Jump to content

Recommended Posts

That generates a code (password) to users that payed in paypal, saves the pass in a MySQL DB, and then validates the pass in the db with the one the user inputs, and allows him to download the file for which he payed for, if the pass corresponds.

I already have the code to generate the pass,

<?php
$string = "abcdefghijklmnopqrstuvwxyz0123456789";  
for($i=0;$i<25;$i++){  
    $pos = rand(0,36);  
    $str .= $string{$pos};  
}  
echo $str;  
?> 

Now i need a script to insert the generated pass in the db, and another one to validate the saved pass with the one inputed by the user, and that allows him to download the file.

Link to comment
https://forums.phpfreaks.com/topic/167256-help-with-a-script/
Share on other sites

Here's a few functions to get you started... I dont' want to write the WHOLE thing for you (that's how you learn), but i don't mind helping out... If you need any clarification on anything, let me know, but for the most part, it should be self explanatory.

 

You'll notice i made a slight modification to your request: Ask the user to enter email address & password. this will keep people from randomly entering a 25 character string w/ ::ahem:: only lowercase letters and numbers 0-9... I would recommend changing that to include uppercase and at least some chars... (there's a script that you can use to get you started with that on my website: http://www.wannafork.com/password.php).

 

Again, if you need more help let me know, but try this out first... (I will also point out that the code below wasn't tested as is, but was pulled from known working code, so there may be a syntax error in there somewhere.... sorry in advance if there is...)

 

<?php
function escapeData ($data)

{

global $dbc; //create the connection

if (ini_get('magic_quotes_gpc'))

	{

	$data = stripslashes($data);

	}

return mysql_real_escape_string ($data, $dbc);

} //end of escape_data function

function fInsertPasswordIntoDB($str,$purchaserEmailAddress)
{
// Prepare statement to avoid SQL Injection
$query = "PREPARE InsertPassword0 FROM 'INSERT INTO TableName (Password,PurchaserEmailAddress) VALUES (?,?)'"; $result = mysql_query($query) or die(mysql_error());

// Use escapedata function to additionally avoid SQL Injection
$query = "set @a = '" . escapedata($str) . "'"; $result = mysql_query($query) or die(mysql_error());
$query = "set @b = '" . escapedata($purchaserEmailAddress) . "'"; $result = mysql_query($query) or die(mysql_error());
$query = "EXECUTE InsertPassword0 USING @a,@b"; $result = mysql_query($query) or die(mysql_error());
$passwordID = mysql_insert_id();
$query = "DEALLOCATE PREPARE InsertPassword0"; $resultDeallocate = mysql_query($query) or die(mysql_error());
return $passwordID; // return the ID of the password
}

function fCheckPassword($userEnteredPassword,$userEnteredEmailAddress)
{
// Prepare statement to avoid SQL Injection
$query = "PREPARE CheckPassword0 FROM 'SELECT ID,Password,PurchaserEmailAddress FROM TableName WHERE Password LIKE ? AND WHERE PurchaserEmailAddress LIKE ?'"; $result = mysql_query($query) or die(mysql_error());
$query = "set @a = '" . escapedata($userEnteredPassword) . "'"; $result = mysql_query($query) or die(mysql_error());
$query = "set @b = '" . escapedata($userEnteredEmailAddress) . "'"; $result = mysql_query($query) or die(mysql_error());
$query = "EXECUTE CheckPassword0 USING @a,@b"; $result = mysql_query($query) or die(mysql_error());
$query = "DEALLOCATE PREPARE InsertPassword0"; $resultDeallocate = mysql_query($query) or die(mysql_error());

$row = mysql_fetch_array ($result, MYSQL_BOTH);
return $row;
}




if(fCheckPassword($userEnteredPassword,$userEnteredEmailAddress) > 0)
	{
	//Download Link or whatever
	}
?>

Link to comment
https://forums.phpfreaks.com/topic/167256-help-with-a-script/#findComment-881962
Share on other sites

Thanks for the post. first of all, what exactly does this code do?

Second, where do i input the DB name, host, pass etc? as it give me an error:

Warning: mysql_query() [function.mysql-query]: Access denied for user 'novalex'@'localhost' (using password: NO) in /home/novalex/public_html/codegen.php on line 45

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/novalex/public_html/codegen.php on line 45
Access denied for user 'novalex'@'localhost' (using password: NO)

Link to comment
https://forums.phpfreaks.com/topic/167256-help-with-a-script/#findComment-881986
Share on other sites

Thanks for the post. first of all, what exactly does this code do?

Second, where do i input the DB name, host, pass etc? as it give me an error:

Warning: mysql_query() [function.mysql-query]: Access denied for user 'novalex'@'localhost' (using password: NO) in /home/novalex/public_html/codegen.php on line 45

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/novalex/public_html/codegen.php on line 45
Access denied for user 'novalex'@'localhost' (using password: NO)

 

I'm sorry... i assumed you had the DB all set up and connection established...

 

to connect to the DB, i would put this in a file not in webroot (ie, if you have /home/user/public_html for your site, put this file in /home/user/common/dbConnect.php or the like, then include ../common/dbConnect.php @ the top of the file.)

 

<?php
$dbhostname="localhost";
$dbusername="UserName";
$dbpassword="Password"; //generic pass... please don't use!
$dbname="DBName";

$dbc = mysql_connect($dbhostname,$dbusername, $dbpassword) OR DIE(mysql_error());
mysql_select_db($dbname);
?>

 

the code i provided:

 

function 1: escapes data to reduce chance of SQL injection attacks on your DB

function 2: inserts the new password and user email address into to the DB

function 3: searches the DB for a row where both the email address and the password matches what was entered

 

if() statement: says if there was at least 1 row where the inputed credentials match, display the download link or whatever....

 

hth

Link to comment
https://forums.phpfreaks.com/topic/167256-help-with-a-script/#findComment-881995
Share on other sites

Ok, i connected to the DB,and i also added !@#$% to the generator, but now it gives me another error:

Your code is: cnllfscgprp096a!las2mhhwyYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE PurchaserEmailAddress LIKE ?' at line 1

Link to comment
https://forums.phpfreaks.com/topic/167256-help-with-a-script/#findComment-882006
Share on other sites

change "AND WHERE" to just AND, so:

 

// Prepare statement to avoid SQL Injection
   $query = "PREPARE CheckPassword0 FROM 'SELECT ID,Password,PurchaserEmailAddress FROM TableName WHERE Password LIKE ? AND WHERE PurchaserEmailAddress LIKE ?'"; $result = mysql_query($query) or die(mysql_error());

 

becomes

 

// Prepare statement to avoid SQL Injection
   $query = "PREPARE CheckPassword0 FROM 'SELECT ID,Password,PurchaserEmailAddress FROM TableName WHERE Password LIKE ? AND PurchaserEmailAddress LIKE ?'"; $result = mysql_query($query) or die(mysql_error());

 

Link to comment
https://forums.phpfreaks.com/topic/167256-help-with-a-script/#findComment-882255
Share on other sites

damn... missed that...

 

change

$query = "DEALLOCATE PREPARE InsertPassword0"; $resultDeallocate = mysql_query($query) or die(mysql_error());

to

$query = "DEALLOCATE PREPARE CheckPassword0"; $resultDeallocate = mysql_query($query) or die(mysql_error());

 

in the 3rd function (the check)

 

edit:

don't throw your PC out.. then how would you learn?! :)

Link to comment
https://forums.phpfreaks.com/topic/167256-help-with-a-script/#findComment-882301
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.