runnerjp Posted May 18, 2007 Share Posted May 18, 2007 hey guys ok if i have this <?php // generate a random string of numbers/letters settype($template, "string"); // you could repeat the alphabet to get more randomness $template = "1234567890abcdefghijklmnopqrstuvwxyz"; function GetRandomString($length) { global $template; settype($length, "integer"); settype($rndstring, "string"); settype($a, "integer"); settype($b, "integer"); for ($a = 0; $a <= $length; $a++) { $b = rand(0, strlen($template) - 1); $rndstring .= $template[$b]; } return $rndstring; } echo GetRandomString(30); ?> how would i add it to this code <?php function addNewUser($username, $password, $email){ $time = time(); if(strcasecmp($username, ADMIN_NAME) == 0){ $ulevel = ADMIN_LEVEL; }else{ $ulevel = USER_LEVEL; } $q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', $time,)"; return mysql_query($q, $this->connection); } ?> i have made a table called key...also would i add the code above this area?? Quote Link to comment Share on other sites More sharing options...
taith Posted May 18, 2007 Share Posted May 18, 2007 <?php function randomkeys($length){ $pattern="1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; for($i=0; $i<$length; $i++) $key.=$pattern{rand(0,61)}; return $key; } function addNewUser($username, $password, $email){ $time=time(); if(strcasecmp($username, ADMIN_NAME) == 0) $ulevel=ADMIN_LEVEL; else $ulevel=USER_LEVEL; $key=randomkeys(30); $q="INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', $time, $key)"; return mysql_query($q, $this->connection); } ?> Quote Link to comment Share on other sites More sharing options...
runnerjp Posted May 18, 2007 Author Share Posted May 18, 2007 im getting fatal error: Call to undefined function: randomkeys() in /home/runnerse/public_html/website/login/include/database.php on line 154 ill give you full code for the page <? /** * Database.php * * The Database class is meant to simplify the task of accessing * information from the website's database. * * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC) * Last Updated: August 17, 2004 */ include("constants.php"); class MySQLDB { var $connection; //The MySQL database connection var $num_active_users; //Number of active users viewing site var $num_active_guests; //Number of active guests viewing site var $num_members; //Number of signed-up users /* Note: call getNumMembers() to access $num_members! */ /* Class constructor */ function MySQLDB(){ /* Make connection to database */ $this->connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error()); mysql_select_db(DB_NAME, $this->connection) or die(mysql_error()); /** * Only query database to find out number of members * when getNumMembers() is called for the first time, * until then, default value set. */ $this->num_members = -1; if(TRACK_VISITORS){ /* Calculate number of users at site */ $this->calcNumActiveUsers(); /* Calculate number of guests at site */ $this->calcNumActiveGuests(); } } /** * confirmUserPass - Checks whether or not the given * username is in the database, if so it checks if the * given password is the same password in the database * for that user. If the user doesn't exist or if the * passwords don't match up, it returns an error code * (1 or 2). On success it returns 0. */ function confirmUserPass($username, $password){ /* Add slashes if necessary (for query) */ if(!get_magic_quotes_gpc()) { $username = addslashes($username); } /* Verify that user is in database */ $q = "SELECT password FROM ".TBL_USERS." WHERE username = '$username'"; $result = mysql_query($q, $this->connection); if(!$result || (mysql_numrows($result) < 1)){ return 1; //Indicates username failure } /* Retrieve password from result, strip slashes */ $dbarray = mysql_fetch_array($result); $dbarray['password'] = stripslashes($dbarray['password']); $password = stripslashes($password); /* Validate that password is correct */ if($password == $dbarray['password']){ return 0; //Success! Username and password confirmed } else{ return 2; //Indicates password failure } } /** * confirmUserID - Checks whether or not the given * username is in the database, if so it checks if the * given userid is the same userid in the database * for that user. If the user doesn't exist or if the * userids don't match up, it returns an error code * (1 or 2). On success it returns 0. */ function confirmUserID($username, $userid){ /* Add slashes if necessary (for query) */ if(!get_magic_quotes_gpc()) { $username = addslashes($username); } /* Verify that user is in database */ $q = "SELECT userid FROM ".TBL_USERS." WHERE username = '$username'"; $result = mysql_query($q, $this->connection); if(!