Follow us on Twitter!
It is the path of least resistance that makes rivers and men crooked. - Bj Palmer
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 24
Guests Online: 22
Members Online: 2

Registered Members: 82843
Newest Member: hx47
Latest Articles
View Thread

HellBound Hackers | Computer General | Programming

Page 2 of 3 < 1 2 3 >
Author

RE: PHP help

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 05-02-10 07:30
ok, after much thinking last night I've decided to ditch the dob code since it's causing me unncessary trouble. Right now I'm working on the registration page, and this error simply stumped me.

I assume there's an error in my syntax, but I can't seem to figure it out.

Registration Page:

Code
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head>
<meta content="text/html; charset=ISO-8859-1" http-equiv="content-type"><title>Online Music Player Registration Site</title><style type="text/css">
.prompt{color: blue; font-family:Arial; font-size:medium}
</style></head>
<body>
<p><big style="font-weight: bold;">
  REGISTER TO THIS SITE</big><br>
</p>
<p><br>
  Register to this site in order to gain the full benefits this site offers.<br>
</p>
<form method="post" action="form.php">
  <table width="100%" border="0" cellpadding="0" cellspacing="1">
       <tr>
      <td width="10%" valign="top">Username</td>

      <td width="48%"><input type="text" name="username" /> <br /> </font></td>
    </tr>
   <tr>
      <td>Password</td>
      <td><input type="password" name="password" /><br>
         </tr>
      <tr>
     <td colspan="2"><hr size="1" /></td>
    </tr>
         <tr>
      <td>Email</td>
     <td><input type="text" name="email" />     <br/><font color="red" size="2">(E-mail is important so that your registration can be verified) </font></td>
    </tr>
   <tr>
   <td><p>Type of user</p></td>
   <td>   
   <input type="radio" name="user" value= "normal user" /> Normal user
    <input type="radio" name="user" value=    "musician" /> Musician
   </td>
   </tr>
   <tr>
   <td><p>Gender</p></td>
   <td>
   <input type="radio" name="gender" value="female" />Female
   <input type="radio" name="gender" value="male" />   Male   </td>
   </tr>
    <tr>
      <td><p>
        <input type="submit" name="Submit" id="Submit" value="Submit">
        <br />
      </p></td>
    </tr>
  </table>
    <input type="hidden" name="ref" value="" />
</form>






[edit]
form.php

Code

<?php
$username = htmlspecialchars($_POST['user_name']);
if (preg_match("/\s/",$username))
{
   die("do not use spaces, tabs or newlines in your username");
}
$email = htmlspecialchars($_POST['user_email']);
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email))
{
die("Invalid E-mail address");
}
$Password = htmlspecialchars($_POST['user_password']);
if (preg_match("/\s/",$Password))
{
   die("do not use spaces, tabs or newlines in your password");
}
?>

<html>
<body>

Your name is: <?php echo $username; ?><br />
Your password is: <?php echo $Password; ?><br />
Your e-mail: <?= $email ?><br />

<?php echo "Please remember your details for future registration"; ?><br />
<br />

</body>
</html>

<?php
function check_input($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
   if ($problem && strlen($data) == 0)
   {
      die($problem);
   }
    return $data;
}

function show_error($anyError)
{
   ?>
   <html>
   <body>

      <b>Please correct the following errors:</b><br />
      <?php echo $myError; ?>

   </body>
   </html>
<?php
exit();
}
?>

<?php

$connect = mysql_connect("localhost", "root") or die ("connection could not be established.");

mysql_select_db("users");

$insert = "INSERT INTO user(user_name, user_password, user_email, user_type, user_gender)" . 
"VALUES ('{$_POST['user_name']}', '{$_POST['password']}', '{$_POST['user_email']}', '{$_POST['user_type']}', '{$_POST['user_gender']}')";

$results = mysql_query($insert) or die (mysql_error());

?>





[/edit]

create user table:

createuser.php

Code
<?php

$connect = mysql_connect("localhost", "fuser", "projectpass") or die("Could not establish connection");

$create = mysql_query("CREATE DATABASE IF NOT EXISTS users") or die (mysql_error());

mysql_select_db("users");

$user = "CREATE TABLE user(user_id int(15) NOT NULL auto_increment,
user_name varchar(255) NOT NULL,
user_password varchar(255) NOT NULL,
user_email varchar(255) NOT NULL,
user_type varchar(255) NOT NULL,
user_gender varchar(255) NOT NULL,
PRIMARY KEY (user_id),
KEY user_type(user_type, user_gender))";

$results = mysql_query($user) or die (mysql_error());

$usertype = "CREATE TABLE usertype
(usertype_id tinyint(2) NOT NULL auto_increment,
usertype_type varchar(255) NOT NULL,
PRIMARY KEY(usertype_id))";

$results = mysql_query($usertype) or die (mysql_error());

$gender = "CREATE TABLE gender
(gender_id int(15) NOT NULL auto_increment,
gender_type varchar(255) NOT NULL,
PRIMARY KEY(gender_id))";

$results = mysql_query($gender) or die (mysql_error());

echo "Database Created";

?>




and the user table:

userdata.php

Code
<?php

$connect = mysql_connect("localhost", "fuser", "projectpass") or die("connection could not be established");

mysql_select_db("users");

$insert = "INSERT INTO user(user_id, user_name, user_password, user_email, user_type, user_gender)" .
"VALUES (1, 'User A', 'abcdef', 'zzyx@mail.com', 1, 1), " .
"(2, 'User B', 'abc123', 'mail@mail.com', 1, 2), " .
"(3, 'User C', 'zxcvbn', '1234@mail.com', 2, 1), " .
"(4, 'User D', 'qwerty', 'abcd@mail.com', 2, 2), " .
"(5, 'User E', '123456', 'xkcd@mail.com', 3, 2) " ;

$results = mysql_query($insert) or die (mysql_error());

$type = "INSERT INTO usertype(usertype_id, usertype_type) " .
" VALUES (1, 'Normal User'), " .
" (2, 'Musician'), " .
" (3, 'Administrator') ";

$results = mysql_query($type) or die (mysql_error());

$gender = "INSERT INTO gender(gender_id, gender_type) " .
" VALUES (1, 'Female'), " .
" (2, 'Male') ";

