Overclock.net › Forums › Software, Programming and Coding › Coding and Programming › Web Coding › Need help with PHP scrpiting
New Posts  All Forums:Forum Nav:

Need help with PHP scrpiting - Page 2

post #11 of 21
Hmm well I registered, seemed to work and then got an error at https://www.my-pinup.com/index.php
Main Rig.
(14 items)
 
Battlefield 2 review.
Battlefield 2 PC Game EA
 
CPUMotherboardGraphicsRAM
Bulldozer FX4100 Gigabyte GA-M68MT-S2 MSI 7770 Kingston Hyper X | 2 x 2 GB 
Hard DriveOptical DriveCoolingOS
WD 2 TB  LiteON DVD/CD R-W Drive AMD Standard cooler Windows 7 Ultimate 
MonitorKeyboardPowerCase
32' Luxor Full HD TV Microsoft comfort curce Antec 450 Watt OcUK Value case 
MouseAudio
Microsoft wireless mouse Logitech speakers & Bass 
  hide details  
Reply
Main Rig.
(14 items)
 
Battlefield 2 review.
Battlefield 2 PC Game EA
 
CPUMotherboardGraphicsRAM
Bulldozer FX4100 Gigabyte GA-M68MT-S2 MSI 7770 Kingston Hyper X | 2 x 2 GB 
Hard DriveOptical DriveCoolingOS
WD 2 TB  LiteON DVD/CD R-W Drive AMD Standard cooler Windows 7 Ultimate 
MonitorKeyboardPowerCase
32' Luxor Full HD TV Microsoft comfort curce Antec 450 Watt OcUK Value case 
MouseAudio
Microsoft wireless mouse Logitech speakers & Bass 
  hide details  
Reply
post #12 of 21
Thread Starter 
Quote:
Originally Posted by joshd View Post

Hmm well I registered, seemed to work and then got an error at https://www.my-pinup.com/index.php

index.php does not exist its html let me fix the auto redirect

Ok fixed
Laptop
(13 items)
 
  
CPUGraphicsRAMHard Drive
Athlon-II P320 DualCore 2.1GHz AMD M880G with ATI Mobility Radeon HD 4250 3GB 250GB 
Optical DriveOSMonitorKeyboard
DVD/RW Windows 7 Home Premium 64Bit 24in 1080p Viewsonic Wireless 
Mouse
Wireless 
  hide details  
Reply
Laptop
(13 items)
 
  
CPUGraphicsRAMHard Drive
Athlon-II P320 DualCore 2.1GHz AMD M880G with ATI Mobility Radeon HD 4250 3GB 250GB 
Optical DriveOSMonitorKeyboard
DVD/RW Windows 7 Home Premium 64Bit 24in 1080p Viewsonic Wireless 
Mouse
Wireless 
  hide details  
Reply
post #13 of 21
Yeah I knew it would be something minor, I thought I'd just let you know so that's one less bug to find and fix yourself smile.gif
Main Rig.
(14 items)
 
Battlefield 2 review.
Battlefield 2 PC Game EA
 
CPUMotherboardGraphicsRAM
Bulldozer FX4100 Gigabyte GA-M68MT-S2 MSI 7770 Kingston Hyper X | 2 x 2 GB 
Hard DriveOptical DriveCoolingOS
WD 2 TB  LiteON DVD/CD R-W Drive AMD Standard cooler Windows 7 Ultimate 
MonitorKeyboardPowerCase
32' Luxor Full HD TV Microsoft comfort curce Antec 450 Watt OcUK Value case 
MouseAudio
Microsoft wireless mouse Logitech speakers & Bass 
  hide details  
Reply
Main Rig.
(14 items)
 
Battlefield 2 review.
Battlefield 2 PC Game EA
 
CPUMotherboardGraphicsRAM
Bulldozer FX4100 Gigabyte GA-M68MT-S2 MSI 7770 Kingston Hyper X | 2 x 2 GB 
Hard DriveOptical DriveCoolingOS
WD 2 TB  LiteON DVD/CD R-W Drive AMD Standard cooler Windows 7 Ultimate 
MonitorKeyboardPowerCase
32' Luxor Full HD TV Microsoft comfort curce Antec 450 Watt OcUK Value case 
MouseAudio
Microsoft wireless mouse Logitech speakers & Bass 
  hide details  
Reply
post #14 of 21
Thread Starter 
Quote:
Originally Posted by joshd View Post

Yeah I knew it would be something minor, I thought I'd just let you know so that's one less bug to find and fix yourself smile.gif

every little bit helps

I do understand the code on the last page i just need to know how to use it and where.

