Hooo

<html> <body> <?php include 'config.php'; include 'opendb.php'; session_start(); $userfinal=$_SESSION['usname']; $messageid = $_GET['message']; $message = mysql_query("SELECT * FROM `messages` WHERE `message_id` = '{$messageid}' AND `to_user` = '{$userfinal}'") or die(mysql_error()); $MessageRecieved=mysql_fetch_assoc($message); echo "<h1>Title: ".$MessageRecieved['message_title']."</h1><br><br>"; echo "<h3>From: ".$MessageRecieved['from_user']."<br><br></h3>"; echo "<h3>Message: <br>".$MessageRecieved['message_contents']."<br></h3>"; echo '<form name="backfrm" method="post" action="inbox.php">'; echo '<input type="submit" value="Back to Inbox">'; echo '</form>'; ?> </body> </html> No luck, did I miss something? :/

Basically, the code I will paste is the read message link. What happens is the message sends perfectly, however when clicking on the actual title the page (Below) doesn't actually show what it is supposed to, this being the message title, message contents etc. <html> <body> <?php include 'config.php'; include 'opendb.php'; session_start(); $userfinal=$_SESSION['usname']; $messageid = $_GET['message']; $message = mysql_query("SELECT * FROM `messages` WHERE `message_id` = '{$messageid}' AND `to_user` = '{$userfinal}'") or die(mysql_error()); $message=mysql_fetch_assoc($message); echo "<h1>Title: ".$message['message_title']."</h1><br><br>"; echo "<h3>From: ".$message['from_user']."<br><br></h3>"; echo "<h3>Message: <br>".$message['message_contents']."<br></h3>"; echo '<form name="backfrm" method="post" action="inbox.php">'; echo '<input type="submit" value="Back to Inbox">'; echo '</form>'; ?> </body> </html>

Basically, code works fine (somehow, I know it looks a mess ). Anyway, a few minor problems .. #1. When the form has been completed and the registration is successful, it echos this top left of the page which is fine for now, however the register form also reappears, I want to make it so that doesn't reappear, is there a way? #2. It is possible for people to click refresh and duplicate an entry, also if I visit the link directly it again creates a duplicate entry in the Users table. Not so minor this one, but i'm sure theres something simple to fix it. If there is anything else you spot which needs to be adjusted, please do tell <html> <body> <?php include 'config.php'; include 'opendb.php'; if ($_POST['Submit']) { $uname = $_POST["uname"]; $pword = $_POST["pword"]; $pword1 = $_POST["pword1"]; $jmail = $_POST["email"]; $age = $_POST["age"]; $chkname = mysql_query("SELECT * FROM Users WHERE usname='$uname'"); $salt = 's+(_a*'; $salt_pass = md5($pword.$salt); $ip = $_SERVER['REMOTE_ADDR']; $datum = date("d-m-y / H:i:s"); if(mysql_num_rows($chkname) > 0 ) { echo "Username already in use"; } else { if ($pword != $pword1) { echo "The two passwords do not match"; } else { if (strlen($pword) > 25 || strlen($pword) < 6 ) { echo "Your password must be between 6 and 25 characters!"; } else { if (strlen($uname) > 16 || strlen($uname) < 4 ) { echo "Your username must be between 4 and 16 characters!"; } else { $sql="INSERT INTO Users (usname, userpass, useremail, userage, JoinDate, IPAddress) VALUES ('$uname','$salt_pass','$jmail','$age','$datum','$ip')"; if (!mysql_query($sql)) { die('Error: ' . mysql_error()); } ?> Registation Successful!<br /><br /> You may now <a href="index.php">login!</a> <?php } } } } } ?> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form name="form1" Method="POST" ACTION="index2.php"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Register </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="uname" type="text" id="uname" maxlength="16" /></td> <tr> <td>Password</td> <td>:</td> <td><input name="pword" type="password" id="pword" maxlength="25" /></td> <tr> <td>Re-enter</td> <td>:</td> <td><input name="pword1" type="password" id="pword1" maxlength="25" /></td> <tr> <td>Email</td> <td>:</td> <td><input name="email" type="text" id="email" maxlength="50" /></td> <tr> <td>Age</td> <td>:</td> <td><input name="age" type="text" id="age" maxlength="2" /></td> <tr> <td> </td> <td> </td> <td><input type="submit" name="Submit" value="Register"></td> </tr> </table> </td> </form> </tr> </table> <?php include 'closedb.php'; ?> </body> </html>

Been searching and can't find out how to do these.. Just simply want them to be logged on signup and maybe login and store last 3/5 login IPs if thats possible.. Data also, so date registered and date last logged in. Is there any suggestions on how to go about doing this? Thanks.