$results = mysql_query($gender) or die (mysql_error());

?>




I should note that my login page works fine though..

login.php

Code
<html>
<head>
<title>Login Page</title>
<title>Online Music Player Login Page</title><style type="text/css">
.prompt{color: blue; font-family:Arial; font-size:medium}
</style></head>
<form method="post" action="checkLogin.php">
  <table width="100%" border="0" cellpadding="0" cellspacing="1">
       <tr>
      <td width="10%" valign="top">Username</td>

      <td width="48%"><input type="text" name="username" /> <br /> </font></td>
    </tr>
   <tr>
      <td>Password</td>
      <td><input type="password" name="password" /><br>
         </tr>
      <tr>
     <td colspan="2"><hr size="1" /></td>
    </tr>
     <tr>
      <td><p>
        <input type="submit" name="Submit" id="Submit" value="Submit">
        <br />
      </p></td>
    </tr>
  </table>
    <input type="hidden" name="ref" value="" />
</form>
</html>




checkLogin.php

Code
<?php
// checkLogin.php

session_start(); // Start a new session
require('conn.php'); // Holds all of our database connection information

// Get the data passed from the form
$username = $_POST['username'];
$password = $_POST['password'];

// Do some basic sanitizing
$username = stripslashes($username);
$password = stripslashes($password);

$sql = "select * from user where user_name = '$username' and user_password = '$password'";
$result = mysql_query($sql) or die ( mysql_error() );

$count = 0;

while ($line = mysql_fetch_assoc($result)) {
    $count++;
}

if ($count == 1) {
    $_SESSION['loggedIn'] = "true";
    echo "welcome";
} else {
    $_SESSION['loggedIn'] = "false";
    echo "sorry, try again.";
}

?>




the funny thing is that the error now is that all the e-mail addresses I've inputted into the e-mail field are considered invalid.. o_O


img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht

Edited by fuser on 05-02-10 09:48
catinthecpu@hotmail.com
Author

RE: PHP help

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 05-02-10 10:17
the previous post was a bit too long, so I hope no one is offended by the fact I've decided to make a new post.

I think I've fixed the form code now, so it now looks like this:

Code
<?php
$username = htmlspecialchars($_POST['user_name']);
if (preg_match("/\s/",$username))
{
   die("do not use spaces, tabs or newlines in your username");
}
$email = htmlspecialchars($_POST['user_email']);
if (preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email))
{
die("Invalid E-mail address");
}
$Password = htmlspecialchars($_POST['user_password']);
if (preg_match("/\s/",$Password))
{
   die("do not use spaces, tabs or newlines in your password");
}
?>

<html>
<body>

Your name is: <?php echo $username; ?><br />
Your password is: <?php echo $Password; ?><br />
Your e-mail: <?= $email ?><br />

<?php echo "Please remember your details for future registration"; ?><br />
<br />

</body>
</html>

<?php
function check_input($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
   if ($problem && strlen($data) == 0)
   {
      die($problem);
   }
    return $data;
}

function show_error($anyError)
{
   ?>
   <html>
   <body>

      <b>Please correct the following errors:</b><br />
      <?php echo $myError; ?>

   </body>
   </html>
<?php
exit();
}
?>

<?php

$connect = mysql_connect("localhost", "root") or die ("connection could not be established.");

mysql_select_db("users");

$insert = "INSERT INTO user(user_name, user_password, user_email, user_type, user_gender)" . 
"VALUES ('{$_POST['user_name']}', '{$_POST['password']}', '{$_POST['user_email']}', '{$_POST['user_type']}', '{$_POST['user_gender']}')";

$results = mysql_query($insert) or die (mysql_error());

?>





well, the issue now is:

img535.imageshack.us/img535/1170/onlinemusicplayerregist.th.jpg

results in:


img42.imageshack.us/img42/4090/localhostlocalhostusers.th.jpg

I'm pretty sure I've screwed the code up somewhere, just not sure which one.


img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht

Edited by fuser on 05-02-10 10:18
catinthecpu@hotmail.com
Author

RE: PHP help

ynori7
Member



Posts: 1486
Location: #valhalla
Joined: 08.10.07
Rank:
God
Posted on 05-02-10 17:49
Does this part output the right info:
Code
<html>
<body>

Your name is: <?php echo $username; ?><br />
Your password is: <?php echo $Password; ?><br />
Your e-mail: <?= $email ?><br />

<?php echo "Please remember your details for future registration"; ?><br />
<br />

</body>
</html>



That'll tell if it's the data entry that's the problem or the part putting the data into the table.


halls-of-valhalla.org/images/affiliateLogo.png voodoorage.halls-of-valhalla.org/images/smallLogo.png
i537.photobucket.com/albums/ff338/ynori77/archenemysig1.jpg
ynori7 http://halls-of-valhalla.org
Author

RE: PHP help

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 06-02-10 02:59
I do remember that the data inputted in the registration field came out blank in the following page, but I guess I didn't pay much attention to it.

anyone know how to fix it?


img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht
catinthecpu@hotmail.com
Author

RE: PHP help

ynori7
Member



Posts: 1486
Location: #valhalla
Joined: 08.10.07
Rank:
God
Posted on 06-02-10 05:08
Are you sure you're using the right names in your POST's? For example, in your earlier code when you get the username you use this code:
<input type="text" name="username" />

But when you're referring to it later you say:
$username = htmlspecialchars($_POST['user_name']);



halls-of-valhalla.org/images/affiliateLogo.png voodoorage.halls-of-valhalla.org/images/smallLogo.png
i537.photobucket.com/albums/ff338/ynori77/archenemysig1.jpg
ynori7 http://halls-of-valhalla.org
Author

RE: PHP help

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 06-02-10 10:14
well, now the database recognizes the user name, email and password, but now it doesn't recognize the user type and the user gender. must've been a mistake I made in either code..

