Xtremer360 Posted April 9, 2009 Share Posted April 9, 2009 I want to know how my coding looks so far? I used to have a script like this before but lost the file and had to almost start from scratch. Finding old bits and pieces of my code around on some forums. With my new code I'm trying to figure out why keeping the neatness and scheme of this coding I want to clean up my old code and place it into my new code. So it can be easily readable and flow together. Any help? Old code: <?php include ('database.php'); //if the login form is submitted if(isset($_POST['submit'])) { // makes sure they filled it in if(!$_POST['username'] || !$_POST['password']) { die('You did not fill in a required field.'); } $username = mysql_real_escape_string($_POST['username']); $pass = mysql_real_escape_string($_POST['password']); $check = mysql_query("SELECT * FROM users WHERE username = '".$username."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database.'); } while($info = mysql_fetch_array( $check )) { $pass = md5(stripslashes($_POST['password'])); $info['password'] = stripslashes($info['password']); //$_POST['pass'] = md5($_POST['pass']); THIS IS DONE IN THE ABOVE STATEMENT //gives error if the password is wrong if ($pass != $info['password']) { die('Incorrect password, please try again.'); } else // if login is ok then we add a cookie and send them to the correct page { $username = stripslashes($username); $_SESSION['username'] = $username; $_SESSION['loggedin'] = time(); // Finds out the user type $query = "SELECT `admin` FROM `users` WHERE `username` = '" . $username . "'"; $result = mysql_query($query) or die(mysql_error()); $row = mysql_fetch_array($result); $admin = $row['admin']; $_SESSION['admin'] = $admin; ######################################### ######## ADMIN SCRIPT CAN BE ADDED BELOW ######################################### if(isset($_SESSION['admin'])) { ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta http-equiv="Content-Style-Type" content="text/css"> <meta http-equiv="Content-Language" content="en-us"> <meta name="language" content="en-us"> <title>Backstage V1 Administration Console</title> <link rel="stylesheet" href="backstage.css" type="text/css" media="screen"> <link rel="stylesheet" href="backstage_print.css" type="text/css" media="print"> <script src="prototype.js" type="text/javascript"></script> <script src="scriptaculous.js" type="text/javascript"></script> <script type="text/javascript" src="ajax.js"></script> <script type="text/javascript"> var page = document.cookie.match(/page=[\w][\w\-\.]+;/); if(page != null) { ajaxpage("page", "content"); } else { ajaxpage("home", "content"); } </script> <link rel=stylesheet href=backstage.css type=css media=screen> <link rel=stylesheet href=backstage_print.css type=css media=print> </head> <body> <div id=container> <div class=header> <table cellpadding="0" cellspacing="0" border="0" width="95%"> <tr> <td width=110 align=center></td> <td></td> <td width=40 valign=bottom align=right> <a href="#" onclick="ajaxpage('home', 'content'); return false;">Home</a> | <a href="#" onclick="ajaxpage('logout', 'content'); return false;">Logout</a> | <a target="_blank" href="http://kansasoutlawwrestling.com/phpBB3">Forums</a></td> </tr> </table> </div> <div id=container2> <div id=nav> <?php } if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 6) { ?> <h1>Character</h1> <ul> <li><a href="#" onclick="ajaxpage('bio', 'content'); return false;">Bio</a></li> <li><a href="#" onclick="ajaxpage('allies', 'content'); return false;">Allies</a></li> <li><a href="#" onclick="ajaxpage('rivals', 'content'); return false;">Rivals</a></li> <li><a href="#" onclick="ajaxpage('quotes', 'content'); return false;">Quotes</a></li> </ul> <?php } ?> <?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 5) { ?> <h1>Submit</h1> <ul> <li><a href="#" onclick="ajaxpage('roleplay', 'content'); return false;">Roleplay</a></li> <li><a href="#" onclick="ajaxpage('news', 'content'); return false;">News</a></li> <li><a href="#" onclick="ajaxpage('match', 'content'); return false;">Match</a></li> <li><a href="#" onclick="ajaxpage('seg', 'content'); return false;">Seg</a></li> </ul> <?php } ?> <?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 4) { ?> <h1>Handler</h1> <ul> <li><a href="#" onclick="ajaxpage('directory', 'content'); return false;">Directory</a></li> </ul> <?php } ?> <?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 3) { ?> <h1>Booking</h1> <ul> <li><a href="#" onclick="ajaxpage('champions', 'content'); return false;">Champions</a></li> <li><a href="#" onclick="ajaxpage('booker', 'content'); return false;">Booker</a></li> <li><a href="#" onclick="ajaxpage('compiler', 'content'); return false;">Compiler</a></li> <li><a href="#" onclick="ajaxpage('archives', 'content'); return false;">Archives</a></li> </ul> <?php } ?