Jump to content

Noobie Stuff: Very Basics Explained Easily


Pudgemeister

Recommended Posts

test.php
[code]
<?php session_start();


$message="this is a way to encode your php work";


$message_encoded=base64_encode($message);

echo "<br>this has been encodded via php<br>";

echo $message_encoded;

echo "<br>";

$mess=$_SESSION['mess']=$message_encoded;

echo" <br> lets see it decoded via the link using a session.<br>";

echo"<a href='test_result.php?decode=yes'>get the decoded message</a>";

?>
[/code]
test_result.php
[code]
<?php session_start();

if($_GET['decode']=="yes"){

echo base64_decode($mess);
}
?>
[/code]
Link to comment
Share on other sites

  • Replies 117
  • Created
  • Last Reply
I'm new also, but I don't see why you'd want to have it going through the address as it is a massive security risk.

Think about it, if someone is reading the address bar, thay can take out the encoded string and de-crypt it then use it to log in to your restricted areas and do what they want, especially using this basic form of encryption.  Google MD5 or better SHA1 for a lesson on encrytion.  Also when there is a function you don't understand, if your using Firefox, add a php search to your bar and just copy and paste it in for a quick reference, it'll make your life and everybody that is helping you.

Also refer back to the point made in the begining of this section about using ' and "
Link to comment
Share on other sites

Hi Im Back Again.

I Have Started My Little Project But Have Come Across A Little Prob While Trying To Pull Info From My Database.

I Have Changed The Names Of What I Want Pulled From Database Because I Am Keeping My project A Secret Till It's Done. (though i have made it obvious sometimes).

Here Is The Code.

project_home.php:

[code]
<?php
session_start();
if(empty($_SESSION['username']) or empty($_SESSION['id'])){//if there is nothing in the session
echo 'you are not logged in';
exit;//quit the page so they cant view anything else
}else{
$username = base64_decode($user);
$password = base64_decode($pass);
echo 'You Are Now Logged In ';
echo $username;
echo '.';
include ('dbinfo.inc.php');
$sql_1 = 'SELECT * FROM user_[b]sumthing[/b] WHERE username == $username AND password == $password';
$result_1 = mysql_query($sql_1);
$num_1 = 'mysql_num_rows($result_1)';
$row = 'mysql_fetch_assoc($result_1)';
echo '<br><a href="sumthin/summit_else.php"><img src="images/summit/summit_else.png alt="Summit Else"></a>';
echo 'Level ';
echo $row['summit_else'];
}
?>
[/code]

basically im tryin to make it so that the page displays the number in the summit_else field after level.

prob it-all it displays is "Level s"

which makes me think its echoing the s from summit_else.

ys dat?
Link to comment
Share on other sites

Ok, cool. So, to be perfectly clear, you stated this:

[quote]basically im tryin to make it so that the page displays the number in the summit_else field after level.

prob it-all it displays is "Level s"

which makes me think its echoing the s from summit_else.[/quote]

I can't see where it's pulling a stray 's' from but this line needs a closing " after your .png

[code]<img src="images/summit/summit_else.png alt="Summit Else">[/code]



Link to comment
Share on other sites

Ok, now that we have that clear :)

I know PHP can do a lot of things. But, displaying a character without a source or some code that creates that character is not one of them. If that's all you code (meaning that there's no other parts to this that you haven't displayed) then the only reasonable solution is that your database table being called either contains an 'm' or a set of characters that the browser is interpreting as an 'm'.

Your code has these echo statements in it:

[code]
echo 'you are not logged in';

echo 'You Are Now Logged In ';
echo $username;
echo '.';

echo '<br><a href="sumthin/summit_else.php"><img src="images/summit/summit_else.png alt="Summit Else"></a>';
echo 'Level ';
echo $row['summit_else'];

[/code]

If we go through these we note that none of them have an extra 'm' in them. Unless, of course, something to do with your encryption is causing this display. But, ruling that out, all of the echo statements are very straight forward. The only one we don't know the results of is the last one summoning the $row since it comes from the database. If there's an 'm' being echoed then it has to be coming from somewhere in that table since, according to your posts, the rogue 'm' is being displayed right after the word 'Level ' which indicates the last echo statement would be the logical choice.
Link to comment
Share on other sites

yes that is true.

ok il tell u the field that is being echoed.