Code


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head>
<meta content="text/html; charset=ISO-8859-1" http-equiv="content-type"><title>Online Music Player Registration Site</title><style type="text/css">
.prompt{color: blue; font-family:Arial; font-size:medium}
</style></head>
<body>
<p><big style="font-weight: bold;">
  REGISTER TO THIS SITE</big><br>
</p>
<p><br>
  Register to this site in order to gain the full benefits this site offers.<br>
</p>
<form method="post" action="form.php">
  <table width="100%" border="0" cellpadding="0" cellspacing="1">
       <tr>
      <td width="10%" valign="top">Username</td>

      <td width="48%"><input type="text" name="user_name" /> <br /> </font></td>
    </tr>
   <tr>
      <td>Password</td>
      <td><input type="password" name="user_password" /><br>
         </tr>
      <tr>
     <td colspan="2"><hr size="1" /></td>
    </tr>
         <tr>
      <td>Email</td>
     <td><input type="text" name="user_email" />     <br/><font color="red" size="2">(E-mail is important so that your registration can be verified) </font></td>
    </tr>
   <tr>
   <td><p>Type</p></td>
   <td>   
   <input type="radio" name="user_type" value= "normal user" /> Normal user
    <input type="radio" name="user_type" value= "musician" /> Musician
   </td>
   </tr>
   <tr>
   <td><p>Gender</p></td>
   <td>
   <input type="radio" name="user_gender" value="female" />Female
   <input type="radio" name="user_gender" value="male" />   Male   </td>
   </tr>
    <tr>
      <td><p>
        <input type="submit" name="Submit" id="Submit" value="Submit">
        <br />
      </p></td>
    </tr>
  </table>
    <input type="hidden" name="ref" value="" />
</form>






and the form code:

Code


<?php
$username = htmlspecialchars($_POST['user_name']);
if (preg_match("/\s/",$username))
{
   die("do not use spaces, tabs or newlines in your username");
}
$email = htmlspecialchars($_POST['user_email']);
if (preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email))
{
die("Invalid E-mail address");
}
$Password = htmlspecialchars($_POST['user_password']);
if (preg_match("/\s/",$Password))
{
   die("do not use spaces, tabs or newlines in your password");
}
?>

<html>
<body>

Your name is: <?php echo $username; ?><br />
Your password is: <?php echo $Password; ?><br />
Your e-mail: <?php echo $email; ?><br />

<?php echo "Please remember your details for future registration"; ?><br />
<br />

</body>
</html>

<?php
function check_input($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
   if ($problem && strlen($data) == 0)
   {
      die($problem);
   }
    return $data;
}

function show_error($anyError)
{
   ?>
   <html>
   <body>

      <b>Please correct the following errors:</b><br />
      <?php echo $myError; ?>

   </body>
   </html>
<?php
exit();
}
?>

<?php

$connect = mysql_connect("localhost", "fuser", "projectpass") or die ("connection could not be established.");

mysql_select_db("users");

$insert = "INSERT INTO user(user_name, user_password, user_email, user_type, user_gender)" . 
"VALUES ('$username', '$Password', '$email', '$type', '$gender')";

$results = mysql_query($insert) or die (mysql_error());
if(!$results) {
  echo "The following SQL failed <hr>$insert";
}

?>






I just thought it would be necessary to add the code to show that I've made changes to it.

here's the screen:

img41.imageshack.us/img41/8400/localhostlocalhostusers.th.png


img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht
catinthecpu@hotmail.com
Author

RE: PHP help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-02-10 14:29
fuser wrote:
well, now the database recognizes the user name, email and password, but now it doesn't recognize the user type and the user gender. must've been a mistake I made in either code..


You never gave $gender and $type the corresponding $_GET[''] values.


Author

RE: PHP help

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 09-02-10 02:32
well, nothing I ever do seems to work properly, as it seems that bad luck follows me around whatever I do.

what happens now is that my upload code doesn't seem to work properly. It refuses to identify the files I've uploaded, and even if it does, it doesn't save it.

there are two upload codes here, one is for music and another one is for images.

[upload.php]

Code
<?php
ini_set( 'upload_max_filesize', '100M' );
if ( !isset($_FILES['data']['name']) || $_FILES['data']['name'] == '' ) {
die('No input file specified. Please go back and select a file to upload.');
} // End check for file being set

$filetype = 'audio/mpeg';
$upload_path = '/music/';

# Check to see if the filetype is correct
if ($_FILES['data']['type'] != $filetype) {
die('Sorry, your file was not of the ' . $filetype . ' mimetype (yours was ' . $_FILES['data']['type'] . ').');
} // End filetype check

# If file has gotten this far, it is successful

$copy_to = $_SERVER['DOCUMENT_ROOT'] . $upload_path . $_FILES['data']['name'];

# Upload the file
$upload = move_uploaded_file($_FILES['data']['tmp_name'], $copy_to);

# Check to see if upload was successful
if (!$upload) {
die('Sorry, your file could not be uploaded.');
}

echo 'Your file contents are below: <hr>' . file_get_contents($copy_to);
?>




error:

Warning: move_uploaded_file(G:/xampplite/htdocs/music/1_matabuta.mp3) [function.move-uploaded-file]: failed to open stream: No such file or directory in G:\xampplite\htdocs\mplayer\upload.php on line 20

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'G:\xampplite\tmp\php27.tmp' to 'G:/xampplite/htdocs/music/1_matabuta.mp3' in G:\xampplite\htdocs\mplayer\upload.php on line 20
Sorry, your file could not be uploaded.

[uploadimages.php]

Code

<?php
ini_set( 'upload_max_filesize', '100M' );
if ( !isset($_FILES['data']['name']) || $_FILES['data']['name'] == '' ) {
die('No input file specified. Please go back and select a file to upload.');
} // End check for file being set

$filetype = array('image/jpg', 'image/jpeg', 'image/bmp', 'image/gif');

$upload_path = '/images/';

# Check to see if the filetype is correct
if ($_FILES['data']['type'] != $filetype) {
die('Sorry, your file was not of the ' . $filetype . ' mimetype (yours was ' . $_FILES['data']['type'] . ').');
} // End filetype check

# If file has gotten this far, it is successful

$copy_to = $_SERVER['DOCUMENT_ROOT'] . $upload_path . $_FILES['data']['name'];

# Upload the file
$upload = move_uploaded_file($_FILES['data']['tmp_name'], $copy_to);

# Check to see if upload was successful
if (!$upload) {
die('Sorry, your file could not be uploaded.');
}

echo 'Your file contents are below: <hr>' . file_get_contents($copy_to);
?>




the error:

Sorry, your file was not of the Array mimetype (yours was image/jpeg).

