Jump to content

Recommended Posts

Hi

I have this code, and i want to check a member's password:

//validating credit password
$select = "SELECT member_id FROM smf_themes WHERE idmember_ = '{$_POST['memberid']}' and credits = '{$_POST['creditpass']}'";
$result = mysql_query($select, $con); 
$row = mysql_fetch_array($result);

if(mysql_num_rows($result) != 1); //if member id and creditpass didn't match do:
{
echo  "An error occured: <br /> Your member id and/or creditpassword didn't match. Please try again";

die();

}

So when executing the code, i get this


Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/*/public_html/lunarhosting.org/initiate_transfer.php on line 18

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/*/public_html/lunarhosting.org/initiate_transfer.php on line 20
An error occured:
Your member id and/or creditpassword didn't match. Please try again

I don't know if i use the right stuff in the code, i just looked at some old code i had, a decided to use it :P

 

In case you need entire code:

<p>Transfer resaults:</p>
<?php

//connect to base1 server
$con = mysql_connect("localhost","nulledto_admin","deCheepiji");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
//select the smf database
mysql_select_db("nulledto_smf", $con);

// Let's validate all the fields

//validating credit password
$select = "SELECT member_id FROM smf_themes WHERE idmember_ = '{$_POST['memberid']}' and credits = '{$_POST['creditpass']}'";
$result = mysql_query($select, $con); 
$row = mysql_fetch_array($result);

if(mysql_num_rows($result) != 1); //if member id and creditpass didn't match do:
{
echo  "An error occured: <br /> Your member id and/or creditpassword didn't match. Please try again";

die();

}

//Let's see if the user tries to cheat by inserting other stuff into the transfer amount other than positive numbers.
	//This has been done by limiting the allowed characters in the form to 2 (two)

//Let's see if the user tries to cheat by transferring more credits than he got.
	//Get users total points

$select = "SELECT points FROM smf_members WHERE id_member = '{$_POST['memberid']}' and credits = '{$_POST['creditpass']}'";
$result = mysql_query($select, $con); 
$row = mysql_fetch_array($result);

if ("'{$_POST['creditsamount']}' > (mysql_num_rows($result)")
{
echo  "An error occured: <br /> Are you trying to cheat? You do not have enough points to do this!";

die();

}


//Make sure whmcs email exists
	//select whmcs db
	mysql_select_db("nulledto_whmcs", $con);

//now let's get on with the email

$select = "SELECT email FROM tblcients WHERE email = '{$_POST['whmcsemail']}'";
$result = mysql_query($select, $con); 
$row = mysql_fetch_array($result);


if(mysql_num_rows($result) != 1); //if member id and creditpass didn't match do:
{
echo  "An error occured: <br /> The entered email does not exists. Have you registered?";

die();

}

//Is the member banned from using points?
	//select the db
	mysql_select_db("nulledto_smf", $con);
//go back and check

$select = "SELECT credits2 FROM smf_themes WHERE id_member = '{$_POST['memberid']}'";
$result = mysql_query($select, $con); 
$row = mysql_fetch_array($result);


if(mysql_num_rows($result) != Active); //if member is not an active user of credits do:
{
echo  "An error occured: <br /> You are currently banned/suspended from the credit service. Contact MT if this is a mistake.";

die();

}


//DONE!! Start the transfer!
	// Remove the credits from smf first

	mysql_query("INSERT INTO smf_members WHERE id_member = '{$_POST['memberid']}'
(points) VALUES('{$_POST['creditsamount']}' ) ") 
or die(mysql_error());  



//	mysql_query("INSERT INTO points FROM smf_members WHERE id_member = '{$_POST['memberid']}'"
//	VALUES ('{$_POST['creditsamount']}');

		//Select whmcs database
		mysql_select_db("nulledto_whmcs", $con);

	// Insert the credits to whmcs
		//select the whmcs client id using the email
		$select = "SELECT id FROM tblclients WHERE email = '{$_POST['whmcsemail']}'";
		$result = mysql_query($select, $con); 
		$row = mysql_fetch_array($result);

		//k, we got the id, let's make it a storage-able variable so we can use it later on.
		$whmcsid = $row = mysql_fetch_array($result); 



//mysql_query("INSERT INTO Persons (FirstName, LastName, Age)
//VALUES ('Peter', 'Griffin', '35')");
//Just some test stuff, should be removed before finaly upload.