$result || (mysql_numrows($result) < 1)){ return 1; //Indicates username failure } /* Retrieve userid from result, strip slashes */ $dbarray = mysql_fetch_array($result); $dbarray['userid'] = stripslashes($dbarray['userid']); $userid = stripslashes($userid); /* Validate that userid is correct */ if($userid == $dbarray['userid']){ return 0; //Success! Username and userid confirmed } else{ return 2; //Indicates userid invalid } } /** * usernameTaken - Returns true if the username has * been taken by another user, false otherwise. */ function usernameTaken($username){ if(!get_magic_quotes_gpc()){ $username = addslashes($username); } $q = "SELECT username FROM ".TBL_USERS." WHERE username = '$username'"; $result = mysql_query($q, $this->connection); return (mysql_numrows($result) > 0); } /** * usernameBanned - Returns true if the username has * been banned by the administrator. */ function usernameBanned($username){ if(!get_magic_quotes_gpc()){ $username = addslashes($username); } $q = "SELECT username FROM ".TBL_BANNED_USERS." WHERE username = '$username'"; $result = mysql_query($q, $this->connection); return (mysql_numrows($result) > 0); } /** * addNewUser - Inserts the given (username, password, email) * info into the database. Appropriate user level is set. * Returns true on success, false otherwise. */ function randomkeys($length){ $pattern="1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; for($i=0; $i<$length; $i++) $key.=$pattern{rand(0,61)}; return $key; } function addNewUser($username, $password, $email){ $time=time(); if(strcasecmp($username, ADMIN_NAME) == 0) $ulevel=ADMIN_LEVEL; else $ulevel=USER_LEVEL; $key=randomkeys(30); $q="INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', $time, $key)"; return mysql_query($q, $this->connection); } /** * updateUserField - Updates a field, specified by the field * parameter, in the user's row of the database. */ function updateUserField($username, $field, $value){ $q = "UPDATE ".TBL_USERS." SET ".$field." = '$value' WHERE username = '$username'"; return mysql_query($q, $this->connection); } /** * getUserInfo - Returns the result array from a mysql * query asking for all information stored regarding * the given username. If query fails, NULL is returned. */ function getUserInfo($username){ $q = "SELECT * FROM ".TBL_USERS." WHERE username = '$username'"; $result = mysql_query($q, $this->connection); /* Error occurred, return given name by default */ if(!$result || (mysql_numrows($result) < 1)){ return NULL; } /* Return result array */ $dbarray = mysql_fetch_array($result); return $dbarray; } /** * getNumMembers - Returns the number of signed-up users * of the website, banned members not included. The first * time the function is called on page load, the database * is queried, on subsequent calls, the stored result * is returned. This is to improve efficiency, effectively * not querying the database when no call is made. */ function getNumMembers(){ if($this->num_members < 0){ $q = "SELECT * FROM ".TBL_USERS; $result = mysql_query($q, $this->connection); $this->num_members = mysql_numrows($result); } return $this->num_members; } /** * calcNumActiveUsers - Finds out how many active users * are viewing site and sets class variable accordingly. */ function calcNumActiveUsers(){ /* Calculate number of users at site */ $q = "SELECT * FROM ".TBL_ACTIVE_USERS; $result = mysql_query($q, $this->connection); $this->num_active_users = mysql_numrows($result); } /** * calcNumActiveGuests - Finds out how many active guests * are viewing site and sets class variable accordingly. */ function calcNumActiveGuests(){ /* Calculate number of