Sorry, your file was not of the Array mimetype (yours was image/gif).

I should note that this error occurs at both wamp (my laptop) and xampp (my pendrive), except that upload.php also refuses to recognize my filetype whatsoever.


img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht

Edited by fuser on 09-02-10 02:50
catinthecpu@hotmail.com
Author

RE: PHP help

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 09-02-10 11:27
$_FILES['data']['type'] is a string, $filetype is an array (uploadimages.php)

Use in_array():

Code

if( !in_array( $_FILES['data']['type'], $filetype ) )
  die( "Invalid filetype!" );






img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png



Edited by SySTeM on 09-02-10 12:41
http://www.elites0ft.com/
Author

RE: PHP help

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 11-02-10 02:02
well. now I can make a page where I can edit the information for the users logged into the site. but I have several problems:

a) whenever I try to change any data, be it username, password, or even type of user, it always shows this error:

Duplicate entry '4' for key 'PRIMARY' (the entry number is the user id number)

the code:

user_update.php

Code
<?php
if(!isset($_SESSION)){
session_start();}
if(!include('conn.php')){
require('conn.php');}
if(isset($_POST['UserID'])) $UserID = $_POST['UserID'];
if(isset($_POST['Username'])) $Username = $_POST['Username'];
if(isset($_POST['Password'])) $Password = $_POST['Password'];
if(isset($_POST['Group'])) $Group = $_POST['Group'];

$Query = mysql_query("UPDATE user SET `user_name`='$Username',`user_password`='$Password', `user_type`=$Group, user_id=$UserID") or die(mysql_error());
$_SESSION['Err']="User Updated Successfully";
header("Location: control_panel.php?pid=2&uid=$UserID");

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>User Update</title>
</head>

<body>
</body>
</html>





user_edit.php

Code
<?php

if(isset($_GET['uid']))
{
   $uid = $_GET['uid'];
   $Query = $_GET['uid'];
   $Query = mysql_query("SELECT * FROM user WHERE user_id=$uid") or die(mysql_error());
   $Result = mysql_fetch_assoc($Query)or die(mysql_error());
   } elseif (isset($_GET['uid'])=='' && (!isset($_GET['uid']))){
   die();
}
?>
<link href="css.css" rel="stylesheet" type="text/css">

<form action="user_update.php" method="post" id="frmuserpage">
<?php
   if(mysql_num_rows($Query)>0)
   {
   echo mysql_num_rows($Query);
   ?>
  <table width="500" border="1" cellpadding="2" cellspacing="0" bordercolor="#FFFFFF" bgcolor="#CCCCCC">
   <tr>
     <td>Username</td>
     <td>Password</td>
     <td>Group</td>
   </tr>
   <tr>
     <td><label>
      <input name="Username" type="text" class="textbox" id="user_name" value="<?php echo $Result['user_name'];?>">
     </label></td>
     <td><label>
      <input name="Password" type="text" class="textbox" id="user_password" value="<?php echo $Result['user_password']?>">
     </label></td>
     <td><label>
      <select name="Group" class="textbox" id="user_type">
        <option value="1" <?php if($Result['user_type']==1) echo "selected";?>>user</option>
        <option value="2" <?php if($Result['user_type']==2) echo "selected";?>>musician</option>
        <option value="3" <?php if($Result['user_type']==3) echo "selected";?>>admin</option>
      </select>
     </label></td>
   </tr>
   <tr>
     <td><input name="UserID" type="hidden" id="user_id" value="<?php echo $Result['user_id'];?>"></td>
     <td> </td>
     <td> </td>
     <td><label>
      <input name="Submit" type="submit" class="btn" value="Update" />
     </label></td>
   </tr>
  </table>
<?php
}
else
{
?>
<table width="500" border="0" cellspacing="0" cellpadding="0">
  <tr>
   <td align="center">Sorry, No User Found </td>
  </tr>
</table>
<?php
}
?>
</form>




another problem is that everytime a user is logged in, regardless of his usertype, he can simply change the information of the users shown in the control panel, and obviously I want it to be only accessible to the admins of the site.

And I'm not sure if the user profile page is actually working.

Code
<?php
session_start();

$userna=$_SESSION['username'];
$auser=$_SESSION['admin'];

if($nuser){
$userfinal=$nuser;
}elseif($auser){
$userfinal=$auser;
}
if(isset($userfinal)){

$username = $_GET['username'];
$user = mysql_query("SELECT * FROM user WHERE username = '$username'");
$user=mysql_fetch_assoc($user);
if($user['level'] > 1){
die("You cant view an Admins profile!");
}

echo "<h1>User Info</h1>";

echo "<b>Username:".$user['username']."<br>";

echo "<br>";
  echo '<form name="backlistfrm" method="post" action="members.php">';
echo '<input type="submit" value="Back to The List">';
echo '</form>';
echo "<br>";

} else {
echo "You are not logged in. Please log in to continue";
}

?>




edit: nvm, fixed.




img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht

Edited by fuser on 11-02-10 13:44
catinthecpu@hotmail.com
Author

RE: PHP help

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 15-02-10 07:09
well, sorry for necroing, but it seems that I have bumped into another problem as always.

well, first of all it seems that the code for listing users on my site (basically like the "Members Online" section of this site)

well, here's the code for members.php

Code
<?php
session_start();
require 'conn.php';

$normuser=$_SESSION['user'];
$musicuser=$_SESSION['musician'];
$adminuser=$_SESSION['admin'];

if($normuser){
$userfinal=$nuser;
}
elseif($musicuser){
$userfinal=$musicuser;
}
elseif($adminuser){
$userfinal=$adminuser;
}
if(isset($userfinal)){
$Members = mysql_query("SELECT user_name FROM user WHERE level ='1' ORDER BY user_name DESC") or die(mysql_error());
$numRowsMembers = mysql_num_rows($Members);
?>

<table border="0">

<?php
for($count = 1; $count <= $numRowsMembers; $count++)
{
    $name = mysql_fetch_array($Members);
    ?>
   