do I put it on every page? do I attach my same database to the page with these codes that is on the reg page and attached to it?
Laptop
(13 items)
 
  
CPUGraphicsRAMHard Drive
Athlon-II P320 DualCore 2.1GHz AMD M880G with ATI Mobility Radeon HD 4250 3GB 250GB 
Optical DriveOSMonitorKeyboard
DVD/RW Windows 7 Home Premium 64Bit 24in 1080p Viewsonic Wireless 
Mouse
Wireless 
  hide details  
Reply
Laptop
(13 items)
 
  
CPUGraphicsRAMHard Drive
Athlon-II P320 DualCore 2.1GHz AMD M880G with ATI Mobility Radeon HD 4250 3GB 250GB 
Optical DriveOSMonitorKeyboard
DVD/RW Windows 7 Home Premium 64Bit 24in 1080p Viewsonic Wireless 
Mouse
Wireless 
  hide details  
Reply
post #15 of 21
Quote:
Originally Posted by joshd View Post

That's a really good post. It actually helped me understand the md5 function, thanks!

Glad that helped you!
To have a secure string the password hsouldn't be just hashed, but salted as well.
Here a short post which explains how it works: http://pbeblog.wordpress.com/2008/02/12/secure-hashes-in-php-using-salt/
Quote:
Originally Posted by iamme View Post

I can link you to the reg page
https://www.my-pinup.com/mypinupreg.php
and ty for the code if you can look at my code and point me were to place your code i will sooo rep you!
Please accept the certificate for a secure connection

I'm sure you know we can't see a php page code using our browsers, otherwise no website would be secure right now hehe!
You can send it by PM if you like.
Quote:
Originally Posted by iamme View Post

every little bit helps
I do understand the code on the last page i just need to know how to use it and where.
do I put it on every page? do I attach my same database to the page with these codes that is on the reg page and attached to it?

The code must be used in this way:
1st part: code must be triggered once the user clicks "Register".
2nd part: triggered when user clicks "Login"

To know if they clicked the submit buttons, you can use:
Code:
if(isset($_POST['submitButtonName'])) {
// button clicked, check the entered info and whether start the user session in case of correct info or deny it
}
else {
// button not clicked yet, just display the login form
}
But I'm sure you already know this, pretty easy.

Regarding the last code snippet, you can write that in a separate php file, like welcomeuser.php.
Save it in the same folder, then include this code line in each of your pages, where you want it to display:
Code:
require_once("welcomeuser.php");
So you don't have to revise every page if you need to change something, just that external file.

PS: Eww those pinups are fugly lol! puke.gif
post #16 of 21
Thread Starter 
Quote:
Originally Posted by d3viliz3d View Post

Glad that helped you!
To have a secure string the password hsouldn't be just hashed, but salted as well.
Here a short post which explains how it works: http://pbeblog.wordpress.com/2008/02/12/secure-hashes-in-php-using-salt/
I'm sure you know we can't see a php page code using our browsers, otherwise no website would be secure right now hehe!
You can send it by PM if you like.
The code must be used in this way:
1st part: code must be triggered once the user clicks "Register".
2nd part: triggered when user clicks "Login"
To know if they clicked the submit buttons, you can use:
Code:
if(isset($_POST['submitButtonName'])) {
// button clicked, check the entered info and whether start the user session in case of correct info or deny it
}
else {
// button not clicked yet, just display the login form
}
But I'm sure you already know this, pretty easy.
Regarding the last code snippet, you can write that in a separate php file, like welcomeuser.php.
Save it in the same folder, then include this code line in each of your pages, where you want it to display:
Code:
require_once("welcomeuser.php");
So you don't have to revise every page if you need to change something, just that external file.
PS: Eww those pinups are fugly lol! puke.gif

Thanks for the code help but the comment about the girls is not right that happens to be my wife and her best friend.
Laptop
(13 items)
 
  
CPUGraphicsRAMHard Drive
Athlon-II P320 DualCore 2.1GHz AMD M880G with ATI Mobility Radeon HD 4250 3GB 250GB 
Optical DriveOSMonitorKeyboard
DVD/RW Windows 7 Home Premium 64Bit 24in 1080p Viewsonic Wireless 
Mouse
Wireless 
  hide details  
Reply
Laptop
(13 items)
 
  
CPUGraphicsRAMHard Drive
Athlon-II P320 DualCore 2.1GHz AMD M880G with ATI Mobility Radeon HD 4250 3GB 250GB 
Optical DriveOSMonitorKeyboard
DVD/RW Windows 7 Home Premium 64Bit 24in 1080p Viewsonic Wireless 
Mouse
Wireless 
  hide details  
Reply
post #17 of 21
Quote:
Originally Posted by iamme View Post

Thanks for the code help but the comment about the girls is not right that happens to be my wife and her best friend.

