Jump to content


Photo

Noobie Stuff: Very Basics Explained Easily


  • Please log in to reply
117 replies to this topic

#61 Pudgemeister

Pudgemeister
  • Members
  • PipPipPip
  • Advanced Member
  • 94 posts
  • LocationCornwall, England, UK,

Posted 05 August 2006 - 03:54 PM

HORAY! YES! THANK U THANK U THANK U!

i can now start my project!!!!!

YEHAA!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[div align="center"][a href="http://imageshack.us" target="_blank"][/a]
[/div]

#62 Pudgemeister

Pudgemeister
  • Members
  • PipPipPip
  • Advanced Member
  • 94 posts
  • LocationCornwall, England, UK,

Posted 05 August 2006 - 05:29 PM

what the hell???

it worked once for me and when my mate tried, once for him.

now whenever we try it again even with the right details-it first sais "you are logged in-click here to continue" on login.php and then on logged_in.php it sais "you are not logged in".

this is the code in the two files:

login.php

<?php
session_start();
include ("dbinfo.inc.php");

$username=$_POST['username'];
$password=$_POST['password'];

$query_1="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result_1=mysql_query($query_1) or die(mysql_error());
$num=mysql_num_rows($result_1); // returns numbers of matches found.

if ($num===0) {
    echo "Your Password And/Or Username Are Not Correct-Please Try Again <a href=\"index.php\">Here</a>";
}else {
$query_2 = "SELECT id FROM users WHERE username = '$username' AND password = '$password';";
$result_2 = mysql_query($query_2);
$num = mysql_num_rows($result_2);//the number of rows the search returns
if($num > 1){//This is to check the user exists. If there are less than 1 rows, the query found no matches
echo 'Incorrect login information';
exit;
}
$row = mysql_fetch_array($result_2); // returns the data found-hopefully. Renamed to $row to avoid confusion
$_SESSION['username'] = $num['username'];//this prevents and issues of capitilisation. MySQL is case insenstive whereas php is not. This will put the username from the database into the session.
echo 'You Are Now Logged In, Click <a href="logged_in.php">Here</a> to Gain Access To Your Account';
};
?>

logged_in.php

<?php
session_start();
if(empty($_SESSION['username'])){//if there is nothing in the session
echo 'you are not logged in';
exit;//quit the page so they cant view anything else
}else{
echo 'You Are Now Logged In';
}
?>


whats up?
[div align="center"][a href="http://imageshack.us" target="_blank"][/a]
[/div]

#63 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 05 August 2006 - 05:54 PM

I believe this:
$_SESSION['username'] = $num['username'];
is supposed to be:
$_SESSION['username'] = $row['username'];
$num was created from mysql_num_rows. mysql_num_rows doesnt return an array of the rows. Where as $row was created from mysql_fetch_array which returns an array. So it a case of using the wrong variable.

Also whoever wrote this:
//this prevents and issues of capitilisation. MySQL is case insenstive whereas php is not. This will put the username from the database into the session.
What do you mean?

#64 Pudgemeister

Pudgemeister
  • Members
  • PipPipPip
  • Advanced Member
  • 94 posts
  • LocationCornwall, England, UK,

Posted 05 August 2006 - 07:07 PM

ok i see whats going on now (what you said was correct yes)

but after i have logged in, if i close the page, and try to login again, it wil take me to login.php saying i am loged in, but then take me to logged_in.php saying im not.

how can i fix this??

i need the pages to remember im logged in, including the form page.
[div align="center"][a href="http://imageshack.us" target="_blank"][/a]
[/div]

#65 Pudgemeister

Pudgemeister
  • Members
  • PipPipPip
  • Advanced Member
  • 94 posts
  • LocationCornwall, England, UK,

Posted 05 August 2006 - 07:27 PM

ne1 know?
[div align="center"][a href="http://imageshack.us" target="_blank"][/a]
[/div]

#66 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 05 August 2006 - 07:33 PM

Looking at your login.php code, its a bit bloated. Try this:
<?php

// check username and password POST vars exists first, before continuing
if(isset($_POST['username']) && isset($_POST['password']))
{
    session_start();

    include ("dbinfo.inc.php");

    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);

    $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
    $result = mysql_query($sql) or die(mysql_error());