    <tr>
    <?php
    echo '<td><a href="member_profile.php?username=' . $name['user'] . '">' . $name['user'] . '</a></td>';
    ?>
    </tr>
   
    <?php
}
?>
</table>




error:

Parse error: parse error in C:\wamp\www\mplayer\members.php on line 40

and I'm also stuck at the profile page:

Code
<?php
session_start();
require 'database.php';


if($nuser){
$userfinal=$nuser;
}elseif($auser){
$userfinal=$auser;
}
if(isset($userfinal)){

$username = $_GET['user_name'];
$user = mysql_query("SELECT * FROM user WHERE user_name = '$username'");
$user=mysql_fetch_assoc($user);
if($user['level'] > 1){
die("You cant view an Admins profile!");
}

echo "<h1>User Info</h1>";

echo "<b>Username:".$user['username']."<br>";

echo "<br>";
  echo '<form name="backlistfrm" method="post" action="members.php">';
echo '<input type="submit" value="Back to The List">';
echo '</form>';
echo "<br>";

?>





the error:
Parse error: parse error in C:\wamp\www\mplayer\member_profile.php on line 32

and a funny thing with my upload code for both mp3 and images: it keeps on opening it as if it's a textfile, so after I upload it it looks like some weird gibberish about the file I uploaded.

upload.php
Code
<?php
ini_set( 'upload_max_filesize', '100M' );
if ( !isset($_FILES['data']['name']) || $_FILES['data']['name'] == '' ) {
die('No input file specified. Please go back and select a file to upload.');
} // End check for file being set

$filetype = 'audio/mpeg';
$upload_path = '/mplayer/music';

# Check to see if the filetype is correct
if ($_FILES['data']['type'] != $filetype) {
die('Sorry, your file was not of the ' . $filetype . ' mimetype (yours was ' . $_FILES['data']['type'] . ').');
} // End filetype check

# If file has gotten this far, it is successful

$copy_to = $_SERVER['DOCUMENT_ROOT'] . $upload_path . $_FILES['data']['name'];

# Upload the file
$upload = move_uploaded_file($_FILES['data']['tmp_name'], $copy_to);

# Check to see if upload was successful
if (!$upload) {
die('Sorry, your file could not be uploaded.');
}

echo 'Your file contents are below: <hr>' . file_get_contents($copy_to);
?>




here's an example of the result:

img59.imageshack.us/img59/499/uploadj.th.jpg


img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht
catinthecpu@hotmail.com
Author

RE: PHP help

michelfalke
Member

Your avatar

Posts: 9
Location: Longitude l = new Longitude();
Joined: 08.01.10
Rank:
Guest
Posted on 15-02-10 14:37
I'm gonna give you a big tip atleast i think it is :) most of the times am using it myself

For example this pseudo
Code


username = some kind of data getting a username

working with the username here





will generate an error but you've got no idea where it's going wrong
then just echo the variable so you can check if it's filled :)



School sux hbh teaches me way more =)
michelfalke50@hotmail.com
Author

RE: PHP help

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 15-02-10 15:07
fuser wrote:
and a funny thing with my upload code for both mp3 and images: it keeps on opening it as if it's a textfile, so after I upload it it looks like some weird gibberish about the file I uploaded.

upload.php
Code
<?php
ini_set( 'upload_max_filesize', '100M' );
if ( !isset($_FILES['data']['name']) || $_FILES['data']['name'] == '' ) {
die('No input file specified. Please go back and select a file to upload.');
} // End check for file being set

$filetype = 'audio/mpeg';
$upload_path = '/mplayer/music';

# Check to see if the filetype is correct
if ($_FILES['data']['type'] != $filetype) {
die('Sorry, your file was not of the ' . $filetype . ' mimetype (yours was ' . $_FILES['data']['type'] . ').');
} // End filetype check

# If file has gotten this far, it is successful

$copy_to = $_SERVER['DOCUMENT_ROOT'] . $upload_path . $_FILES['data']['name'];

# Upload the file
$upload = move_uploaded_file($_FILES['data']['tmp_name'], $copy_to);

# Check to see if upload was successful
if (!$upload) {
die('Sorry, your file could not be uploaded.');
}

echo 'Your file contents are below: <hr>' . file_get_contents($copy_to);
?>




here's an example of the result:

img59.imageshack.us/img59/499/uploadj.th.jpg


file_get_contents() literally opens the file like notepad does; so echo'ing out the contents is just gonna give you the same results as opening up a jpg or mp3 in notepad.


img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png

http://www.elites0ft.com/
Author

RE: PHP help

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 15-02-10 15:26
well, I've found a script from http://www.jp77.o. . .2.0.4d.zip which seems to help me with my user settings (namely, defining the usertypes, etc), but as usual I always run into problems.

edit: turns out all I had to do was to run it in wamp instead of xampp. however, after registration it sends a confirmation e-mail to which I have to check in order to proceed with registration. The issue here is that the server I have is on my own computer, and my project forbids me from renting out a server or even setting it up online for the time being. And also the fact that I usually type in fake e-mail addresses also doesn't help, I guess.

So, I think the best way to do it is that after a user is registered, the user can immediately log on without having to check for a confirmation e-mail.

these are the code which I think are related to the registration process:

Code
<?php
/**
 * Register.php
 *
 * Displays the registration form if the user needs to sign-up,
 * or lets the user know, if he's already logged in, that he
 * can't register another name.
 *
 * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
 * Last Updated: August 2, 2009 by Ivan Novak
 */
include("include/session.php");
?>

