Jump to content

NEED hellp this is a private convo!

stefpretty

By stefpretty
in PHP Coding Help

 Share

Recommended Posts

Akira Member

Akira

Posted
Posted
[!--quoteo(post=362048:date=Apr 5 2006, 11:17 PM:name=stefpretty)--][div class=\'quotetop\']QUOTE(stefpretty @ Apr 5 2006, 11:17 PM) [snapback]362048[/snapback][/div][div class=\'quotemain\'][!--quotec--]
well im a newbie lol btw how do u intergrate ure html and php together and use a html template and the php script just prints content onto main section and keeps rest same?
[/quote]

you can use html in .php files if thats what your asking. And the middle section in php can be genarated from a database to keep the content dynamic...

maybe you should buy a book for the basics of php? or do some online tutorials
Link to comment
Share on other sites
stefpretty Newbie

stefpretty

Posted
  • Author
Posted
cheers ye i knew u cud put html in but i wanna make snipits of html files and give them names like header etc can i just unclude them where appropriate and use css to give backgrounds to where the php prints?
ALSO

i have a problem with my php scripts......

i get this message when i try to register.... [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 4[/quote] silly thing is there is nothing on line 4 in registerun.php
Link to comment
Share on other sites
stefpretty Newbie

stefpretty

Posted
  • Author
Posted
Another issue i just discovered is this when i try to login.....[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Parse error: parse error, unexpected $ in /home/fsuk/public_html/bla/login.php on line 47[/quote]

the thing is on line 47 i have [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]?>[/quote]
Link to comment
Share on other sites
Akira Member

Akira

Posted
Posted
[!--quoteo(post=362176:date=Apr 6 2006, 12:56 PM:name=stefpretty)--][div class=\'quotetop\']QUOTE(stefpretty @ Apr 6 2006, 12:56 PM) [snapback]362176[/snapback][/div][div class=\'quotemain\'][!--quotec--]
cheers ye i knew u cud put html in but i wanna make snipits of html files and give them names like header etc can i just unclude them where appropriate and use css to give backgrounds to where the php prints?
ALSO

i have a problem with my php scripts......

i get this message when i try to register.... silly thing is there is nothing on line 4 in registerun.php
[/quote]

you can include php files ( with your html in it ) at a location which you decide with the function:
include(); .. so like include('include/info.php');

in the main file you can include your CSS will will style all other included php files.

for the SQL, can you post it? probally your missing a } somewhere or your not ending your SQL the rigjt way.. SQL="SELECT * FROM lol";


[!--quoteo(post=362178:date=Apr 6 2006, 01:09 PM:name=stefpretty)--][div class=\'quotetop\']QUOTE(stefpretty @ Apr 6 2006, 01:09 PM) [snapback]362178[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Another issue i just discovered is this when i try to login.....

the thing is on line 47 i have
[/quote]

also seems you didn;t close a loop or variable good.

$test; alsways end with ;
Link to comment
Share on other sites
stefpretty Newbie

stefpretty

Posted
  • Author
Posted
yup this is a buig section of code hold on........ this is from my register script!

right snipt 1 reffering to sql [code]// Enter info into the Database.

$sql = mysql_query("INSERT INTO band (username,
        password, email,  name, country, style, hist, infl, open, webs )
        VALUES('$username', '$db_password', '$email_address', '$Band_name',
        '$nationality', '$style', '$history', '$influences', '$comments','$website' ")
        or die (mysql_error());

if(!$sql){[/code]

snippet 2 this is checking to see if email or username alredy exists....
[code]$sql_email_check = mysql_query("SELECT email FROM band
             WHERE email='$email_address'");
$sql_username_check = mysql_query("SELECT username FROM band
             WHERE username='$username'");

$email_check = mysql_num_rows($sql_email_check);
$username_check = mysql_num_rows($sql_username_check);[/code]

ONly other thing i cud think this is erroring about is [code]include ("db.php");[/code] this file....? hmmm

oh also after registerring it has an aut email.... heres the code i cud have missed something on tht?
[code]if(!$sql){
    echo 'There has been an error creating your account. Please contact the webmaster.';
} else {
    $userid = mysql_insert_id();
  
    $subject = "Your Membership at MyWebsite!";
    $message = "Dear $name,
    Thank you for registering at our website, http://www.thebandcentral.com!
    