> <?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 2) { ?> <h1>Fed Admin</h1> <ul> <li><a href="#" onclick="ajaxpage('handlers', 'content'); return false;">Handlers</a></li> <li><a href="#" onclick="ajaxpage('characters', 'content'); return false;">Characters</a></li> <li><a href="#" onclick="ajaxpage('applications', 'content'); return false;">Applications</a></li> <li><a href="#" onclick="ajaxpage('eventnames', 'content'); return false;">Event Names</a></li> <li><a href="#" onclick="ajaxpage('titlenames', 'content'); return false;">Title Names</a></li> <li><a href="#" onclick="ajaxpage('matchtypes', 'content'); return false;">Match Types</a></li> <li><a href="#" onclick="ajaxpage('divisions', 'content'); return false;">Divisions</a></li> <li><a href="#" onclick="ajaxpage('countries', 'content'); return false;">Arenas</a></li> </ul> <?php } ?> <?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 1) { ?> <h1>Site Admin</h1> <ul> <li><a href="#" onclick="ajaxpage('templates', 'content'); return false;">Templates</a></li> <li><a href="#" onclick="ajaxpage('content', 'content'); return false;">Content</a></li> <li><a href="#" onclick="ajaxpage('biosconfig', 'content'); return false;">Bio Configuration</a></li> <li><a href="#" onclick="ajaxpage('newscat', 'content'); return false;">News Categories</a></li> <li><a href="#" onclick="ajaxpage('menus', 'content'); return false;">Menus</a></li> </ul> <?php } ?> </div> <div id=content> </div> <div id="footer">Backstage 1 © 2009 </div> </div> </div> </body> </html> <?php ######################################### ######## ADMIN SCRIPT HAS TO END ABOVE ######################################### } } } else { // if they have not submitted the form ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta http-equiv="Content-Style-Type" content="text/css"> <meta http-equiv="Content-Language" content="en-us"> <meta name="language" content="en-us"> <title>Backstage V1 Administration Console</title> <link rel="stylesheet" href="backstage.css" type="text/css" media="screen"> <link rel="stylesheet" href="backstage_print.css" type="text/css" media="print"> <script src="prototype.js" type="text/javascript"></script> <script src="scriptaculous.js" type="text/javascript"></script> <script type="text/javascript" src="ajax.js"></script> <link rel=stylesheet href=backstage.css type=css media=screen> <link rel=stylesheet href=backstage_print.css type=css media=print> </head> <body> <div id=login> <form method="POST" action="/other/backstage4.php"> <h1>KOW Backstage</h1> <p><label>Username:<br><input type="text" name="username" id="log" tabindex="1"></label></p> <p><label>Password:<br><input type="password" name="password" id="pwd" tabindex="2"></label></p> <p style="text-align: center;"><input type="submit" class="button" name="submit" id="submit" value="Login »" tabindex="4"></p> </form> </div> </body> </html> <?php } ?> New Code: <?php ob_start(); $host="?"; // Host name $username="?"; // Mysql username $password="?"; // Mysql password $db_name="?"; // Database name $tbl_name="?"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $myusername and $mypassword $username=$_POST['username']; $password=$_POST['password']; // To protect MySQL injection (more detail about MySQL injection) $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $username and $password, table row must be 1 row if($count==1){ // Register $username, $password and redirect to file "login_success.php" session_register("username"); session_register("password"); header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ob_end_flush(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <meta name="author" content="Jeffrey Davidson" /> <title>Backstage</title> <link rel="stylesheet" href="backstage.css" type="text/css" media="screen" /> <link rel="stylesheet" href="backstage.css" type="text/css" media="print" /> </head> <body> <form method="POST" action="http://www.kansasoutlawwrestling.com/backstage/backstage.php"> <div id="login"> <h1>Backstage</h1> <p><label>Username:<br /><input type="text" name="username" id="username" tabindex="1" /></label></p> <p><label>Password:<br /><input type="password" name="password" id="password" tabindex="2" /></label></p> <p style="text-align: center;"><input type="submit" class="button" name="submit" id="submit" value="Login »" tabindex="4" /></p> </form> </div> </body> </html> Quote Link to comment https://forums.phpfreaks.com/topic/153287-refreshing-script/ Share on other sites More sharing options...