<html>
<head>
   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
   <title>Jpmaster77's Login Script</title>
   <link rel="stylesheet" href="-css/960/reset.css" type="text/css" />
   <link rel="stylesheet" href="-css/960/960.css" type="text/css" />
   <link rel="stylesheet" href="-css/960/text.css" type="text/css" />   
   <link rel="stylesheet" href="-css/style.css" type="text/css" />
</head>
<body>
<div id="main" class="container_12">
<?php
/**
 * The user is already logged in, not allowed to register.
 */
if($session->logged_in){
   echo "<h1>Registered</h1>";
   echo "<p>We're sorry <b>$session->username</b>, but you've already registered. "
       ."<a href=\"main.php\">Main</a>.</p>";
}
/**
 * The user has submitted the registration form and the
 * results have been processed.
 */
else if(isset($_SESSION['regsuccess'])){
   /* Registration was successful */
   if($_SESSION['regsuccess']){
      echo "<h1>Registered!</h1>";
      if(EMAIL_WELCOME){
         echo "<p>Thankyou <b>".$_SESSION['reguname']."</b>, you have been sent a confirmation email which should be arriving shortly.  Please confirm your registration before you continue.<br />Back to <a href='main.php'>Main</a></p>";
      }else{
      echo "<p>Thank you <b>".$_SESSION['reguname']."</b>, your information has been added to the database, "
          ."you may now <a href=\"main.php\">log in</a>.</p>";
      }
   }
   /* Registration failed */
   else{
      echo "<h1>Registration Failed</h1>";
      echo "<p>We're sorry, but an error has occurred and your registration for the username <b>".$_SESSION['reguname']."</b>, "
          ."could not be completed.<br>Please try again at a later time.</p>";
   }
   unset($_SESSION['regsuccess']);
   unset($_SESSION['reguname']);
}
/**
 * The user has not filled out the registration form yet.
 * Below is the page with the sign-up form, the names
 * of the input fields are important and should not
 * be changed.
 */
else{
?>

<h1>Register</h1>
<?php
if($form->num_errors > 0){
   echo "<td><font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font></td>";
}
?>
<div id="register">
   <form action="process.php" method="POST">
      <p class="textinput">Name: </p><p><input type="text" name="name" maxlength="30" value="<?php echo $form->value("name"); ?>"><?php echo $form->error("name"); ?></p>
      <p class="textinput">Username: </p><p><input type="text" name="user" maxlength="30" value="<?php echo $form->value("user"); ?>"><?php echo $form->error("user"); ?></p>
      <p class="textinput">Password: </p><p><input type="password" name="pass" maxlength="30" value="<?php echo $form->value("pass"); ?>"><?php echo $form->error("pass"); ?></p>
      <p class="textinput">Email: </p><p><input type="text" name="email" maxlength="50" value="<?php echo $form->value("email"); ?>"><?php echo $form->error("email"); ?></p>
      <p class="textinput"><input type="hidden" name="subjoin" value="1"><input type="submit" value="Join!"></p>
      <p><a href="main.php">[Back to Main]</a></p>
   </form>
</div>
<?php
}
?>
</div>
</body>
</html>





Code
<?php
/**
 * Session.php
 *
 * The Session class is meant to simplify the task of keeping
 * track of logged in users and also guests.
 *
 * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
 * Last Updated: August 2, 2009 by Ivan Novak
 */
include("database.php");
include("mailer.php");
include("form.php");

class Session
{
   var $username;     //Username given on sign-up
   var $userid;       //Random value generated on current login
   var $userlevel;    //The level to which the user pertains
   var $time;         //Time user was last active (page loaded)
   var $logged_in;    //True if user is logged in, false otherwise
   var $userinfo = array();  //The array holding all user info
   var $url;          //The page url current being viewed
   var $referrer;     //Last recorded site page viewed
   /**
    * Note: referrer should really only be considered the actual
    * page referrer in process.php, any other time it may be
    * inaccurate.
    */

   /* Class constructor */
   function Session(){
      $this->time = time();
      $this->startSession();
   }

   /**
    * startSession - Performs all the actions necessary to
    * initialize this session object. Tries to determine if the
    * the user has logged in already, and sets the variables
    * accordingly. Also takes advantage of this page load to
    * update the active visitors tables.
    */
   function startSession(){
      global $database;  //The database connection
      session_start();   //Tell PHP to start the session

      /* Determine if user is logged in */
      $this->logged_in = $this->checkLogin();

      /**
       * Set guest value to users not logged in, and update
       * active guests table accordingly.
       */
      if(!$this->logged_in){
         $this->username = $_SESSION['username'] = GUEST_NAME;
         $this->userlevel = GUEST_LEVEL;
         $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
      }
      /* Update users last active timestamp */
      else{
         $database->addActiveUser($this->username, $this->time);
      }
     
      /* Remove inactive visitors from database */
      $database->removeInactiveUsers();
      $database->removeInactiveGuests();
     
      /* Set referrer page */
      if(isset($_SESSION['url'])){
         $this->referrer = $_SESSION['url'];
      }else{
         $this->referrer = "/";
      }

      /* Set current url */
      $this->url = $_SESSION['url'] = $_SERVER['PHP_SELF'];
   }

   /**
    * checkLogin - Checks if the user has already previously
    * logged in, and a session with the user has already been
    * established. Also checks to see if user has been remembered.
    * If so, the database is queried to make sure of the user's
    * authenticity. Returns true if the user has logged in.
    */
   function checkLogin(){
      global $database;  //The database connection
      /* Check if user has been remembered */
      if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
         $this->username = $_SESSION['username'] = $_COOKIE['cookname'];
         $this->userid   = $_SESSION['userid']   = $_COOKIE['cookid'];
      }

      /* Username and userid have been set and not guest */
      if(isset($_SESSION['username']) && isset($_SESSION['userid']) &&
         $_SESSION['username'] != GUEST_NAME){
         /* Confirm that username and userid are valid */
         if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0){
            /* Variables are incorrect, user not logged in */
            unset($_SESSION['username']);
            unset($_SESSION['userid']);
            return false;
         }

         /* User is logged in, set class variables */
         $this->userinfo  = $database->getUserInfo($_SESSION['username']);
         $this->username  = $this->userinfo['username'];
         $this->userid    = $this->userinfo['userid'];
         $this->userlevel = $this->userinfo['userlevel'];
         return true;
      }
      /* User not logged in */
      else{
         return false;
      }
   }

   /**
    * login - The user has submitted his username and password
    * through the login form, this function checks the authenticity
    * of that information in the database and creates the session.
    * Effectively logging in the user if all goes well.
    */
   function login($subuser, $subpass, $subremember){
      global $database, $form;  //The database and form object