		mysql_query("INSERT INTO tblcredits (clientid, date, description, amount) VALUES($whmcsid, testdate, Automatic insert by point system, '{$_POST['creditsamount']}' ) ") 
or die(mysql_error()); 

//	$insert = "INSERT INTO points FROM smf_members WHERE id_member = '{$_POST['memberid']}'"
//	VALUES ($whmcsid);

?>

Please note i use the entire code mainly for myself so it can be a bit hard to understand it ^^

Link to comment
https://forums.phpfreaks.com/topic/163480-password-check/
Share on other sites

Ah.. great.. seems like i made a typo in one of the rows lol..

Any way, i now get this:

An error occured:

Your member id and/or creditpassword didn't match. Please try again

 

Even that my id and passwords are correct. :S should i

change if(mysql_num_rows($result) != 1);

to =! 1 or.. ?

Thank you so much for your help so far :D

Link to comment
https://forums.phpfreaks.com/topic/163480-password-check/#findComment-862595
Share on other sites

try these changes, to get a bit of debug info

   //validating credit password
$select = "SELECT member_id FROM smf_themes WHERE idmember_ = '{$_POST['memberid']}' and credits = '{$_POST['creditpass']}'";
$result = mysql_query($select, $con) or die($select.mysql_error()); //update
$row = mysql_fetch_array($result);
//debug
echo "SQL: $select<br />/n";
var_dump($row);
//end debug
if(mysql_num_rows($result) > 0); //if member id and creditpass didn't match do:
{
echo  "An error occured: <br /> Your member id and/or creditpassword didn't match. Please try again";

die();

}

Link to comment
https://forums.phpfreaks.com/topic/163480-password-check/#findComment-862612
Share on other sites

I figured out the error where longer down :D

Any way, i'm not sure that i know the true/false arguments, because now it says that i don't have enough points even that i have it ^^

 

//Let's see if the user tries to cheat by transferring more credits than he got.
	//Get users total points

$select = "SELECT points FROM smf_members WHERE id_member = '{$_POST['memberid']}'";
$result = mysql_query($select, $con) or die($select.mysql_error()); 
$row = mysql_fetch_array($result);

if ("'{$_POST['creditsamount']}' > (mysql_num_rows($result)")
{
echo  "An error occured: <br /> Are you trying to cheat? You do not have enough points to do this!";

die();

}

 

Any way, this script is supposed to transfer points from one place to another, so when i subtract the points can i then insert something like this:

 

	mysql_query("INSERT INTO smf_members WHERE id_member = '{$_POST['memberid']}'
(points) VALUES('-{$_POST['creditsamount']}' ) ") //can i make a - sign here?
or die(mysql_error());  

Link to comment
https://forums.phpfreaks.com/topic/163480-password-check/#findComment-862679
Share on other sites

this line

if ("'{$_POST['creditsamount']}' > (mysql_num_rows($result)")

doesn't make any sense!

 

or this one!

mysql_query("INSERT INTO smf_members WHERE id_member = '{$_POST['memberid']}'
(points) VALUES('-{$_POST['creditsamount']}' ) ") //can i make a - sign here?
or die(mysql_error());  

make what sign ?

Link to comment
https://forums.phpfreaks.com/topic/163480-password-check/#findComment-862817
Share on other sites

this line

if ("'{$_POST['creditsamount']}' > (mysql_num_rows($result)")

doesn't make any sense!

 

or this one!

mysql_query("INSERT INTO smf_members WHERE id_member = '{$_POST['memberid']}'
(points) VALUES('-{$_POST['creditsamount']}' ) ") //can i make a - sign here?
or die(mysql_error());  

make what sign ?

First, well if the creditsamount is bigger than the amount of credits users has on his account, the script should die

 

The - sign. So i can "subtract" credits from a users account.