Zane Posted April 9, 2009 Share Posted April 9, 2009 huh? Quote Link to comment https://forums.phpfreaks.com/topic/153287-refreshing-script/#findComment-805317 Share on other sites More sharing options...
Xtremer360 Posted April 9, 2009 Author Share Posted April 9, 2009 Well I lost a big script and was starting to redo it all when I stumbled upon some of it. I just need some help making the parts of my old script look like my new script so it can be inserted into the new script. Quote Link to comment https://forums.phpfreaks.com/topic/153287-refreshing-script/#findComment-805320 Share on other sites More sharing options...
Yesideez Posted April 9, 2009 Share Posted April 9, 2009 How can we do that as only you will know how your script was when you lost it. Quote Link to comment https://forums.phpfreaks.com/topic/153287-refreshing-script/#findComment-805324 Share on other sites More sharing options...
Xtremer360 Posted April 9, 2009 Author Share Posted April 9, 2009 I take that back. I did some things. Now with the user info in the database table it says that the user exist. Will someone tell me what's wrong with my code? <?php ob_start(); $host="?"; // Host name $username="?"; // Mysql username $password="?"; // Mysql password $db_name="?"; // Database name $tbl_name="?"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // To protect MySQL injection (more detail about MySQL injection) $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); // Checks login form was submitted if(isset($_POST['submit'])) { // Verifies form fields if(!$_POST['username'] || !$_POST['password']) { die('You did not fill in a required field.'); } // Define $username and $password $username=$_POST['username']; $password=$_POST['password']; $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'"; $result=mysql_query($sql); //Gives error if user dosen't exist $sql2 = mysql_num_rows($sql); if ($sql2 == 0) { die('That member does not exist in our database.'); } while($info = mysql_fetch_array( $sql )) { $password = md5(stripslashes($_POST['password'])); $info['password'] = stripslashes($info['password']); //Gives error if the password is wrong if ($pass != $info['password']) { die('Incorrect password, please try again.'); } else { // Register $username, $password and redirect to file "login_success.php" $username = stripslashes($username); $_SESSION['username'] = $username; // Finds out the user type $sql3 = "SELECT `admin` FROM $tbl_name WHERE username='$username'"; $res3 = mysql_query($sql3) or die(mysql_error()); $row = mysql_fetch_array($res3); $admin = $row['admin']; $_SESSION['admin'] = $admin; ob_end_flush(); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta http-equiv="Content-Style-Type" content="text/css"> <meta http-equiv="Content-Language" content="en-us"> <meta name="language" content="en-us"> <title>Backstage V1 Administration Console</title> <link rel="stylesheet" href="backstage.css" type="text/css" media="screen"> <link rel="stylesheet" href="backstage_print.css" type="text/css" media="print"> <script type="text/javascript"> var page = document.cookie.match(/page=[\w][\w\-\.]+;/); if(page != null) { ajaxpage("page", "content"); } else { ajaxpage("home", "content"); } </script> <link rel=stylesheet href=backstage.css type=css media=screen> <link rel=stylesheet href=backstage_print.css type=css media=print> </head> <body> <div id=container> <div class=header> <table cellpadding="0" cellspacing="0" border="0" width="95%"> <tr> <td width=110 align=center></td> <td></td> <td width=40 valign=bottom align=right> <a href="#" onclick="ajaxpage('home', 'content'); return false;">Home</a> | <a href="#" onclick="ajaxpage('logout', 'content'); return false;">Logout</a> | <a target="_blank" href="http://kansasoutlawwrestling.com/phpBB3">Forums</a></td> </tr> </table> </div> <div id=container2> <div id=nav> <?php } if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 6) { ?> <h1>Character</h1> <ul> <li><a href="#" onclick="ajaxpage('bio', 'content'); return false;">Bio</a></li> <li><a href="#" onclick="ajaxpage('allies', 'content'); return false;">Allies</a></li> <li><a href="#" onclick="ajaxpage('rivals', 'content'); return false;">Rivals</a></li> <li><a href="#" onclick="ajaxpage('quotes', 'content'); return false;">Quotes</a></li> </ul> <?php } ?> <?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 5) { ?