Noobie Stuff: Very Basics Explained Easily

[redarrow]

test.php
[code]
<?php session_start();


$message="this is a way to encode your php work";


$message_encoded=base64_encode($message);

echo "<br>this has been encodded via php<br>";

echo $message_encoded;

echo "<br>";

$mess=$_SESSION['mess']=$message_encoded;

echo" <br> lets see it decoded via the link using a session.<br>";

echo"<a href='test_result.php?decode=yes'>get the decoded message</a>";

?>
[/code]
test_result.php
[code]
<?php session_start();

if($_GET['decode']=="yes"){

echo base64_decode($mess);
}
?>
[/code]

[redarrow]

good enough know

[scottybwoy]

I'm new also, but I don't see why you'd want to have it going through the address as it is a massive security risk.

Think about it, if someone is reading the address bar, thay can take out the encoded string and de-crypt it then use it to log in to your restricted areas and do what they want, especially using this basic form of encryption.  Google MD5 or better SHA1 for a lesson on encrytion.  Also when there is a function you don't understand, if your using Firefox, add a php search to your bar and just copy and paste it in for a quick reference, it'll make your life and everybody that is helping you.

Also refer back to the point made in the begining of this section about using ' and "

[redarrow]

this was the only way i can show him how to encode and decode the other methods you said scottyboy wont decode he already use md5 get it?

[Pudgemeister]

ummm ok thanx people (didnt mean to start a little argument but hey-its all entertainment!)

thanx for that and im now gona have a little play around with it all now-cheers.

[Pudgemeister]

Hi Im Back Again.

I Have Started My Little Project But Have Come Across A Little Prob While Trying To Pull Info From My Database.

I Have Changed The Names Of What I Want Pulled From Database Because I Am Keeping My project A Secret Till It's Done. (though i have made it obvious sometimes).

Here Is The Code.

project_home.php:

[code]
<?php
session_start();
if(empty($_SESSION['username']) or empty($_SESSION['id'])){//if there is nothing in the session
echo 'you are not logged in';
exit;//quit the page so they cant view anything else
}else{
$username = base64_decode($user);
$password = base64_decode($pass);
echo 'You Are Now Logged In ';
echo $username;
echo '.';
include ('dbinfo.inc.php');
$sql_1 = 'SELECT * FROM user_[b]sumthing[/b] WHERE username == $username AND password == $password';
$result_1 = mysql_query($sql_1);
$num_1 = 'mysql_num_rows($result_1)';
$row = 'mysql_fetch_assoc($result_1)';
echo '<br><a href="sumthin/summit_else.php"><img src="images/summit/summit_else.png alt="Summit Else"></a>';
echo 'Level ';
echo $row['summit_else'];
}
?>
[/code]

basically im tryin to make it so that the page displays the number in the summit_else field after level.

prob it-all it displays is "Level s"

which makes me think its echoing the s from summit_else.

ys dat?

[Guest huey4657]

This probably sounds stupid but can someone tell me what noob stands for?

[wildteen88]

Noob, n00b, newbie is slang for someone being new to something. Usually you experience this sort of slang when playing online games. This [url=http://www.urbandictionary.com/define.php?term=noob]site[/url] exlpains this word.

[Pudgemeister]

yeh soz-im a bit of a gamer-not sum gamer that stays inside al the time thouhg-i just like games-especially strategy and css :D  ROCK ON

ne1 know the answer to my prob?

[simcoweb]

Did you actually mean to or have this in your code in your SQL query?

[code][b]sumthing[/b][/code]

with the [b] tags? Or was that part of displaying it here in your post?

[Pudgemeister]

ooh lol ignore that-it aint in the actual code-forgot that was there-it was for i showed it to someone else lol

any other ideas why?

[simcoweb]

Ok, cool. So, to be perfectly clear, you stated this:

[quote]basically im tryin to make it so that the page displays the number in the summit_else field after level.

prob it-all it displays is "Level s"

which makes me think its echoing the s from summit_else.[/quote]

I can't see where it's pulling a stray 's' from but this line needs a closing " after your .png

[code]<img src="images/summit/summit_else.png alt="Summit Else">[/code]

[Pudgemeister]

thanx for that-sorted 1 prob-but i still getting the s echoed

[simcoweb]

The only logical explanation is that this query:

[code]echo $row['summit_else'];[/code]

has a field or entry with an 's' in it. Otherwise there's nothing else in your posted code that echo's an 's'.

[Pudgemeister]

there aint an m in th database

thats y im confused-there is no m to echo-anywhere!

[simcoweb]

Ok, is it an M or an S ?? Seems to change with each post  ???

[Pudgemeister]

sori

its actually an m-i was sayin s randomly


its an m-definately m sorri lol

[simcoweb]

Ok, now that we have that clear :)

I know PHP can do a lot of things. But, displaying a character without a source or some code that creates that character is not one of them. If that's all you code (meaning that there's no other parts to this that you haven't displayed) then the only reasonable solution is that your database table being called either contains an 'm' or a set of characters that the browser is interpreting as an 'm'.