Link to comment
https://forums.phpfreaks.com/topic/163480-password-check/#findComment-862820
Share on other sites

// always sanitize your data to prevent injection attacks
$id=addslashes($_POST['memberid']);
$cp=addslashes($_POST['creditpass']);
// limit your query to make it faster
$select = "SELECT member_id FROM smf_themes WHERE idmember_ = '$id' and credits = '$cp' LIMIT 1";
$result = mysql_query($select, $con);
// if nothing was found num rows will be zero.
if(mysql_num_rows($result)==0) { //if member id and creditpass didn't match do:
  echo  "An error occured: <br /> Your member id and/or creditpassword didn't match. Please try again";
  die();
}
// don't try to fetch until you know there's something to fetch.
$row = mysql_fetch_array($result);

Link to comment
https://forums.phpfreaks.com/topic/163480-password-check/#findComment-862853
Share on other sites

Thanks for your great help. I'm still a new programmer ^.^ only one way to go i guess :D

 

Still for my other issue

$select = "SELECT points FROM smf_members WHERE id_member = '{$_POST['memberid']}'";
$result = mysql_query($select, $con) or die($select.mysql_error()); 
$row = mysql_fetch_array($result);

Here i want to check how many points the given member has.

 

if ("'{$_POST['creditsamount']}' > (mysql_num_rows($result)")
{
echo  "An error occured: <br /> Are you trying to cheat? You do not have enough points to do this!";

die();

}

So if the entered amount is bigger than the amount of the member has then die.

Still am i allowed to put a minus?

Link to comment
https://forums.phpfreaks.com/topic/163480-password-check/#findComment-862860
Share on other sites

if ("'{$_POST['creditsamount']}' > (mysql_num_rows($result)")

 

can be written as

 

if ($_POST['creditsamount'] > mysql_num_rows($result))

 

but it still doesn't make much sense.

 

$id=addslashes($_POST['memberid']);
$select = "SELECT points FROM smf_members WHERE id_member = '$id' LIMIT 1";
// or trigger_error() is better than or die().
$result = mysql_query($select, $con) or die($select.mysql_error());
list($points) = mysql_fetch_row($result);

 

will get you the number of points.  if you're trying to credit their account then you probably want to have something like

 

$select = "SELECT points FROM `smf_members` WHERE id_member='$mid' LIMIT 1";
// or trigger_error() is better than or die().
$result = mysql_query($select, $con) or die($select.mysql_error());
list($points) = mysql_fetch_row($result);

$select = "SELECT cost FROM `smf_actions` WHERE action_id='$aid' LIMIT 1";
// or trigger_error() is better than or die().
$result = mysql_query($select, $con) or die($select.mysql_error());
list($cost) = mysql_fetch_row($result);

if($cost>$points) {
  echo "You don't have enough points to do that!";
} else {
  $new_points=$points-$cost;
  $select = "UPDATE `smf_members` SET points='$new_points' WHERE id_member='$mid' LIMIT 1";
  // or trigger_error() is better than or die().
  mysql_query($select, $con) or die($select.mysql_error());

  echo "Done!  You now have $new_points points.";
}

 

This lets you adjust the cost of various things through the database and it prevents some clever hacker from sending in a bad POST with a funny creditsamount.

Link to comment
https://forums.phpfreaks.com/topic/163480-password-check/#findComment-862866
Share on other sites

Hi

I'm not trying to credit their account.

It's just like bank transaction. The users transfers credits for one account to another.

So i need to check that when the user transfer credits to another account, that they wont transfer more credits than they already have, as the account they are transferring to is owned by themselves.

 

Could you explain your code further? I'm glad you helped and even fixed everything for me lol, but i would like to understand what's actually going on. I dont post here to get free programming :D

Thank you so much in advance.

Link to comment
https://forums.phpfreaks.com/topic/163480-password-check/#findComment-862907
Share on other sites

I guess i'd better explain all of it.

I wanner run a post to host forum, and i want to use smf (forum software) and whmcs (billing software) to do this. There's no actual bridge or module for whmcs to check posts on a forum, so i decided to use the built-in credit system, and integrate that with the credit system in smf.

So when you make post you get one credit on the forum.

When the user orders a package it costs xx credits, however the user needs the credits on the whmcs, not smf. So this script is transferring credits from smf to whmcs.

 

I use several tables.

I have a smf_member table to check how many points the user has i has smf_themes to check if the user is banned from the system, and to check the credit password.

I have tblclient to check if the whmcs email is correct, and to get the whmcs client id.

Then atleast i have the table tblcredits where i must put the whmcs client id, and the amount of credits the user should have. (it creates a new row every time credits are added, however it's okay.. script is encoded, and i just want something functional to start with ^^)

 

Hope that clear things out a bit :D

Link to comment
https://forums.phpfreaks.com/topic/163480-password-check/#findComment-862971
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.