If nobody can make sense of my code, is there an easier way I can do this? Sorry for double post

Took out the extra <html> and opening PHP at the top which crashed the page, but when I try to change I still get "the two passwords didn't match"

Here is what I have, the basic aim of the script is to change password, does a couple of checks like Old password matches password they input on the previous form, and new password matches the new password confirm box in the form also. I know it is bad as it is, I have been trying to fix it, however things are just not going well At the moment with the code I have it says "The two passwords didn't match.. Thanks for any help given. <html> <body> <?php include 'config.php'; include 'opendb.php'; session_start(); if(isset($_SESSION['usname'])) { ?> <table width="320" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form name="changepw" method="post" action="changepw1.php"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong> Change Your Password </strong></td> </tr> <tr> <td width="200">Old Password</td> <td width="6">:</td> <td width="294"><input name="opass" type="password" id="opass"></td> </tr> <tr> <td>New Password</td> <td>:</td> <td><input name="npass" type="password" id="npass"></td> </tr> <tr> <td>Re-enter</td> <td>:</td> <td><input name="npass1" type="password" id="npass1"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="Submit" value="Change Password"></td> </tr> </table> </td> </form> </tr> </table> <?php } else { echo '<meta http-equiv="refresh" content="2;url=index.php">'; } ?> </body> </html> and <?php include 'config.php'; include 'opendb.php'; session_start(); $opass = $_POST["opass"]; $npass = $_POST["npass"]; $npass1 = $_POST["npass1"]; $salt = 's+(_a*'; $salt_passo = md5($opass.=$salt); $salt_passn = md5($npass.=$salt); $result = mysql_query("SELECT userpass FROM Users WHERE usname = '{$_SESSION['usname']}'") or die(mysql_error()); $row=mysql_fetch_assoc($result); if(isset($_SESSION['usname'])) { if ($salt_passo != $row['userpass']) { echo "Your old password was entered incorrectly"; } elseif ($npass != $npass1) { echo "The two new password didn't match"; } else { mysql_query("UPDATE `Users` SET `userpass`='{$salt_passn}' WHERE `usname` = '{$_SESSION['usname']}'") or die("Error: ".mysql_error()); } } else { echo '<meta http-equiv="refresh" content="2;url=index.php">'; } ?>

Isn't =.= I must be annoying you <3

Edited my post, sorry, noticed that mistake There is no need to check when both are encrypted as it will encrypt with the SQL anyway, so I checked npass != npass1. Both of which are taken directly from the previous form, and should both be filled with the same password.

No, the code I have (Changed from first time I posted) elseif ($npass != $npass1) { echo "The two new password didn't match"; } and the Variables: $opass = $_POST["opass"]; $npass = $_POST["npass"]; $npass1 = $_POST["npass1"]; $salt = 's+(_a*'; $salt_passo = md5($opass.=$salt); $salt_passn = md5($npass.=$salt);

Haha, think we are getting there *sigh* Now I get: The two new password didn't match I don't see anything similar wrong with that however :/

$salt = 's+(_a*'; $salt_pass = md5($pword.$salt); Then: $sql="INSERT INTO Users (usname, userpass, useremail, userage) VALUES ('$uname','$salt_pass','$jmail','$age')"; Appears to be the same to me

Same outcome fella. =[

Done what you have suggested, however now when I enter the old pass, plus a new passX2, I get: Your old password was entered incorrectly. Could this be something to do with the encrypting? I believe I have used the same algorithm of md5 + $salt Thanks

Basically, the script is to change a password once a member is logged in. So first I include the files, start the session and ask if a session is set. If it is ( { ) then the elses happen, like if old password inputted into form beforehand matches pass in database, carry on, if not, echo error basically. Then it checks that both New Password and Confirm New Password fields are matching, and carries on and does the SQL update. At the end, the if session set ends with a redirect to index, which is the login page. Hope you understand? Thanks, I know it isn't pretty either

Hi, I believe the main part of the code is correct, however the logic I believe is wrong. I know there are many misplaces { and } and would like to know what to change to make it work. Thanks. <html> <body> <?php include 'config.php'; include 'opendb.php'; session_start(); $opass = $_POST["opass"]; $npass = $_POST["npass"]; $npass1 = $_POST["npass1"]; $salt = 's+(_a*'; $salt_passo = md5($opass.$salt); $salt_passn = md5($npass.$salt); $result = mysql_query("SELECT userpass FROM Users WHERE usname = '" .$_SESSION['usname'] . "'"); if(isset($_SESSION['usname'])) { else { if ($salt_passo != $result) { echo "Your old password was entered incorrectly"; } else { if ($salt_passo != $salt_passn) { echo "The two new password didn't match"; } else { $sql=mysql_query(UPDATE Users SET userpass='$salt_passn' WHERE usname = '" .$_SESSION['usname'] . "'"); if (!mysql_query($sql)) { die('Error: ' . mysql_error()); } } } } } else { echo '<meta http-equiv="refresh" content="2;url=index.php">'; } ?> </body> </html>