    // returns numbers of matches found.
    $users = mysql_num_rows($result);

    // if there was 1 result returned, user has successfully logged in
    if ($users == 1)
    {
        $row = mysql_fetch_assoc($result);

        $_SESSION['userid'] = $row['id'];
        $_SESSION['username'] = $row['username'];

        header("Redirect=5; URL=logged_in.php");

        echo "You are logged in! You\'ll be automatically redirected in 5 secounds. ";
        echo 'Or click <a href="logged_in.php">here</a> if you are impatient';
    }
    // user was not logged in, username/password combo incorrect
    else
    {
        echo 'Your Password and/or Username are incorrect<br />Please try agin<br /><br /><a href="index.php">Here</a>';
    }
}
else
{
    die("You have either come to this page in error or you did not fill in the login form!");
}

?>


#67 Pudgemeister

Pudgemeister
  • Members
  • PipPipPip
  • Advanced Member
  • 94 posts
  • LocationCornwall, England, UK,

Posted 05 August 2006 - 08:13 PM

WOW WTF!?

ok im a noob and i dont understand whats happened but it seems like ive been logged into the entire folder now! which...IS SOOO GD!!!! FURTHER THAN I EVER EXPECTED TO GET BY NOW!!

THANK U VERY MUCH :D:D:D:D:D:D:D:D:D
[div align="center"][a href="http://imageshack.us" target="_blank"][/a]
[/div]

#68 Pudgemeister

Pudgemeister
  • Members
  • PipPipPip
  • Advanced Member
  • 94 posts
  • LocationCornwall, England, UK,

Posted 10 August 2006 - 07:51 AM

Hi Again All.

I Need To Know How To Send Data Through The Links And Addresses In My Site And Have The Information Envrypted But Be Able To Decrypt It On The Pages I Need To Use It.

on this page i want to send the username and password through variables in the address while keeping them encrypted.

login.php:

<?php

// check username and password POST vars exists first, before continuing
if(isset($_POST['username']) && isset($_POST['password']))
{
    session_start();

    include ("dbinfo.inc.php");

    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);
		$encrypted_un = crypt($username);
		$encrypted_pw = crypt($password);

    $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
    $result = mysql_query($sql) or die(mysql_error());

    // returns numbers of matches found.
    $users = mysql_num_rows($result);

    // if there was 1 result returned, user has successfully logged in
    if ($users == 1)
    {
        $row = mysql_fetch_assoc($result);

        $_SESSION['userid'] = $row['id'];
        $_SESSION['username'] = $row['username'];

        header("Redirect=5; URL=logged_in.php");

        echo "You are logged in! You'll be automatically redirected in 5 secounds. ";
        echo 'Or click <a href="island_home.php?un=$encrypted_un&pw=$encrypted_pw">here</a> if you are impatient';
    }
    // user was not logged in, username/password combo incorrect
    else
    {
        echo 'Your Password and/or Username are incorrect<br />Please try agin<br /><br /><a href="index.php">Here</a>';
    }
}
else
{
    die("You have either come to this page in error or you did not fill in the login form!");
}

?>


and in this file i want to be able to pull the encrypted username and password from the address, decrypt them, and make them into variables again in this file for more simple use throughout the file.

island_home.php:

<?php
session_start();
if(empty($_SESSION['username'])){//if there is nothing in the session
echo 'You are not logged in.';
exit;//quit the page so they cant view anything else
}else{
echo 'Welcome To Island Home Base';
}
?>

i have had a bash at doign it but not had any success.
the code for everything else works but i dont understand what the mysql_real_escape_string, and mysql_fetch_assoc functions are-if they could be explained it would be helpful also.

cheers

Pudgemeister
[div align="center"][a href="http://imageshack.us" target="_blank"][/a]
[/div]

#69 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 10 August 2006 - 09:00 AM

why crypt username you an also not decrypt read the manual ok.
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#70 Pudgemeister

Pudgemeister
  • Members
  • PipPipPip
  • Advanced Member
  • 94 posts
  • LocationCornwall, England, UK,

Posted 10 August 2006 - 09:12 AM

well-put it this way.

I need the username and password encrypted in the adress so they can bepulled from it and used.

how can i do that?
[div align="center"][a href="http://imageshack.us" target="_blank"][/a]
[/div]

#71 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 10 August 2006 - 09:18 AM

This is an example of a way to get you started to encode and decode ok.