> <h1>Submit</h1> <ul> <li><a href="#" onclick="ajaxpage('roleplay', 'content'); return false;">Roleplay</a></li> <li><a href="#" onclick="ajaxpage('news', 'content'); return false;">News</a></li> <li><a href="#" onclick="ajaxpage('match', 'content'); return false;">Match</a></li> <li><a href="#" onclick="ajaxpage('seg', 'content'); return false;">Seg</a></li> </ul> <?php } ?> <?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 4) { ?> <h1>Handler</h1> <ul> <li><a href="#" onclick="ajaxpage('directory', 'content'); return false;">Directory</a></li> </ul> <?php } ?> <?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 3) { ?> <h1>Booking</h1> <ul> <li><a href="#" onclick="ajaxpage('champions', 'content'); return false;">Champions</a></li> <li><a href="#" onclick="ajaxpage('booker', 'content'); return false;">Booker</a></li> <li><a href="#" onclick="ajaxpage('compiler', 'content'); return false;">Compiler</a></li> <li><a href="#" onclick="ajaxpage('archives', 'content'); return false;">Archives</a></li> </ul> <?php } ?> <?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 2) { ?> <h1>Fed Admin</h1> <ul> <li><a href="#" onclick="ajaxpage('handlers', 'content'); return false;">Handlers</a></li> <li><a href="#" onclick="ajaxpage('characters', 'content'); return false;">Characters</a></li> <li><a href="#" onclick="ajaxpage('applications', 'content'); return false;">Applications</a></li> <li><a href="#" onclick="ajaxpage('eventnames', 'content'); return false;">Event Names</a></li> <li><a href="#" onclick="ajaxpage('titlenames', 'content'); return false;">Title Names</a></li> <li><a href="#" onclick="ajaxpage('matchtypes', 'content'); return false;">Match Types</a></li> <li><a href="#" onclick="ajaxpage('divisions', 'content'); return false;">Divisions</a></li> <li><a href="#" onclick="ajaxpage('countries', 'content'); return false;">Arenas</a></li> </ul> <?php } ?> <?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 1) { ?> <h1>Site Admin</h1> <ul> <li><a href="#" onclick="ajaxpage('templates', 'content'); return false;">Templates</a></li> <li><a href="#" onclick="ajaxpage('content', 'content'); return false;">Content</a></li> <li><a href="#" onclick="ajaxpage('biosconfig', 'content'); return false;">Bio Configuration</a></li> <li><a href="#" onclick="ajaxpage('newscat', 'content'); return false;">News Categories</a></li> <li><a href="#" onclick="ajaxpage('menus', 'content'); return false;">Menus</a></li> </ul> <?php } ?> </div> <div id=content> </div> <div id="footer">Backstage 1 © 2009 </div> </div> </div> </body> </html> <?php ######################################### ######## ADMIN SCRIPT HAS TO END ABOVE ######################################### } } else { // if they have not submitted the form ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <meta name="author" content="Jeffrey Davidson" /> <title>Backstage</title> <link rel="stylesheet" href="backstage.css" type="text/css" media="screen" /> <link rel="stylesheet" href="backstage.css" type="text/css" media="print" /> </head> <body> <form method="POST" action="http://www.kansasoutlawwrestling.com/backstage/backstage.php"> <div id="login"> <h1>Backstage</h1> <p><label>Username:<br /><input type="text" name="username" id="username" tabindex="1" /></label></p> <p><label>Password:<br /><input type="password" name="password" id="password" tabindex="2" /></label></p> <p style="text-align: center;"><input type="submit" class="button" name="submit" id="submit" value="Login »" tabindex="4" /></p> </form> </div> </body> </html> <?php } ?> Quote Link to comment https://forums.phpfreaks.com/topic/153287-refreshing-script/#findComment-805340 Share on other sites More sharing options...
Zane Posted April 9, 2009 Share Posted April 9, 2009 This $sql2 = mysql_num_rows($sql); should be $sql2 = mysql_num_rows($result); Quote Link to comment https://forums.phpfreaks.com/topic/153287-refreshing-script/#findComment-805343 Share on other sites More sharing options...
Xtremer360 Posted April 9, 2009 Author Share Posted April 9, 2009 Changed that but no matter what I even added a few other test users and no matter what it still says "That member does not exist in our database." Quote Link to comment https://forums.phpfreaks.com/topic/153287-refreshing-script/#findComment-805350 Share on other sites More sharing options...