Ouch, sorry mate that was unintended smile.gif
I beg your pardon!
Edited by d3viliz3d - 2/2/12 at 10:17am
post #18 of 21
Thread Starter 
Ok so I get how it works I just need to know how to implement it into my PHP script
Code:
$salt = "aB1cD2eF3G";
$salt = sha1(md5($password));
$password = md5($password.$salt);

Where does that go inside
Code:
<?php require_once('Connections/mypinup.php'); ?>

<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }
  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING'
  ]);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO web_members (name, Username, Password, Email) VALUES (%s, %s, %s, %s)",
                       GetSQLValueString($_POST['name'], "text"),
                       GetSQLValueString($_POST['Username'], "text"),
                       GetSQLValueString($_POST['Password'], "text"),
                       GetSQLValueString($_POST['Email'], "text"));

  mysql_select_db($database_mypinup, $mypinup);
  $Result1 = mysql_query($insertSQL, $mypinup) or die(mysql_error());

  $insertGoTo = "thankyou.html";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO web_members (name, Username, Password, Email) VALUES (%s, %s, %s, %s)",
                       GetSQLValueString($_POST['name'], "text"),
                       GetSQLValueString($_POST['Username'], "text"),
                       GetSQLValueString($_POST['Password'], "text"),
                       GetSQLValueString($_POST['Email'], "text"));

  mysql_select_db($database_mypinup, $mypinup);
  $Result1 = mysql_query($insertSQL, $mypinup) or die(mysql_error());

  $insertGoTo = "thankyou.html";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}

mysql_select_db($database_mypinup, $mypinup);
$query_Recordset1 = "SELECT web_members.name, web_members.Username, web_members.Password, web_members.Email FROM web_members";
$Recordset1 = mysql_query($query_Recordset1, $mypinup) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
?>

Also will i always see the users type plain text password inside sql? or is there a way to encrypt it prior to submit so that when it is submitted to the server it is stored encrypted?
Laptop
(13 items)
 
  
CPUGraphicsRAMHard Drive
Athlon-II P320 DualCore 2.1GHz AMD M880G with ATI Mobility Radeon HD 4250 3GB 250GB 
Optical DriveOSMonitorKeyboard
DVD/RW Windows 7 Home Premium 64Bit 24in 1080p Viewsonic Wireless 
Mouse
Wireless 
  hide details  
Reply
Laptop
(13 items)
 
  
CPUGraphicsRAMHard Drive
Athlon-II P320 DualCore 2.1GHz AMD M880G with ATI Mobility Radeon HD 4250 3GB 250GB 
Optical DriveOSMonitorKeyboard
DVD/RW Windows 7 Home Premium 64Bit 24in 1080p Viewsonic Wireless 
Mouse
Wireless 
  hide details  
Reply
post #19 of 21
This is where you need to insert it (disclaimer, I can see your coding way is different from my usual, so I could make some mistakes...):
Code:
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO web_members (name, Username, Password, Email) VALUES (%s, %s, %s, %s)",
                       GetSQLValueString($_POST['name'], "text"),
                       GetSQLValueString($_POST['Username'], "text"),
                       GetSQLValueString($_POST['Password'], "text"),
                       GetSQLValueString($_POST['Email'], "text"));

  mysql_select_db($database_mypinup, $mypinup);
  $Result1 = mysql_query($insertSQL, $mypinup) or die(mysql_error());

Please mind that it's not a good idea AT ALL to directly insert the user data into the database. This can lead to security faults, and attacks such as SQL injections.
You can use this function: http://php.net/manual/en/function.mysql-real-escape-string.php.

This is the result:
Code:
$name = mysql_real_escape_string($_POST['name']);
$username= mysql_real_escape_string($_POST['username']);
$password= mysql_real_escape_string($_POST['password']);
$email= mysql_real_escape_string($_POST['email']);

// once did this, you want to encode the user password, so md5 comes in field

$salt = "something secret you only know!";
// I suggest to skip this following passage, it will be harder for you to authenticate the user, but that's up to you --> 
$salt = sha1(md5($password));
//
$securepassword = md5($password.$salt);

Then you can insert the values in the database freely:
Code:
mysql_select_db($database_mypinup, $mypinup);
$insertSQL = sprintf("INSERT INTO web_members (name, Username, Password, Email) VALUES ($name, $username, $securepassword, $email)")
  $Result1 = mysql_query($insertSQL, $mypinup) or die(mysql_error());