guests at site */ $q = "SELECT * FROM ".TBL_ACTIVE_GUESTS; $result = mysql_query($q, $this->connection); $this->num_active_guests = mysql_numrows($result); } /** * addActiveUser - Updates username's last active timestamp * in the database, and also adds him to the table of * active users, or updates timestamp if already there. */ function addActiveUser($username, $time){ $q = "UPDATE ".TBL_USERS." SET timestamp = '$time' WHERE username = '$username'"; mysql_query($q, $this->connection); if(!TRACK_VISITORS) return; $q = "REPLACE INTO ".TBL_ACTIVE_USERS." VALUES ('$username', '$time')"; mysql_query($q, $this->connection); $this->calcNumActiveUsers(); } /* addActiveGuest - Adds guest to active guests table */ function addActiveGuest($ip, $time){ if(!TRACK_VISITORS) return; $q = "REPLACE INTO ".TBL_ACTIVE_GUESTS." VALUES ('$ip', '$time')"; mysql_query($q, $this->connection); $this->calcNumActiveGuests(); } /* These functions are self explanatory, no need for comments */ /* removeActiveUser */ function removeActiveUser($username){ if(!TRACK_VISITORS) return; $q = "DELETE FROM ".TBL_ACTIVE_USERS." WHERE username = '$username'"; mysql_query($q, $this->connection); $this->calcNumActiveUsers(); } /* removeActiveGuest */ function removeActiveGuest($ip){ if(!TRACK_VISITORS) return; $q = "DELETE FROM ".TBL_ACTIVE_GUESTS." WHERE ip = '$ip'"; mysql_query($q, $this->connection); $this->calcNumActiveGuests(); } /* removeInactiveUsers */ function removeInactiveUsers(){ if(!TRACK_VISITORS) return; $timeout = time()-USER_TIMEOUT*60; $q = "DELETE FROM ".TBL_ACTIVE_USERS." WHERE timestamp < $timeout"; mysql_query($q, $this->connection); $this->calcNumActiveUsers(); } /* removeInactiveGuests */ function removeInactiveGuests(){ if(!TRACK_VISITORS) return; $timeout = time()-GUEST_TIMEOUT*60; $q = "DELETE FROM ".TBL_ACTIVE_GUESTS." WHERE timestamp < $timeout"; mysql_query($q, $this->connection); $this->calcNumActiveGuests(); } /** * query - Performs the given query on the database and * returns the result, which may be false, true or a * resource identifier. */ function query($query){ return mysql_query($query, $this->connection); } }; /* Create database connection */ $database = new MySQLDB; ?> Quote Link to comment Share on other sites More sharing options...
runnerjp Posted May 18, 2007 Author Share Posted May 18, 2007 why do i get Call to undefined function Quote Link to comment Share on other sites More sharing options...
taith Posted May 18, 2007 Share Posted May 18, 2007 i dunno... i didnt make it for classes... maybe thats the issue? Quote Link to comment Share on other sites More sharing options...
runnerjp Posted May 18, 2007 Author Share Posted May 18, 2007 ahhhh then would there be away round this?? Quote Link to comment Share on other sites More sharing options...
runnerjp Posted May 18, 2007 Author Share Posted May 18, 2007 in that case any 1 able to set 1 up for sessions for me lol Quote Link to comment Share on other sites More sharing options...
runnerjp Posted May 18, 2007 Author Share Posted May 18, 2007 $keylength=10; $str = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWYZ"; $max = strlen($str)-1; $key=""; for ($i=0; $i<$passwordlength; $i++){ $number = mt_rand(0,$max); $key.= substr($str,$number,1); } wud this do it?? if so how wud i add it to database is it $key=$key?? Quote Link to comment Share on other sites More sharing options...
Barand Posted May 18, 2007 Share Posted May 18, 2007 try $key = $this->randomkeys(30); Quote Link to comment Share on other sites More sharing options...
runnerjp Posted May 19, 2007 Author Share Posted May 19, 2007 no that didnt seem to work Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 19, 2007 Share Posted May 19, 2007 <?php function addNewUser($username, $password, $email){ $time=time(); if(strcasecmp($username, ADMIN_NAME) == 0) $ulevel=ADMIN_LEVEL; else $ulevel=USER_LEVEL; $key=$this->randomkeys(30); $q="INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', $time, '$key')"; return mysql_query($q, $this->connection); } ?> if this doesn't work then whats the error.. Quote Link to comment Share on other sites More sharing options...
