novalex Posted July 24, 2009 Share Posted July 24, 2009 That generates a code (password) to users that payed in paypal, saves the pass in a MySQL DB, and then validates the pass in the db with the one the user inputs, and allows him to download the file for which he payed for, if the pass corresponds. I already have the code to generate the pass, <?php $string = "abcdefghijklmnopqrstuvwxyz0123456789"; for($i=0;$i<25;$i++){ $pos = rand(0,36); $str .= $string{$pos}; } echo $str; ?> Now i need a script to insert the generated pass in the db, and another one to validate the saved pass with the one inputed by the user, and that allows him to download the file. Quote Link to comment Share on other sites More sharing options...
tbare Posted July 24, 2009 Share Posted July 24, 2009 Here's a few functions to get you started... I dont' want to write the WHOLE thing for you (that's how you learn), but i don't mind helping out... If you need any clarification on anything, let me know, but for the most part, it should be self explanatory. You'll notice i made a slight modification to your request: Ask the user to enter email address & password. this will keep people from randomly entering a 25 character string w/ ::ahem:: only lowercase letters and numbers 0-9... I would recommend changing that to include uppercase and at least some chars... (there's a script that you can use to get you started with that on my website: http://www.wannafork.com/password.php). Again, if you need more help let me know, but try this out first... (I will also point out that the code below wasn't tested as is, but was pulled from known working code, so there may be a syntax error in there somewhere.... sorry in advance if there is...) <?php function escapeData ($data) { global $dbc; //create the connection if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); } return mysql_real_escape_string ($data, $dbc); } //end of escape_data function function fInsertPasswordIntoDB($str,$purchaserEmailAddress) { // Prepare statement to avoid SQL Injection $query = "PREPARE InsertPassword0 FROM 'INSERT INTO TableName (Password,PurchaserEmailAddress) VALUES (?,?)'"; $result = mysql_query($query) or die(mysql_error()); // Use escapedata function to additionally avoid SQL Injection $query = "set @a = '" . escapedata($str) . "'"; $result = mysql_query($query) or die(mysql_error()); $query = "set @b = '" . escapedata($purchaserEmailAddress) . "'"; $result = mysql_query($query) or die(mysql_error()); $query = "EXECUTE InsertPassword0 USING @a,@b"; $result = mysql_query($query) or die(mysql_error()); $passwordID = mysql_insert_id(); $query = "DEALLOCATE PREPARE InsertPassword0"; $resultDeallocate = mysql_query($query) or die(mysql_error()); return $passwordID; // return the ID of the password } function fCheckPassword($userEnteredPassword,$userEnteredEmailAddress) { // Prepare statement to avoid SQL Injection $query = "PREPARE CheckPassword0 FROM 'SELECT ID,Password,PurchaserEmailAddress FROM TableName WHERE Password LIKE ? AND WHERE PurchaserEmailAddress LIKE ?'"; $result = mysql_query($query) or die(mysql_error()); $query = "set @a = '" . escapedata($userEnteredPassword) . "'"; $result = mysql_query($query) or die(mysql_error()); $query = "set @b = '" . escapedata($userEnteredEmailAddress) . "'"; $result = mysql_query($query) or die(mysql_error()); $query = "EXECUTE CheckPassword0 USING @a,@b"; $result = mysql_query($query) or die(mysql_error()); $query = "DEALLOCATE PREPARE InsertPassword0"; $resultDeallocate = mysql_query($query) or die(mysql_error()); $row = mysql_fetch_array ($result, MYSQL_BOTH); return $row; } if(fCheckPassword($userEnteredPassword,$userEnteredEmailAddress) > 0) { //Download Link or whatever } ?> Quote Link to comment Share on other sites More sharing options...
novalex Posted July 24, 2009 Author Share Posted July 24, 2009 Thanks for the post. first of all, what exactly does this code do? Second, where do i input the DB name, host, pass etc? as it give me an error: Warning: mysql_query() [function.mysql-query]: Access denied for user 'novalex'@'localhost' (using password: NO) in /home/novalex/public_html/codegen.php on line 45 Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/novalex/public_html/codegen.php on line 45 Access denied for user 'novalex'@'localhost' (using password: NO) Quote Link to comment Share on other sites More sharing options...