Hope it's clear!!
post #20 of 21
Thread Starter 
i did something wrong

lol

Here is my code
Code:
<?php require_once('Connections/mypinup.php'); ?>

<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }
  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING'
  ]);
}

$name = mysql_real_escape_string($_POST['name']);
$username= mysql_real_escape_string($_POST['username']);
$password= mysql_real_escape_string($_POST['password']);
$email= mysql_real_escape_string($_POST['email']);

// once did this, you want to encode the user password, so md5 comes in field

$salt = "123456";
$securepassword = md5($password.$salt);

mysql_select_db($database_mypinup, $mypinup);
$insertSQL = sprintf("INSERT INTO web_members (name, Username, Password, Email) VALUES ($name, $username, $securepassword, $email)");
$Result1 = mysql_query($insertSQL, $mypinup) or die(mysql_error());

  $insertGoTo = "thankyou.html";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));


if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO web_members (name, Username, Password, Email) VALUES (%s, %s, %s, %s)",
                       GetSQLValueString($_POST['name'], "text"),
                       GetSQLValueString($_POST['Username'], "text"),
                       GetSQLValueString($_POST['Password'], "text"),
                       GetSQLValueString($_POST['Email'], "text"));

  mysql_select_db($database_mypinup, $mypinup);
  $Result1 = mysql_query($insertSQL, $mypinup) or die(mysql_error());

  $insertGoTo = "thankyou.html";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}

mysql_select_db($database_mypinup, $mypinup);
$query_Recordset1 = "SELECT web_members.name, web_members.Username, web_members.Password, web_members.Email FROM web_members";
$Recordset1 = mysql_query($query_Recordset1, $mypinup) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>My-pinup.com Registration</title>
<style type="text/css">
#apDiv1 {
        position:relative;
        width:1080px;
        height:768px;
        z-index:1;
        background-attachment: fixed;
        background-image: url(Images/light-pink-background.jpg);
        background-repeat: no-repeat;
        margin: auto;
}
#apDiv2 {
        position:relative;
        width:600px;
        height:600px;
        z-index:2;
        margin: auto;
}
</style>
</head>

<body>
<div id="apDiv1">
  <form action="<?php echo $editFormAction; ?>" method="post" name="form1" id="form1" onSubmit="this.pass.value = MD5(this.pass.value);">
    <table align="center">
      <tr valign="baseline">
        <td nowrap="nowrap" align="right">Name:</td>
        <td><input type="text" name="name" value="" size="32" /></td>
      </tr>
      <tr valign="baseline">
        <td nowrap="nowrap" align="right">Username:</td>
        <td><input type="text" name="Username" value="" size="32" /></td>
      </tr>
      <tr valign="baseline">
        <td nowrap="nowrap" align="right">Password:</td>
        <td><input type="password" name="Password" value="" size="32" /></td>
      </tr>
      <tr valign="baseline">
        <td nowrap="nowrap" align="right">Email:</td>
        <td><input type="text" name="Email" value="" size="32" /></td>
      </tr>
      <tr valign="baseline">
        <td nowrap="nowrap" align="right">&nbsp;</td>
        <td><input type="submit" value="Register" /> </td>
      </tr>
    </table>
    <input type="hidden" name="MM_insert" value="form1" />
  </form>
  
  
  <div id="apDiv2"><img src="logo/Pinup logo hi-res.png" width="552" height="402" /></div>
  <p>&nbsp;</p>
</div>
</body>
</html>
<?php
mysql_free_result($Recordset1);
?>

here is what the page looks like

https://www.my-pinup.com/mypinupreg.php


I will leave it in its error state so you can see the error, that and no one else will be seeing it unless they are from here.
Edited by iamme - 2/3/12 at 4:18am
Laptop
(13 items)
 
  
CPUGraphicsRAMHard Drive
Athlon-II P320 DualCore 2.1GHz AMD M880G with ATI Mobility Radeon HD 4250 3GB 250GB 
Optical DriveOSMonitorKeyboard
DVD/RW Windows 7 Home Premium 64Bit 24in 1080p Viewsonic Wireless 
Mouse
Wireless 
  hide details  
Reply
Laptop
(13 items)
 
  
CPUGraphicsRAMHard Drive
Athlon-II P320 DualCore 2.1GHz AMD M880G with ATI Mobility Radeon HD 4250 3GB 250GB 
Optical DriveOSMonitorKeyboard
DVD/RW Windows 7 Home Premium 64Bit 24in 1080p Viewsonic Wireless 
Mouse
Wireless 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Web Coding
Overclock.net › Forums › Software, Programming and Coding › Coding and Programming › Web Coding › Need help with PHP scrpiting