    Username: $username
    Password: $random_password
    <b>PLEASE LOG IN AND CHANGE YOUR PASSWORD</b>
    Thanks!
    The Webmaster
    
    This is an automated response, please do not reply!";
    
    mail($email_address, $subject, $message,
        "From: The Band Central Webmaster<s.pretty1@btinternet.com>;
    echo 'Your membership information has been mailed to your email address!
     Please check it and follow the directions!';
}

?> [/code]
thts the full last section!!
Link to comment
Share on other sites
Akira Member

Akira

Posted
Posted
well, first of all, the include("db.php"); should be


[code]include('db.php'); [/code]

and your SQL satement is incorrect, just do it like this, easier:

[code]$sql = mysql_query("INSERT INTO band SET username='$username', password='$db_password'");[/code]

and add rest of the fields and values :)
try it again with these changes

and for the Email.
remember that gives "enters" in de code will not give "enters" in parsed html. Always use <br> or <P>

[code]Thank you for registering at our website, http://www.thebandcentral.com!<br><br>
    

    Username: $username<br>
    Password: $random_password<br>[/code]

and so on
Link to comment
Share on other sites
stefpretty Newbie

stefpretty

Posted
  • Author
Posted
right thankyou for all your help but its still doing the [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Parse error: parse error, unexpected $ in /home/fsuk/public_html/bla/registerun.php on line 132[/quote]
with this code...
[code]<?
$username = $_POST['user'];
$nationality = $_POST['prov'];
$email_address = $_POST['email'];
$Band_name = $_POST['bname'];
$style = $_POST['style'];
$History = $_POST['hist'];
$Influences = $_POST['infl'];
$comments = $_POST['open'];
$website = $_POST['webs'];
include ('db.php');

// Define post fields into simple variables

/* Let's strip some slashes in case the user entered
any escaped characters. */

$username = stripslashes($username);
$nationality = stripslashes($nationality);
$email_address = stripslashes($email_address);
$Band_name = stripslashes($Band_name);
$style = stripslashes($style);
$History = stripslashes($hsitory);
$influences = stripslashes($influences);
$comments = stripslashes($comments);
$website = stripslashes($website);
/* Do some error checking on the form posted fields */

if((!$username) || (!$email_address)){
    echo 'You did not submit the following required information! <br />';
    if(!$username){
        echo "Username is a required field. Please enter it below.(must be unique)<br />";
    }
  
    if(!$email_address){
        echo "Email Address is a required field. Please enter it below.";
    }
    
   // if(!$Band_name){
   //     echo "Desired Band Name is a required field. Please enter it below.<br />";      || (!$Band_name)
   // }
    include 'register.php'; // Show the form again!
    /* End the error checking and if everything is ok, we'll move on to
     creating the user account */
    exit(); // if the error checking has failed, we'll exit the script!
}
    
/* Let's do some checking and ensure that the user's email address or username
does not exist in the database */

$sql_email_check = mysql_query("SELECT email FROM band
             WHERE email='$email_address'");
$sql_username_check = mysql_query("SELECT username FROM band
             WHERE username='$username'");

$sql = mysql_query("INSERT INTO band SET username='$username', password='$db_password'");

$email_check = mysql_num_rows($sql_email_check);
$username_check = mysql_num_rows($sql_username_check);

if(($email_check > 0) || ($username_check > 0)){
     echo "Please fix the following errors: <br />";
     if($email_check > 0){
         echo "<strong>Your email address has already been used by another member
         in our database. Please submit a different Email address!<br />";
         unset($email_address);
     }
     if($username_check > 0){
         echo "The username you have selected has already been used by another member
          in our database. Please choose a different Username!<br />";
         unset($username);
     }
     include 'register.php'; // Show the form again!
     exit();  // exit the script so that we do not create this account!
}

/* Everything has passed both error checks that we have done.
It's time to create the account! */

/* Random Password generator.
http://www.phpfreaks.com/quickcode/Random_Password_Generator/56.php

We'll generate a random password for the
user and encrypt it, email it and then enter it into the db.
*/

function makeRandomPassword() {
  $salt = "abchefghjkmnpqrstuvwxyz0123456789";
  srand((double)microtime()*1000000);
      $i = 0;
      while ($i <= 7) {
            $num = rand() % 33;
            $tmp = substr($salt, $num, 1);
            $pass = $pass . $tmp;
            $i++;
      }
      return $pass;
}

$random_password = makeRandomPassword();

$db_password = md5($random_password);

// Enter info into the Database.