runnerjp Posted May 19, 2007 Author Share Posted May 19, 2007 ok for some reason now what i get is my own error message :S here is file i set to give errors <?php function register($subuser, $subpass, $subemail){ global $database, $form, $mailer; //The database, form and mailer object /* Username error checking */ $field = "user"; //Use field name for username if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, "* Username not entered"); } else{ /* Spruce up username, check length */ $subuser = stripslashes($subuser); if(strlen($subuser) < 4){ $form->setError($field, "* Username below 4 characters"); } else if(strlen($subuser) > 30){ $form->setError($field, "* Username above 30 characters"); } /* Check if username is not alphanumeric */ else if(!eregi("^([0-9a-z])+$", $subuser)){ $form->setError($field, "* Username not alphanumeric"); } /* Check if username is reserved */ else if(strcasecmp($subuser, GUEST_NAME) == 0){ $form->setError($field, "* Username reserved word"); } /* Check if username is already in use */ else if($database->usernameTaken($subuser)){ $form->setError($field, "* Username already in use"); } /* Check if username is banned */ else if($database->usernameBanned($subuser)){ $form->setError($field, "* Username banned"); } } /* Password error checking */ $field = "pass"; //Use field name for password if(!$subpass){ $form->setError($field, "* Password not entered"); } else{ /* Spruce up password and check length*/ $subpass = stripslashes($subpass); if(strlen($subpass) < 4){ $form->setError($field, "* Password too short"); } /* Check if password is not alphanumeric */ else if(!eregi("^([0-9a-z])+$", ($subpass = trim($subpass)))){ $form->setError($field, "* Password not alphanumeric"); } /** * Note: I trimmed the password only after I checked the length * because if you fill the password field up with spaces * it looks like a lot more characters than 4, so it looks * kind of stupid to report "password too short". */ } /* Email error checking */ $field = "email"; //Use field name for email if(!$subemail || strlen($subemail = trim($subemail)) == 0){ $form->setError($field, "* Email not entered"); } else{ /* Check if valid email address */ $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*" ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*" ."\.([a-z]{2,}){1}$"; if(!eregi($regex,$subemail)){ $form->setError($field, "* Email invalid"); } $subemail = stripslashes($subemail); } /* Errors exist, have user correct them */ if($form->num_errors > 0){ return 1; //Errors with form } /* No errors, add the new account to the */ else{ if($database->addNewUser($subuser, md5($subpass), $subemail)){ if(EMAIL_WELCOME){ $mailer->sendWelcome($subuser,$subemail,$subpass); } return 0; //New user added succesfully }else{ return 2; //Registration attempt failed } } } ?> so im gettin return 2; //Registration attempt failed but everything worked till io added random key in...do i have to add it here in the sesisons as well ? Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 19, 2007 Share Posted May 19, 2007 ok you have a problem in the database.. change to this a display the error <?php function addNewUser($username, $password, $email){ $time=time(); if(strcasecmp($username, ADMIN_NAME) == 0) $ulevel=ADMIN_LEVEL; else $ulevel=USER_LEVEL; $key=$this->randomkeys(30); $q="INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', $time, '$key')"; $result = mysql_query($q, $this->connection) or die(mysql_error()); return $result; } ?> Quote Link to comment Share on other sites More sharing options...
runnerjp Posted May 19, 2007 Author Share Posted May 19, 2007 Column count doesn't match value count at row 1 is what i get Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 19, 2007 Share Posted May 19, 2007 you didn't add the extra field to your database! Quote Link to comment Share on other sites More sharing options...