Zane Posted April 9, 2009 Share Posted April 9, 2009 dont use a die() statement to say that just echo it echo 'That member does not exist in our database.'; I'm not gonna guarentee that'll solve your problem, but die is meant to be used at the end of statements like mysql_query() or die("AAAAAAHHH"); EDIT ---------------- Well, I see you have one above that and the script is still getting past it....so scratch that idea. but I'd still use echo Quote Link to comment https://forums.phpfreaks.com/topic/153287-refreshing-script/#findComment-805369 Share on other sites More sharing options...
Zane Posted April 9, 2009 Share Posted April 9, 2009 Only thing I can possibly think of is that you are either selecting this on the wrong table, the user actually doesn't exist, you're mispelling something or....I'm out of ideas.....need sleep Quote Link to comment https://forums.phpfreaks.com/topic/153287-refreshing-script/#findComment-805372 Share on other sites More sharing options...
Xtremer360 Posted April 9, 2009 Author Share Posted April 9, 2009 Nope still doing it. <?php ob_start(); $host="backstage22.db.3000947.hostedresource.com"; // Host name $username="backstage22"; // Mysql username $password="Catcher05"; // Mysql password $db_name="backstage22"; // Database name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // To protect MySQL injection (more detail about MySQL injection) $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); // Checks login form was submitted if(isset($_POST['submit'])) { // Verifies form fields if(!$_POST['username'] || !$_POST['password']) { die('You did not fill in a required field.'); } // Define $username and $password $username=$_POST['username']; $password=$_POST['password']; $sql="SELECT * FROM members WHERE username='$username' and password='$password'"; $result=mysql_query($sql); //Gives error if user dosen't exist $sql2 = mysql_num_rows($result); if ($sql2 == 0) { echo('That member does not exist in our database.'); } while($info = mysql_fetch_array( $sql )) { $password = md5(stripslashes($_POST['password'])); $info['password'] = stripslashes($info['password']); //Gives error if the password is wrong if ($pass != $info['password']) { echo('Incorrect password, please try again.'); } else { // Register $username, $password and redirect to file "login_success.php" $username = stripslashes($username); $_SESSION['username'] = $username; // Finds out the user type $sql3 = "SELECT `admin` FROM members WHERE username='$username'"; $res3 = mysql_query($sql3) or die(mysql_error()); $row = mysql_fetch_array($res3); $admin = $row['admin']; $_SESSION['admin'] = $admin; ob_end_flush(); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta http-equiv="Content-Style-Type" content="text/css"> <meta http-equiv="Content-Language" content="en-us"> <meta name="language" content="en-us"> <title>Backstage V1 Administration Console</title> <link rel="stylesheet" href="backstage.css" type="text/css" media="screen"> <link rel="stylesheet" href="backstage_print.css" type="text/css" media="print"> <script type="text/javascript"> var page = document.cookie.match(/page=[\w][\w\-\.]+;/); if(page != null) { ajaxpage("page", "content"); } else { ajaxpage("home", "content"); } </script> <link rel=stylesheet href=backstage.css type=css media=screen> <link rel=stylesheet href=backstage_print.css type=css media=print> </head> <body> <div id=container> <div class=header> <table cellpadding="0" cellspacing="0" border="0" width="95%"> <tr> <td width=110 align=center></td> <td></td> <td width=40 valign=bottom align=right> <a href="#" onclick="ajaxpage('home', 'content'); return false;">Home</a> | <a href="#" onclick="ajaxpage('logout', 'content'); return false;">Logout</a> | <a target="_blank" href="http://kansasoutlawwrestling.com/phpBB3">Forums</a></td> </tr> </table> </div> <div id=container2> <div id=nav> <?php } if(isset($_SESSION['loggedin'])) { ?> <h1>Character</h1> <ul> <li><a href="#" onclick="ajaxpage('bio', 'content'); return false;">Bio</a></li> <li><a href="#" onclick="ajaxpage('allies', 'content'); return false;">Allies</a></li> <li><a href="#" onclick="ajaxpage('rivals', 'content'); return false;">Rivals</a></li> <li><a href="#" onclick="ajaxpage('quotes', 'content'); return false;">Quotes</a></li> <li><a href="#" onclick="ajaxpage('news', 'content'); return false;">News</a></li> </ul> <?php } ?> <?php if(isset($_SESSION['loggedin']) && $_SESSION['admin'] == 1) { ?> <h1>Handler</h1> <ul> <li><a href="#" onclick="ajaxpage('directory', 'content'); return false;">Directory</a></li> </ul> <?php } ?> <?php if(isset($_SESSION['loggedin']) && $_SESSION['admin'] == 1) { ?