I do not say that the code i have provided is safe but can be used in considration that all users are not php programmers as the code is esay to decode as you can see but a normall internet user would not no what to do to unencode this code  ok.

good luck.


<?php

echo "<br>work encoded<br>"; 

$message="this is a way to encode your php work";

$message_encoded=base64_encode($message);

echo "<br>$message_encoded<br>";


echo "<br>work decoded<br>"; 


echo base64_decode($message_encoded);

?>

Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#72 Pudgemeister

Pudgemeister
  • Members
  • PipPipPip
  • Advanced Member
  • 94 posts
  • LocationCornwall, England, UK,

Posted 10 August 2006 - 09:23 AM

thanx for that-i now need to know how to use variables (while encoded) to send them through the address so i can get them to the next page
[div align="center"][a href="http://imageshack.us" target="_blank"][/a]
[/div]

#73 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 10 August 2006 - 09:34 AM

test.php


<?php session_start();


$message="this is a way to encode your php work";


$message_encoded=base64_encode($message);

echo "<br>this has been encodded via php<br>";

echo $message_encoded;

echo "<br>";

$mess=$_SESSION['mess']=$message_encoded;

echo" <br> lets see it decoded via the link using a session.<br>";

echo"<a href='test_result.php'>get the decoded message</a>";

?>

test_result.php
<?php session_start();

echo"this message has been decoded via php <br>";

echo base64_decode($mess);

?>


Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#74 Pudgemeister

Pudgemeister
  • Members
  • PipPipPip
  • Advanced Member
  • 94 posts
  • LocationCornwall, England, UK,

Posted 10 August 2006 - 09:37 AM

umm ok not the way of taking the data through i was looking for but what the hell it does the same job lol.

cheers wil now try
[div align="center"][a href="http://imageshack.us" target="_blank"][/a]
[/div]

#75 Pudgemeister

Pudgemeister
  • Members
  • PipPipPip
  • Advanced Member
  • 94 posts
  • LocationCornwall, England, UK,

Posted 10 August 2006 - 09:44 AM

hmmmmm i dont know-id still rather have it go through the address

anyone know how to?
[div align="center"][a href="http://imageshack.us" target="_blank"][/a]
[/div]

#76 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 10 August 2006 - 09:48 AM

test.php
<?php session_start();


$message="this is a way to encode your php work";


$message_encoded=base64_encode($message);

echo "<br>this has been encodded via php<br>";

echo $message_encoded;

echo "<br>";

$mess=$_SESSION['mess']=$message_encoded;

echo" <br> lets see it decoded via the link using a session.<br>";

echo"<a href='test_result.php?decode=yes'>get the decoded message</a>";

?>
test_result.php
<?php session_start();

if($_GET['decode']=="yes"){

echo base64_decode($mess);
}
?>

Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#77 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 10 August 2006 - 09:53 AM

good enough know
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#78 scottybwoy

scottybwoy
  • Members
  • PipPipPip
  • Advanced Member
  • 532 posts
  • LocationUK

Posted 10 August 2006 - 10:10 AM

I'm new also, but I don't see why you'd want to have it going through the address as it is a massive security risk.

Think about it, if someone is reading the address bar, thay can take out the encoded string and de-crypt it then use it to log in to your restricted areas and do what they want, especially using this basic form of encryption.  Google MD5 or better SHA1 for a lesson on encrytion.  Also when there is a function you don't understand, if your using Firefox, add a php search to your bar and just copy and paste it in for a quick reference, it'll make your life and everybody that is helping you.

Also refer back to the point made in the begining of this section about using ' and "

#79 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 10 August 2006 - 10:17 AM

this was the only way i can show him how to encode and decode the other methods you said scottyboy wont decode he already use md5 get it?
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#80 Pudgemeister

Pudgemeister
  • Members
  • PipPipPip
  • Advanced Member
  • 94 posts
  • LocationCornwall, England, UK,

Posted 10 August 2006 - 04:36 PM

ummm ok thanx people (didnt mean to start a little argument but hey-its all entertainment!)

thanx for that and im now gona have a little play around with it all now-cheers.
[div align="center"][a href="http://imageshack.us" target="_blank"][/a]
[/div]




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users