set it up so they can create a new one.
I wouldn't know how to do this; I've searched for tutorials, etc..
-
Earlier had a post about e-mail not working in PHP.
Just wondering how I could echo a password from a database in a variable?
$qry="SELECT * FROM members WHERE username='$username'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['email'] = $member['email']; $_SESSION['pass'] = $member['password']; $_SESSION['subject'] = 'HabHub Password Request'; $_SESSION['message'] = 'Thankyou for contacting HabHub. This is an automated e-mail from our server. This e-mail contains information about resetting your HabHub account password. If you did not request this, then please delete this e-mail. Your HabHub password is .'; session_write_close(); } } $from = "From: do.not.reply@habhub.co.uk\r\n"; mail($_SESSION['email'], $_SESSION['subject'], $_SESSION['message'], $from); ?> <?php header("location: password_sent.php"); exit(); ?>...'message' is the message sent in the email. I have already added the password as a variable.
Cheers,
Adam.
-
I have defined them though, right?
No. Seems you should be using....
mail($_SESSION['email'], $_SESSION['subject'], $_SESSION['message'], $_SESSION['from']);
Ahh. Thank you very much!
All working now
-
are you getting an error?if not add this at the top of the page :
ini_set('error_reporting', E_ALL);P.s why do you have $email inside quotes " " ?
if you dont get an error message after adding that then im not to sure.
are you getting an error?if not add this at the top of the page :
ini_set('error_reporting', E_ALL);P.s why do you have $email inside quotes " " ?
if you dont get an error message after adding that then im not to sure.
Because the format for it should be;
mail("name@domain.com", $subject, $message, $from);So, I grabbed the email from the database of the user, set it to register as a variable, and placed it in there.
Oh dear... These are the errors;
"Notice: Undefined variable: email in /home/wowdream/public_html/designbyfreedom/habhub/passwordrequest.php on line 56
Notice: Undefined variable: subject in /home/wowdream/public_html/designbyfreedom/habhub/passwordrequest.php on line 56
Notice: Undefined variable: message in /home/wowdream/public_html/designbyfreedom/habhub/passwordrequest.php on line 56
Notice: Undefined variable: from in /home/wowdream/public_html/designbyfreedom/habhub/passwordrequest.php on line 56"
I have defined them though, right?
-
found it:
<?php if($result) {//1 open if(mysql_num_rows($result) == 1) {//2open session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['email'] = $member['email']; $_SESSION['subject'] = 'Password Request'; $_SESSION['message'] = 'Link to reset pass here'; $_SESSION['from'] = 'do.not.reply@email.com'; session_write_close(); }//1 close were is 2 close?? mail("$email", $subject, $message, $from);?>look at your braces '}' in the code i posted i put comments next to them
Ok, thanks
That fixed it, however, it's not sending the message for some reason?
-
I have this code, which should connect to my database, grab the e-mail for the username given, and mail them a message, which will have a link in for them to reset their password;
<?php session_start(); require_once('config.php'); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } $username = clean($_POST['username']); if($username == '') { $errmsg_arr[] = 'Invalid username'; $errflag = true; } if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login_failure.php"); exit(); } $qry="SELECT * FROM members WHERE username='$myusername'"; $result=mysql_query($qry); if($result) { if(mysql_num_rows($result) == 1) { session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['email'] = $member['email']; $_SESSION['subject'] = 'Password Request'; $_SESSION['message'] = 'Link to reset pass here'; $_SESSION['from'] = 'do.not.reply@email.com'; session_write_close(); } mail("$email", $subject, $message, $from); ?> <?php header("location: index.php"); exit(); ?>But I get this error;
"Parse error: syntax error, unexpected $end in /home/wowdream/public_html/designbyfreedom/habhub/passwordrequest.php on line 74"
It should register the email, subject and message, and then send an email to them? Correct?
Cheers,
Adam.
-
One more left
session_register("lastlogin");Thanks, but still not registering anything;
<?php ob_start(); $host="localhost"; $username="domainey_x"; $password="pass"; $db_name="domainey_x"; $tbl_name="members"; mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); $data=mysql_fetch_array($result); $access= $data['access']; $id= $data['id']; $name= $data['name']; $email= $data['email']; $number= $data['number']; $count=mysql_num_rows($result); if($count==1){ session_start(); $_SESSION['myusername'] = $myusername; $_SESSION['access'] = $access; $_SESSION['mypassword'] = $mypassword; $_SESSION['name'] = $name; $_SESSION['email'] = $email; $_SESSION['number'] = $number; $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $_SESSION['lastlogin'] = $lastlogin; $DB_Query = @mysql_query("UPDATE `members` SET lastlogin=Now() WHERE username='$myusername'") OR die('MySQL error: '.mysql_error()); header("location:admin.php"); } else { echo "silly PHP "; } ob_end_flush(); ?>
[SOLVED] Really need help on this one!
in PHP Coding Help
Posted
Hi.
I have profile pages on my website for users, and want to incorporate a badge function, so on their profile page, people can see which badges they have, eg. 'Donator' etc..
In my database, it's simply the usernames, password, and in a new row, 'badges'. Here I would enter the badge names, all separated by commas, eg. 'donator,admin,vip' etc...
And this is the code used on their profile page;
<?php session_start(); require_once('config.php'); $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } $qry="SELECT * FROM members WHERE username='$_SESSION[user];'"; $result=mysql_query($qry); $getbadge = mysql_query($query) or die(mysql_error()); if($result) { while ($row = mysql_fetch_array($getbadge)) { $img = $row['badges']; echo "<img src='badges/".$img.".gif' alt='".$img."'>"; } else { echo "<p>".$error."</p><br>"; } } ?>So it will display the badge name '$img' with .gif at the end, for each user. But I get this error;
"Parse error: syntax error, unexpected T_ELSE in /home/wowdream/public_html/habhub/profile.php on line 25"