> <h1>Booking</h1> <ul> <li><a href="#" onclick="ajaxpage('champions', 'content'); return false;">Champions</a></li> <li><a href="#" onclick="ajaxpage('booker', 'content'); return false;">Booker</a></li> <li><a href="#" onclick="ajaxpage('compiler', 'content'); return false;">Compiler</a></li> <li><a href="#" onclick="ajaxpage('archives', 'content'); return false;">Archives</a></li> </ul> <?php } ?> <?php if(isset($_SESSION['loggedin']) && $_SESSION['admin'] == 1) { ?> <h1>Fed Admin</h1> <ul> <li><a href="#" onclick="ajaxpage('handlers', 'content'); return false;">Handlers</a></li> <li><a href="#" onclick="ajaxpage('characters', 'content'); return false;">Characters</a></li> <li><a href="#" onclick="ajaxpage('eventnames', 'content'); return false;">Event Names</a></li> <li><a href="#" onclick="ajaxpage('titlenames', 'content'); return false;">Title Names</a></li> <li><a href="#" onclick="ajaxpage('matchtypes', 'content'); return false;">Match Types</a></li> <li><a href="#" onclick="ajaxpage('countries', 'content'); return false;">Arenas</a></li> </ul> <?php } ?> <?php if(isset($_SESSION['loggedin']) && $_SESSION['admin'] == 1) { ?> <h1>Site Admin</h1> <ul> <li><a href="#" onclick="ajaxpage('templates', 'content'); return false;">Templates</a></li> <li><a href="#" onclick="ajaxpage('content', 'content'); return false;">Content</a></li> <li><a href="#" onclick="ajaxpage('biosconfig', 'content'); return false;">Bio Configuration</a></li> <li><a href="#" onclick="ajaxpage('newscat', 'content'); return false;">News Categories</a></li> </ul> <?php } ?> </div> <div id=content> </div> <div id="footer">Backstage 1 © 2009 </div> </div> </div> </body> </html> <?php ######################################### ######## ADMIN SCRIPT HAS TO END ABOVE ######################################### } } else { // if they have not submitted the form ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <meta name="author" content="Jeffrey Davidson" /> <title>Backstage</title> <link rel="stylesheet" href="backstage.css" type="text/css" media="screen" /> <link rel="stylesheet" href="backstage.css" type="text/css" media="print" /> </head> <body> <form method="POST" action="http://www.kansasoutlawwrestling.com/backstage/backstage.php"> <div id="login"> <h1>Backstage</h1> <p><label>Username:<br /><input type="text" name="username" id="username" tabindex="1" /></label></p> <p><label>Password:<br /><input type="password" name="password" id="password" tabindex="2" /></label></p> <p style="text-align: center;"><input type="submit" class="button" name="submit" id="submit" value="Login »" tabindex="4" /></p> </form> </div> </body> </html> <?php } ?> Quote Link to comment https://forums.phpfreaks.com/topic/153287-refreshing-script/#findComment-805666 Share on other sites More sharing options...
depojones Posted April 9, 2009 Share Posted April 9, 2009 I think it came from here http://www.phpeasystep.com/workshopview.php?id=6 Quote Link to comment https://forums.phpfreaks.com/topic/153287-refreshing-script/#findComment-805675 Share on other sites More sharing options...
mrMarcus Posted April 9, 2009 Share Posted April 9, 2009 what is this whole mess right here? $host="backstage22.db.3000947.hostedresource.com"; // Host name $username="backstage22"; // Mysql username $password="Catcher05"; // Mysql password $db_name="backstage22"; // Database name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // To protect MySQL injection (more detail about MySQL injection) $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); this isn't doing anything right here... $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); and never name your db info vars anything that you will be using in your script later on, especially don't them anything so obvious as $username and $password. don't know that it's the problem, but i could see how it could potentially be one .. you have you username and password for the db named $username and $password .. then, you redeclare $username and $password later on with some $_POST info. change your db connection vars to something you won't redeclare accidentally .. doesn't matter what they are renamed to .. could be $dsafjhasdfkh_username; and $dsafjhasdfkh_password; at least they are unique. Quote Link to comment https://forums.phpfreaks.com/topic/153287-refreshing-script/#findComment-805684 Share on other sites More sharing options...
Xtremer360 Posted April 9, 2009 Author Share Posted April 9, 2009 Same thing. This is giving me a headache. Quote Link to comment https://forums.phpfreaks.com/topic/153287-refreshing-script/#findComment-805698 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.