Password fields were only 20 long, changed to 40. That was the problem

Will show the two files with the hashing involved. I have done as you say, however giving me the "Wrong username" error. It won't even let me login using the actual hashs either. The signup insert page: <?php include 'config.php'; include 'opendb.php'; $uname = $_POST["uname"]; $pword = $_POST["pword"]; $pword1 = $_POST["pword1"]; $jmail = $_POST["email"]; $age = $_POST["age"]; $chkname = mysql_query("SELECT * FROM Users WHERE usname='$uname'"); $salt = 's+(_a*'; $salt_pass = md5($pword.$salt); if(mysql_num_rows($chkname) > 0 ) { echo "Username already in use"; } else { if ($pword != $pword1) { echo "The two passwords do not match"; } else { $sql="INSERT INTO Users (usname, userpass, useremail, userage) VALUES ('$uname','$salt_pass','$jmail','$age')"; if (!mysql_query($sql)) { die('Error: ' . mysql_error()); } ?> <html> <body> Registation Successful!<br /><br /> You may now <a href="index.php">login!</a> </body> </html> <?php } } include 'closedb.php'; ?> and the login check: <?php session_start(); include 'config.php'; include 'opendb.php'; $tbl_name= 'Users'; $myusername=$_POST['usname']; $mypassword=$_POST['userpass']; $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $salt = 's+(_a*'; $salt_pass = md5($mypassword.$salt); $sql="SELECT * FROM " .$tbl_name ." WHERE usname='" . $myusername. "' and userpass='".$salt_pass."'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count == 1) { $_SESSION['usname'] = $myusername; echo '<meta http-equiv="refresh" content="1;url=main.php">'; } else { echo "Wrong Username or Password"; } include 'closedb.php'; ?>

So I have decided to use Salt + md5 encryption for passwords, and it works when the signup happens. The password is then encrypted. However, I can't login with the password the user chose, I can however log in with the encrypted code, 394kj40jirji, or whatever lol. Is there anything I have to use apart from: $salt = 's+(_a*'; $salt_pass = md5($pword.$salt); Obviously salt_pass is sent to the mysql table. That is all I have changed, what am I missing? Thanks.

... Thanks userage... Sorry to waste your time.

The table does indeed have a field for ID/Name/Age/Email. Will try the above. -- <html> <body> <?php include 'config.php'; include 'opendb.php'; session_start(); if(isset($_SESSION['usname'])) { $data = mysql_query("SELECT * FROM Users WHERE usname = '" .$_SESSION['usname'] . "'"); $info = mysql_fetch_assoc($data) or die(mysql_error()); echo "Login Successful<br /><br />"; echo "Your age is: " . $info['age'] . "<br /><br />"; echo "<a href='logout.php'>Logout</a>"; } else { echo '<meta http-equiv="refresh" content="2;url=index.php">'; } ?> </body> </html> The page now appears (woop) but, this is what I see: -- Login Successful Your age is: Logout --

Just pretty much copy/pasted what you did above this post, and still the page is not loading at all.

Fixed that, however there is still something wrong: The website cannot display the page HTTP 500 Most likely causes: The website is under maintenance. The website has a programming error. Normally it's something stupid I miss/leave out.. Sorry again x

<?php include 'config.php'; include 'opendb.php'; session_start(); $data = mysql_query("SELECT * FROM Users"); $info = mysql_fetch_array($data) or die(mysql_error()); if(isset($_SESSION['usname'])) { echo '<html>'; echo '<body>'; echo 'Login Successful<br /><br />'; echo 'Your age is: $info['age']<br /><br />'; echo '<a href='logout.php'>Logout</a>'; echo '</body>'; echo '</html>'; } else { echo '<meta http-equiv="refresh" content="2;url=index.php">'; } ?> The page then doesn't display at all. Sorry for being an idiot at this

Ok, problem is simply, I can't echo a field from a mysql table I have. Code is: <?php include 'config.php'; include 'opendb.php'; session_start(); $data = mysql_query("SELECT * FROM Users"); $info = mysql_fetch_array($data) or die(mysql_error()); if(isset($_SESSION['usname'])) { ?> <html> <body> Login Successful<br /><br /> Your age is:<br /><br /> <a href='logout.php'>Logout</a> </body> </html> <?php } else { echo '<meta http-equiv="refresh" content="2;url=index.php">'; } ?> The table as you can see is called Users, and what I would like to echo is say the Age, field name is also age. I have tried as you can see with the $data and $info variables, however i'm having no luck myself. Also, is it possible to display for instance the variable made within the HTML text? So after where it says "Your age is:" put the age? Thanks.