      /* Username error checking */
      $field = "user";  //Use field name for username
     $q = "SELECT valid FROM ".TBL_USERS." WHERE username='$subuser'";
     $valid = $database->query($q);
     $valid = mysql_fetch_array($valid);
             
      if(!$subuser || strlen($subuser = trim($subuser)) == 0){
         $form->setError($field, "* Username not entered");
      }
      else{
         /* Check if username is not alphanumeric */
         if(!eregi("^([0-9a-z])*$", $subuser)){
            $form->setError($field, "* Username not alphanumeric");
         }
      }    

      /* Password error checking */
      $field = "pass";  //Use field name for password
      if(!$subpass){
         $form->setError($field, "* Password not entered");
      }
     
      /* Return if form errors exist */
      if($form->num_errors > 0){
         return false;
      }

      /* Checks that username is in database and password is correct */
      $subuser = stripslashes($subuser);
      $result = $database->confirmUserPass($subuser, md5($subpass));

      /* Check error codes */
      if($result == 1){
         $field = "user";
         $form->setError($field, "* Username not found");
      }
      else if($result == 2){
         $field = "pass";
         $form->setError($field, "* Invalid password");
      }
     
      /* Return if form errors exist */
      if($form->num_errors > 0){
         return false;
      }

     
      if(EMAIL_WELCOME){
         if($valid['valid'] == 0){
            $form->setError($field, "* User's account has not yet been confirmed.");
         }
      }
                 
      /* Return if form errors exist */
      if($form->num_errors > 0){
         return false;
      }
     


      /* Username and password correct, register session variables */
      $this->userinfo  = $database->getUserInfo($subuser);
      $this->username  = $_SESSION['username'] = $this->userinfo['username'];
      $this->userid    = $_SESSION['userid']   = $this->generateRandID();
      $this->userlevel = $this->userinfo['userlevel'];
     
      /* Insert userid into database and update active users table */
      $database->updateUserField($this->username, "userid", $this->userid);
      $database->addActiveUser($this->username, $this->time);
      $database->removeActiveGuest($_SERVER['REMOTE_ADDR']);

      /**
       * This is the cool part: the user has requested that we remember that
       * he's logged in, so we set two cookies. One to hold his username,
       * and one to hold his random value userid. It expires by the time
       * specified in constants.php. Now, next time he comes to our site, we will
       * log him in automatically, but only if he didn't log out before he left.
       */
      if($subremember){
         setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH);
         setcookie("cookid",   $this->userid,   time()+COOKIE_EXPIRE, COOKIE_PATH);
      }

      /* Login completed successfully */
      return true;
   }

   /**
    * logout - Gets called when the user wants to be logged out of the
    * website. It deletes any cookies that were stored on the users
    * computer as a result of him wanting to be remembered, and also
    * unsets session variables and demotes his user level to guest.
    */
   function logout(){
      global $database;  //The database connection
      /**
       * Delete cookies - the time must be in the past,
       * so just negate what you added when creating the
       * cookie.
       */
      if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
         setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
         setcookie("cookid",   "", time()-COOKIE_EXPIRE, COOKIE_PATH);
      }

      /* Unset PHP session variables */
      unset($_SESSION['username']);
      unset($_SESSION['userid']);

      /* Reflect fact that user has logged out */
      $this->logged_in = false;
     
      /**
       * Remove from active users table and add to
       * active guests tables.
       */
      $database->removeActiveUser($this->username);
      $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
     
      /* Set user level to guest */
      $this->username  = GUEST_NAME;
      $this->userlevel = GUEST_LEVEL;
   }

   /**
    * register - Gets called when the user has just submitted the
    * registration form. Determines if there were any errors with
    * the entry fields, if so, it records the errors and returns
    * 1. If no errors were found, it registers the new user and
    * returns 0. Returns 2 if registration failed.
    */
   function register($subuser, $subpass, $subemail, $subname){
      global $database, $form, $mailer;  //The database, form and mailer object
     
      /* Username error checking */
      $field = "user";  //Use field name for username
      if(!$subuser || strlen($subuser = trim($subuser)) == 0){
         $form->setError($field, "* Username not entered");
      }
      else{
         /* Spruce up username, check length */
         $subuser = stripslashes($subuser);
         if(strlen($subuser) < 5){
            $form->setError($field, "* Username below 5 characters");
         }
         else if(strlen($subuser) > 30){
            $form->setError($field, "* Username above 30 characters");
         }
         /* Check if username is not alphanumeric */
         else if(!eregi("^([0-9a-z])+$", $subuser)){
            $form->setError($field, "* Username not alphanumeric");
         }
         /* Check if username is reserved */
         else if(strcasecmp($subuser, GUEST_NAME) == 0){
            $form->setError($field, "* Username reserved word");
         }
         /* Check if username is already in use */
         else if($database->usernameTaken($subuser)){
            $form->setError($field, "* Username already in use");
         }
         /* Check if username is banned */
         else if($database->usernameBanned($subuser)){
            $form->setError($field, "* Username banned");
         }
      }

      /* Password error checking */
      $field = "pass";  //Use field name for password
      if(!$subpass){
         $form->setError($field, "* Password not entered");
      }
      else{
         /* Spruce up password and check length*/
         $subpass = stripslashes($subpass);
         if(strlen($subpass) < 4){
            $form->setError($field, "* Password too short");
         }
         /* Check if password is not alphanumeric */
         else if(!eregi("^([0-9a-z])+$", ($subpass = trim($subpass)))){
            $form->setError($field, "* Password not alphanumeric");
         }
         /**
          * Note: I trimmed the password only after I checked the length
          * because if you fill the password field up with spaces
          * it looks like a lot more characters than 4, so it looks
          * kind of stupid to report "password too short".
          */
      }
     
      /* Email error checking */
      $field = "email";  //Use field name for email
      if(!$subemail || strlen($subemail = trim($subemail)) == 0){
         $form->setError($field, "* Email not entered");
      }
      else{
         /* Check if valid email address */
         $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
                 ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
                 ."\.([a-z]{2,}){1}$";
         if(!eregi($regex,$subemail)){
            $form->setError($field, "* Email invalid");
         }
         /* Check if email is already in use */
         if($database->emailTaken($subemail)){
            $form->setError($field, "* Email already in use");
         }

         $subemail = stripslashes($subemail);
      }
     
      /* Name error checking */
     $field = "name";
     if(!$subname || strlen($subname = trim($subname)) == 0){
        $form->setError($field, "* Name not entered");
     } else {
        $subname = stripslashes($subname);
     }
     