runnerjp Posted May 19, 2007 Author Share Posted May 19, 2007 you mean $key because i have it ALTER TABLE `users` CHANGE `username` `username` VARCHAR( 30 ) CHARACTER SET latin1 COLLATE latin1_swedish_ci NOT NULL , CHANGE `password` `password` VARCHAR( 32 ) CHARACTER SET latin1 COLLATE latin1_swedish_ci NULL DEFAULT NULL , CHANGE `userid` `userid` VARCHAR( 32 ) CHARACTER SET latin1 COLLATE latin1_swedish_ci NULL DEFAULT NULL , CHANGE `userlevel` `userlevel` TINYINT( 1 ) UNSIGNED NOT NULL DEFAULT '0', CHANGE `email` `email` VARCHAR( 50 ) CHARACTER SET latin1 COLLATE latin1_swedish_ci NULL DEFAULT NULL , CHANGE `timestamp` `timestamp` INT( 11 ) UNSIGNED NOT NULL DEFAULT '0', CHANGE `status` `status` ENUM( '0', '1' ) CHARACTER SET latin1 COLLATE latin1_swedish_ci NOT NULL DEFAULT '0', CHANGE `key` `key` VARCHAR( 40 ) CHARACTER SET latin1 COLLATE latin1_swedish_ci NOT NULL Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 19, 2007 Share Posted May 19, 2007 OK well you need to add status <?php function addNewUser($username, $password, $email){ $time=time(); if(strcasecmp($username, ADMIN_NAME) == 0) $ulevel=ADMIN_LEVEL; else $ulevel=USER_LEVEL; $key=$this->randomkeys(30); $status = 1; $q="INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', $time, $status,'$key')"; $result = mysql_query($q, $this->connection) or die(mysql_error()); return $result; } ?> Quote Link to comment Share on other sites More sharing options...
runnerjp Posted May 19, 2007 Author Share Posted May 19, 2007 ok seems to be working now...i set the status to 1... how do i make it now so users without the status 1 cant login as they have not activated it!! Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 19, 2007 Share Posted May 19, 2007 Add AND status = 1 to the SQL Statment on the login script Quote Link to comment Share on other sites More sharing options...
runnerjp Posted May 19, 2007 Author Share Posted May 19, 2007 it didnt work function procLogin(){ global $session, $form; /* Login attempt */ $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember'])); AND status = 1 /* Login successful */ if($retval){ header("Location: loggedin.php"); } /* Login failed */ else{ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ".$session->referrer); } } [code] [/code] Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 19, 2007 Share Posted May 19, 2007 please tell me that was a joke!!! Add AND status = 1 to the SQL Statment on the login script Quote Link to comment Share on other sites More sharing options...
runnerjp Posted May 19, 2007 Author Share Posted May 19, 2007 sorry but i dont under stand how im suppose to add it in here :S <? php function login($subuser, $subpass, $subremember){ global $database, $form; //The database and form object /* Username error checking */ $field = "user"; //Use field name for username if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, "* Username not entered"); } else{ /* Check if username is not alphanumeric */ if(!eregi("^([0-9a-z])*$", $subuser)){ $form->setError($field, "* Username not alphanumeric"); } } /* Password error checking */ $field = "pass"; //Use field name for password if(!$subpass){ $form->setError($field, "* Password not entered"); } /* Return if form errors exist */ if($form->num_errors > 0){ return false; } /* Checks that username is in database and password is correct */ $subuser = stripslashes($subuser); $result = $database->confirmUserPass($subuser, md5($subpass)); /* Check error codes */ if($result == 1){ $field = "user"; $form->setError($field, "* Username not found"); } else if($result == 2){ $field = "pass"; $form->setError($field, "* Invalid password"); } /* Return if form errors exist */ if($form->num_errors > 0){ return false; } /* Username and password correct, register session variables */ $this->userinfo = $database->getUserInfo($subuser); $this->username = $_SESSION['username'] = $this->userinfo['username']; $this->userid = $_SESSION['userid'] = $this->generateRandID(); $this->userlevel = $this->userinfo['userlevel']; /* Insert userid into database and update active users table */ $database->updateUserField($this->username, "userid", $this->userid); $database->addActiveUser($this->username, $this->time); $database->removeActiveGuest($_SERVER['REMOTE_ADDR']); ?> Quote Link to comment Share on other sites More sharing options...
runnerjp Posted May 19, 2007 Author Share Posted May 19, 2007 could i do something like...if ($status == "1") == 0 else echo "you need to authenticate your email address"; is that right? Quote Link to comment Share on other sites More sharing options...
runnerjp Posted May 20, 2007 Author Share Posted May 20, 2007 *bump* Quote Link to comment Share on other sites More sharing options...
neel_basu Posted May 20, 2007 Share Posted May 20, 2007 You are passing a SQL command to your MySQL database to check wheather the user name and Password is valid ?? Post that SQL. It would be in mysql_query('................'). Post that. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.