it is called mining_depot

that gives my project away but its better than not avin one at al cus of this.

so it would be echo $row['mining_depot']

im going to try without encryption and see what happens-if anyone thinks of something else please say

Pudgemeister
Link to comment
Share on other sites

in the field-mining_depot-is a number "0" in this case.

it is a bigint field

seriously that is all thats there.

is it anything to do with username and password?

m,aybe its something thats being passed from an erlier file

these are ALL the files:

index.php

[code]
<?php
//Title//
echo '<center>Game Testing</center><br><br><br>';
//Register Form//
echo 'Register';
echo '<form action="register.php" method="post">';
echo 'First Name:<input type="text" name="first_name"><br>';
echo 'Last Name:<input type="text" name="last_name"><br>';
echo 'Username:<input type="text" name="username"><br>';
echo 'Password:<input type="password" name="password"><br>';
echo 'Confirm Password:<input type="password" name="password2"><br>';
echo 'E-Mail:<input type="text" name="mail"><br>';
echo 'Confirm E-Mail:<input type="text" name="mail2"><br>';
echo '<input type="Submit" value="Register Me"></form><br><br><br>';

//Login Form//
echo 'Login';
echo '<form action="login.php" method="post">';
echo 'Username:<input type="text" name="username"><br>';
echo 'Password:<input type="password" name="password"><br>';
echo '<input type="submit" value="Log In"></form>';

?>
[/code]


login.php

[code]
<?php

// check username and password POST vars exists first, before continuing
if(isset($_POST['username']) && isset($_POST['password']))
{
    session_start();

    include ("dbinfo.inc.php");

    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);

    $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
    $result = mysql_query($sql) or die(mysql_error());

    // returns numbers of matches found.
    $users = mysql_num_rows($result);

    // if there was 1 result returned, user has successfully logged in
    if ($users == 1)
    {
        $row = mysql_fetch_assoc($result);

        $_SESSION['id'] = $row['id'];
        $_SESSION['username'] = $row['username'];
$_SESSION['password'] = $row['password'];
        header("Redirect=5; URL=logged_in.php");

        echo "You are logged in! You'll be automatically redirected in 5 secounds. ";
        echo 'Or click <a href="island_home.php">here</a> if you are impatient';
    }
    // user was not logged in, username/password combo incorrect
    else
    {
        echo 'Your Password and/or Username are incorrect<br />Please try agin<br /><br /><a href="index.php">Here</a>';
    }
}
else
{
    die("You have either come to this page in error or you did not fill in the login form!");
}
?>
[/code]

island_home.php

[code]
<?php
session_start();
if(empty($_SESSION['username']) or empty($_SESSION['id']) or empty($_SESSION['password'])) {//if there is nothing in the session
echo 'you are not logged in';
exit;//quit the page so they cant view anything else
}else{
echo 'You Are Now Logged In ';
echo $username;
echo '.';
include ('dbinfo.inc.php');
$sql_1 = "SELECT * FROM user_buildings WHERE username == '$username' AND password == '$password'";
$result_1 = mysql_query($sql_1);
$num_1 = 'mysql_num_rows($result_1)';
$row = 'mysql_fetch_assoc($result_1)';
echo '<br><a href="buildings/mining_depot.php"><img src="images/buildings/mining_depot.png" alt="Mining Depot"></a>';
echo '<br>Level ';
echo $row['mining_depot'];
}
?>
[/code]

in the database table "user_buildings" are the fields "id username password mining_depot wood_farm  energy_dock  filteration_airport  research_factory  sub_terrain_war_station  land_war_station  oceanic_war_dock  war_airport"

now is there anything being passed along or anything anyone else can think of?

this is relli weird tbh (to me anyway lol)

Pudgemeister
Link to comment
Share on other sites

redarrow, the problem he's having is that when displaying his results to the browser there's a rogue 'm' character showing up. After staring at his posted code until i've gone blind, there's no 'echo m' anywhere. There must be an entry in his database that's causing that character to display. Especially when it's being displayed in the sequence shown:

[code]echo '<br><a href="buildings/mining_depot.php"><img src="images/buildings/mining_depot.png" alt="Mining Depot"></a>';
echo '<br>Level ';
echo $row['mining_depot'];[/code]

The results display as this:

[quote]Level  m[/quote]

The question he has is WHERE is the 'm' coming from.
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.