tbare Posted July 24, 2009 Share Posted July 24, 2009 Thanks for the post. first of all, what exactly does this code do? Second, where do i input the DB name, host, pass etc? as it give me an error: Warning: mysql_query() [function.mysql-query]: Access denied for user 'novalex'@'localhost' (using password: NO) in /home/novalex/public_html/codegen.php on line 45 Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/novalex/public_html/codegen.php on line 45 Access denied for user 'novalex'@'localhost' (using password: NO) I'm sorry... i assumed you had the DB all set up and connection established... to connect to the DB, i would put this in a file not in webroot (ie, if you have /home/user/public_html for your site, put this file in /home/user/common/dbConnect.php or the like, then include ../common/dbConnect.php @ the top of the file.) <?php $dbhostname="localhost"; $dbusername="UserName"; $dbpassword="Password"; //generic pass... please don't use! $dbname="DBName"; $dbc = mysql_connect($dbhostname,$dbusername, $dbpassword) OR DIE(mysql_error()); mysql_select_db($dbname); ?> the code i provided: function 1: escapes data to reduce chance of SQL injection attacks on your DB function 2: inserts the new password and user email address into to the DB function 3: searches the DB for a row where both the email address and the password matches what was entered if() statement: says if there was at least 1 row where the inputed credentials match, display the download link or whatever.... hth Quote Link to comment Share on other sites More sharing options...
novalex Posted July 24, 2009 Author Share Posted July 24, 2009 Ok, i connected to the DB,and i also added !@#$% to the generator, but now it gives me another error: Your code is: cnllfscgprp096a!las2mhhwyYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE PurchaserEmailAddress LIKE ?' at line 1 Quote Link to comment Share on other sites More sharing options...
novalex Posted July 24, 2009 Author Share Posted July 24, 2009 Do you know what the problem is? Any way to fix that? PS sorry for double post but the edit button doesn't appear. Quote Link to comment Share on other sites More sharing options...
tbare Posted July 24, 2009 Share Posted July 24, 2009 Let me look into that for ya... (sorry for the late response... got called to a client, and just got back).. I'll post again when i get it fingered out Quote Link to comment Share on other sites More sharing options...
tbare Posted July 24, 2009 Share Posted July 24, 2009 change "AND WHERE" to just AND, so: // Prepare statement to avoid SQL Injection $query = "PREPARE CheckPassword0 FROM 'SELECT ID,Password,PurchaserEmailAddress FROM TableName WHERE Password LIKE ? AND WHERE PurchaserEmailAddress LIKE ?'"; $result = mysql_query($query) or die(mysql_error()); becomes // Prepare statement to avoid SQL Injection $query = "PREPARE CheckPassword0 FROM 'SELECT ID,Password,PurchaserEmailAddress FROM TableName WHERE Password LIKE ? AND PurchaserEmailAddress LIKE ?'"; $result = mysql_query($query) or die(mysql_error()); Quote Link to comment Share on other sites More sharing options...
novalex Posted July 24, 2009 Author Share Posted July 24, 2009 I got rid of that error, but now i have another one... Your code is: bwxn4!57narh0b6!pm3yx9uyxTable 'novalex_codegen.TableName' doesn't exist . Quote Link to comment Share on other sites More sharing options...
tbare Posted July 24, 2009 Share Posted July 24, 2009 I got rid of that error, but now i have another one... Your code is: bwxn4!57narh0b6!pm3yx9uyxTable 'novalex_codegen.TableName' doesn't exist . Did you make a table names TableName in the db? (that was the generic table name i used.) Quote Link to comment Share on other sites More sharing options...
novalex Posted July 24, 2009 Author Share Posted July 24, 2009 Ok even if i create the table TableName or i replace TableName with passes(the table i made for the codes), it gives me Your code is: jowmivlcu277ni42i3agzk2k6Unknown column 'ID' in 'field list' I think it's mocking me . Whatever i do i still get errors. Quote Link to comment Share on other sites More sharing options...
tbare Posted July 24, 2009 Share Posted July 24, 2009 hehe... do you have Columns: ID, Password, and PurchaserEmailAddress in the Table? yeah, i'm fighting another script right now that's mocking me... sendmail's FUN! Quote Link to comment Share on other sites More sharing options...
novalex Posted July 24, 2009 Author Share Posted July 24, 2009 My computer is one error away from being thrown out the window... Now that i added those three columns, it gives me Your code is: 69t3m7nkpdegqe9c341ba15pgUnknown prepared statement handler (InsertPassword0) given to DEALLOCATE PREPARE Quote Link to comment Share on other sites More sharing options...
tbare Posted July 24, 2009 Share Posted July 24, 2009 damn... missed that... change $query = "DEALLOCATE PREPARE InsertPassword0"; $resultDeallocate = mysql_query($query) or die(mysql_error()); to $query = "DEALLOCATE PREPARE CheckPassword0"; $resultDeallocate = mysql_query($query) or die(mysql_error()); in the 3rd function (the check) edit: don't throw your PC out.. then how would you learn?! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.