$sql = mysql_query("INSERT INTO band SET username='$username', password='$db_password', name='$Band_Name', country='$nationality', email='$email_address', style='$style', hist='$history', infl='$influences', open='$comments', webs='$website'");

if(!$sql){
    echo 'There has been an error creating your account. Please contact the webmaster.';
} else {
    $userid = mysql_insert_id();
  
    $subject = "Your Membership at MyWebsite!";
    $message = "Dear $name,
    Thank you for registering at our website, http://www.thebandcentral.com!<br><br>
    

    Username: $username<br>
    Password: $random_password<br>
    <b>PLEASE LOG IN AND CHANGE YOUR PASSWORD</b>
    Thanks!<br>
    The Webmaster<br>
    
    This is an automated response, please do not reply!";
    
    mail($email_address, $subject, $message,
        "From: The Band Central Webmaster<s.pretty1@btinternet.com>;
    echo 'Your membership information has been mailed to your email address!
     Please check it and follow the directions!';
}

?> [/code]

also can you check this script..... for login its giving sam message for last line too....[code]<?php
session_start();
header("Cache-control: private");
$user = $_POST['user'];
$pass = $_POST['pass'];
include('db.php');
// checkin if the user exists
$sql_user_check = "SELECT * FROM users WHERE username='$user'";
$result_name_check = mysql_query($sql_user_check);
$usersfound = mysql_num_rows($result_name_check);
// if user not found, note that and end
if ($usersfound < 1) {
    $error = "User $user not found.";
// if user does exist, continue with processing
} else {
    // checking if passwords match
    $sql_pass_get = "SELECT * FROM users WHERE username='$user'";
    $user_info = mysql_fetch_array(mysql_query($sql_pass_get));
    $encryptpass = $user_info['encryptpass'];
    // if doesn't match, note that and end
    if ($encryptpass != md5($pass)) {
        $error = "Invalid password.  Try again.";
    // if do match, let in and pass on info to session variables
    } else {
        $_SESSION['userid'] = $user_info['id'];
        $_SESSION['username'] = $user_info['username'];
        $_SESSION['email'] = $user_info['email'];
        $_SESSION['prov'] = $user_info['prov'];
        $_SESSION['name'] = $user_info['name'];
        $_SESSION['style'] = $user_info['style'];
        $_SESSION['hist'] = $user_info['hist'];
        $_SESSION['infl'] = $user_info['infl'];
        $_SESSION['open'] = $user_info['open'];
        $_SESSION['photo'] = $user_info['photo'];
        $_SESSION['webs'] = $user_info['webs'];
    
    }
}
if (!$_SESSION['username']) {
    if ($error) {
        echo $error;
        include("login.html");
    
} else {
    echo "<html><head><title>Welcome Back</title></head><body>Welcome back ".$_SESSION['name']."  <a href=\"settings.php\">Click here</a> to view your current settings.</body></html>";
}
?>[/code]
Link to comment
Share on other sites
Akira Member

Akira

Posted
Posted
Please review your code for missing brackets like this

[code]if (!$_SESSION['username']) {
    if ($error) {
        echo $error;
        include("login.html");
    
} else {
    echo "<html><head><title>Welcome Back</title></head><body>Welcome back ".$_SESSION['name']."  <a href=\"settings.php\">Click here</a> to view your current settings.</body></html>";
}[/code]

in this code, your second IF statement hasn;t got a closing bracket

[code]if (!$_SESSION['username']) {
    if ($error) {
        echo $error;
        include("login.html");
   }
} else {
    echo "<html><head><title>Welcome Back</title></head><body>Welcome back ".$_SESSION['name']."  <a href=\"settings.php\">Click here</a> to view your current settings.</body></html>";
}[/code]
Link to comment
Share on other sites
Akira Member

Akira

Posted
Posted
[!--quoteo(post=362212:date=Apr 6 2006, 03:48 PM:name=stefpretty)--][div class=\'quotetop\']QUOTE(stefpretty @ Apr 6 2006, 03:48 PM) [snapback]362212[/snapback][/div][div class=\'quotemain\'][!--quotec--]
ohye ALMOST THERE! i sorted the problem now except it registered but still came up with error message ill check itout tjankyou for all your help!
[/quote]

hehe okidokie no problem :)