Your code has these echo statements in it:

[code]
echo 'you are not logged in';

echo 'You Are Now Logged In ';
echo $username;
echo '.';

echo '<br><a href="sumthin/summit_else.php"><img src="images/summit/summit_else.png alt="Summit Else"></a>';
echo 'Level ';
echo $row['summit_else'];

[/code]

If we go through these we note that none of them have an extra 'm' in them. Unless, of course, something to do with your encryption is causing this display. But, ruling that out, all of the echo statements are very straight forward. The only one we don't know the results of is the last one summoning the $row since it comes from the database. If there's an 'm' being echoed then it has to be coming from somewhere in that table since, according to your posts, the rogue 'm' is being displayed right after the word 'Level ' which indicates the last echo statement would be the logical choice.

[Pudgemeister]

yes that is true.

ok il tell u the field that is being echoed.

it is called mining_depot

that gives my project away but its better than not avin one at al cus of this.

so it would be echo $row['mining_depot']

im going to try without encryption and see what happens-if anyone thinks of something else please say

Pudgemeister

[simcoweb]

Actually it doesn't matter the name of the field or table. The echo statement is displaying whatever it contains. And, apparently, it contains an 'm' in there somewhere. Not sure what else to tell you except echo means echo. :)

[Pudgemeister]

in the field-mining_depot-is a number "0" in this case.

it is a bigint field

seriously that is all thats there.

is it anything to do with username and password?

m,aybe its something thats being passed from an erlier file

these are ALL the files:

index.php

[code]
<?php
//Title//
echo '<center>Game Testing</center><br><br><br>';
//Register Form//
echo 'Register';
echo '<form action="register.php" method="post">';
echo 'First Name:<input type="text" name="first_name"><br>';
echo 'Last Name:<input type="text" name="last_name"><br>';
echo 'Username:<input type="text" name="username"><br>';
echo 'Password:<input type="password" name="password"><br>';
echo 'Confirm Password:<input type="password" name="password2"><br>';
echo 'E-Mail:<input type="text" name="mail"><br>';
echo 'Confirm E-Mail:<input type="text" name="mail2"><br>';
echo '<input type="Submit" value="Register Me"></form><br><br><br>';

//Login Form//
echo 'Login';
echo '<form action="login.php" method="post">';
echo 'Username:<input type="text" name="username"><br>';
echo 'Password:<input type="password" name="password"><br>';
echo '<input type="submit" value="Log In"></form>';

?>
[/code]


login.php

[code]
<?php

// check username and password POST vars exists first, before continuing
if(isset($_POST['username']) && isset($_POST['password']))
{
    session_start();

    include ("dbinfo.inc.php");

    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);

    $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
    $result = mysql_query($sql) or die(mysql_error());

    // returns numbers of matches found.
    $users = mysql_num_rows($result);

    // if there was 1 result returned, user has successfully logged in
    if ($users == 1)
    {
        $row = mysql_fetch_assoc($result);

        $_SESSION['id'] = $row['id'];
        $_SESSION['username'] = $row['username'];
$_SESSION['password'] = $row['password'];
        header("Redirect=5; URL=logged_in.php");

        echo "You are logged in! You'll be automatically redirected in 5 secounds. ";
        echo 'Or click <a href="island_home.php">here</a> if you are impatient';
    }
    // user was not logged in, username/password combo incorrect
    else
    {
        echo 'Your Password and/or Username are incorrect<br />Please try agin<br /><br /><a href="index.php">Here</a>';
    }
}
else
{
    die("You have either come to this page in error or you did not fill in the login form!");
}
?>
[/code]

island_home.php

[code]
<?php
session_start();
if(empty($_SESSION['username']) or empty($_SESSION['id']) or empty($_SESSION['password'])) {//if there is nothing in the session
echo 'you are not logged in';
exit;//quit the page so they cant view anything else
}else{
echo 'You Are Now Logged In ';
echo $username;
echo '.';
include ('dbinfo.inc.php');
$sql_1 = "SELECT * FROM user_buildings WHERE username == '$username' AND password == '$password'";
$result_1 = mysql_query($sql_1);
$num_1 = 'mysql_num_rows($result_1)';
$row = 'mysql_fetch_assoc($result_1)';
echo '<br><a href="buildings/mining_depot.php"><img src="images/buildings/mining_depot.png" alt="Mining Depot"></a>';
echo '<br>Level ';
echo $row['mining_depot'];
}
?>
[/code]

in the database table "user_buildings" are the fields "id username password mining_depot wood_farm  energy_dock  filteration_airport  research_factory  sub_terrain_war_station  land_war_station  oceanic_war_dock  war_airport"

now is there anything being passed along or anything anyone else can think of?

this is relli weird tbh (to me anyway lol)

Pudgemeister

[Pudgemeister]

ive also taken out the encryption to make sure-it still returns m

[redarrow]

what is the outcome you need palese also post the database for us and exsplain the database entrys ok.

[Pudgemeister]

ok the outcome i want is for it to echo level and then the number in the field mining_depot in the database table user_buildings

[simcoweb]

redarrow, the problem he's having is that when displaying his results to the browser there's a rogue 'm' character showing up. After staring at his posted code until i've gone blind, there's no 'echo m' anywhere. There must be an entry in his database that's causing that character to display. Especially when it's being displayed in the sequence shown:

[code]echo '<br><a href="buildings/mining_depot.php"><img src="images/buildings/mining_depot.png" alt="Mining Depot"></a>';
echo '<br>Level ';
echo $row['mining_depot'];[/code]

The results display as this:

[quote]Level  m[/quote]

The question he has is WHERE is the 'm' coming from.