Link to comment
Share on other sites
stefpretty Newbie

stefpretty

Posted
  • Author
Posted
haha another glitch..... meh, the registration in works fine but... wht ive done is on registration u can see tht it makes arandom password then makes an encrypted password, it sends the random passwor to the user for login but puts the encryptd password on the database yes it does work... but on loging in, wht ive done is made it so once the user inputs the password it encrypts also using md5 then compares with database encrypted password but it doesnt work!!
[code] $sql_pass_get = "SELECT * FROM band WHERE username='$user'";
    $user_info = mysql_fetch_array(mysql_query($sql_pass_get));
    $password = $user_info['password'];
    // if doesn't match, note that and end
    if (md5($pass) != $password) {
        $error = "Invalid password.  Try again.";[/code]
Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted
Well really, the only thing wrong with your code is there is no error checking. Try...
[code]
$sql = "SELECT * FROM band WHERE username='$user'";
if ($result = mysql_query($sql)) {
  $user = mysql_fetch_assoc($result);
  if (md5($pass) != $user['password']) {
    $error = "Invalid password.  Try again.";
  } else {
    echo "success";
  }
} else {
  echo mysql_error();
}
[/code]
Link to comment
Share on other sites
stefpretty Newbie

stefpretty

Posted
  • Author
Posted
taht would make my sessions invalid look.. [code]<?php
session_start();
header("Cache-control: private");
$user = $_POST['user'];
$pass = $_POST['pass'];
include('db.php');
// checkin if the user exists
$sql_user_check = "SELECT * FROM band WHERE username='$user'";
$result_name_check = mysql_query($sql_user_check);
$usersfound = mysql_num_rows($result_name_check);
// if user not found, note that and end
if ($usersfound < 1) {
    $error = "User $user not found.";
// if user does exist, continue with processing
} else {
    // checking if passwords match
$sql = "SELECT * FROM band WHERE username='$user'";
if ($result = mysql_query($sql)) {
  $user = mysql_fetch_assoc($result);
  if (md5($pass) != $user['password']) {
    $error = "Invalid password.  Try again.";
  } else {
    echo "success";
  }

    // if do match, let in and pass on info to session variables
    } else {
        $_SESSION['userid'] = $user_info['id'];
        $_SESSION['username'] = $user_info['username'];
        $_SESSION['email'] = $user_info['email'];
        $_SESSION['prov'] = $user_info['prov'];
        $_SESSION['name'] = $user_info['name'];
        $_SESSION['style'] = $user_info['style'];
        $_SESSION['hist'] = $user_info['hist'];
        $_SESSION['infl'] = $user_info['infl'];
        $_SESSION['open'] = $user_info['open'];
        $_SESSION['photo'] = $user_info['photo'];
        $_SESSION['webs'] = $user_info['webs'];
    
    }
}
if (!$_SESSION['username']) {
    if ($error) {
        echo $error;
        include("login.html");[/code] thats what i got at the top half
Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted
You probably shouldn't let a user know which of there username or password failed, this can open up security holes. Without it, we can also get this all done in one query and therefore less work on the database.
[code]
<?php

  session_start();
  include 'db.php';

  if (!empty($POST['username']) && !empty($_POST['userpass'])) {
    $user = trim($_POST['username']);
    $pass = md5(trim($_POST['password']));
  } else {
    $error = "Invalid Username or Password combo!";
    include 'login.html';exit();
  }

  $sql = "SELECT * FROM band WHERE username = '$user' AND `password` = '$pass'";
  $result = mysql_query($sql) or die(mysql_error());
  if ($result) {
    $user = mysql_fetch_assoc($result);
    
    $_SESSION['userid'] = $user['id'];
    $_SESSION['username'] = $user['username'];
    $_SESSION['email']= $user['email'];
    $_SESSION['prov'] = $user['prov'];
    $_SESSION['name'] = $user['name'];
    $_SESSION['style'] = $user['style'];
    $_SESSION['hist'] = $user['hist'];
    $_SESSION['infl'] = $user['infl'];
    $_SESSION['open'] = $user['open'];
    $_SESSION['photo'] = $user['photo'];
    $_SESSION['webs'] = $user['webs'];
  
  } else {
    $error = "Invalid Username or Password combo!";
    include 'login.html';exit();
  }

?>
[/code]
Also... do you really need all that stuff in a session?
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.