      $randid = $this->generateRandID();
     
      /* Errors exist, have user correct them */
      if($form->num_errors > 0){
         return 1;  //Errors with form
      }
      /* No errors, add the new account to the */
      else{
         if($database->addNewUser($subuser, md5($subpass), $subemail, $randid, $subname)){
            if(EMAIL_WELCOME){               
               $mailer->sendWelcome($subuser,$subemail,$subpass,$randid);
            }
            return 0;  //New user added succesfully
         }else{
            return 2;  //Registration attempt failed
         }
      }
   }
   
   /**
    * editAccount - Attempts to edit the user's account information
    * including the password, which it first makes sure is correct
    * if entered, if so and the new password is in the right
    * format, the change is made. All other fields are changed
    * automatically.
    */
   function editAccount($subcurpass, $subnewpass, $subemail, $subname){
      global $database, $form;  //The database and form object
      /* New password entered */
      if($subnewpass){
         /* Current Password error checking */
         $field = "curpass";  //Use field name for current password
         if(!$subcurpass){
            $form->setError($field, "* Current Password not entered");
         }
         else{
            /* Check if password too short or is not alphanumeric */
            $subcurpass = stripslashes($subcurpass);
            if(strlen($subcurpass) < 4 ||
               !eregi("^([0-9a-z])+$", ($subcurpass = trim($subcurpass)))){
               $form->setError($field, "* Current Password incorrect");
            }
            /* Password entered is incorrect */
            if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){
               $form->setError($field, "* Current Password incorrect");
            }
         }
         
         /* New Password error checking */
         $field = "newpass";  //Use field name for new password
         /* Spruce up password and check length*/
         $subpass = stripslashes($subnewpass);
         if(strlen($subnewpass) < 4){
            $form->setError($field, "* New Password too short");
         }
         /* Check if password is not alphanumeric */
         else if(!eregi("^([0-9a-z])+$", ($subnewpass = trim($subnewpass)))){
            $form->setError($field, "* New Password not alphanumeric");
         }
      }
      /* Change password attempted */
      else if($subcurpass){
         /* New Password error reporting */
         $field = "newpass";  //Use field name for new password
         $form->setError($field, "* New Password not entered");
      }
     
      /* Email error checking */
      $field = "email";  //Use field name for email
      if($subemail && strlen($subemail = trim($subemail)) > 0){
         /* Check if valid email address */
         $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
                 ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
                 ."\.([a-z]{2,}){1}$";
         if(!eregi($regex,$subemail)){
            $form->setError($field, "* Email invalid");
         }
         $subemail = stripslashes($subemail);
      }
     
      /* Name error checking */
     $field = "name";
     if(!$subname || strlen($subname = trim($subname)) == 0){
        $form->setError($field, "* Name not entered");
     } else {
        $subname = stripslashes($subname);
     }
     
      /* Errors exist, have user correct them */
      if($form->num_errors > 0){
         return false;  //Errors with form
      }
     
      /* Update password since there were no errors */
      if($subcurpass && $subnewpass){
         $database->updateUserField($this->username,"password",md5($subnewpass));
      }
     
      /* Change Email */
      if($subemail){
         $database->updateUserField($this->username,"email",$subemail);
      }
     
      /* Change Name */
      if($subname){
         $database->updateUserField($this->username,"name",$subname);
      }
     
      /* Success! */
      return true;
   }
   
   /**
    * isAdmin - Returns true if currently logged in user is
    * an administrator, false otherwise.
    */
   function isAdmin(){
      return ($this->userlevel == ADMIN_LEVEL ||
              $this->username  == ADMIN_NAME);
   }
   
   /**
    * isAuthor - Returns true if currently logged in user is
    * an author or an administrator, false otherwise.
    */
   function isAuthor(){
      return ($this->userlevel == AUTHOR_LEVEL ||
              $this->userlevel == ADMIN_LEVEL);
   }
   
   /**
    * generateRandID - Generates a string made up of randomized
    * letters (lower and upper case) and digits and returns
    * the md5 hash of it to be used as a userid.
    */
   function generateRandID(){
      return md5($this->generateRandStr(16));
   }
   
   /**
    * generateRandStr - Generates a string made up of randomized
    * letters (lower and upper case) and digits, the length
    * is a specified parameter.
    */
   function generateRandStr($length){
      $randstr = "";
      for($i=0; $i<$length; $i++){
         $randnum = mt_rand(0,61);
         if($randnum < 10){
            $randstr .= chr($randnum+48);
         }else if($randnum < 36){
            $randstr .= chr($randnum+55);
         }else{
            $randstr .= chr($randnum+61);
         }
      }
      return $randstr;
   }
};


/**
 * Initialize session object - This must be initialized before
 * the form object because the form uses session variables,
 * which cannot be accessed unless the session has started.
 */
$session = new Session;

/* Initialize form object */
$form = new Form;

?>




Code
<?php
/**
 * Mailer.php
 *
 * The Mailer class is meant to simplify the task of sending
 * emails to users. Note: this email system will not work
 * if your server is not setup to send mail.
 *
 * If you are running Windows and want a mail server, check
 * out this website to see a list of freeware programs:
 * <http://www.snapfiles.com/freeware/server/fwmailserver.html>
 *
 * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
 * Last Updated: August 2, 2009 by Ivan Novak
 */
 
class Mailer
{
   /**
    * sendWelcome - Sends a welcome message to the newly
    * registered user, also supplying the username and
    * password.
    */
   function sendWelcome($user, $email, $pass, $userid){
      $from = "From: ".EMAIL_FROM_NAME." <".EMAIL_FROM_ADDR.">";
      $subject = "Jpmaster77's Site - Welcome!";
      $body = $user.",\n\n"
             ."Welcome! You've just registered at Jpmaster77's Site "
             ."with the following information:\n\n"
             ."Username: ".$user."\n"
             ."Password: ".$pass."\n\n"
             ."Before you can login you need to activate your\n"
             ."account by clicking on this link:\n\n"
             ."http://localhost:8888/jpsystem/LS2dev/valid.php?qs1=".$user."&qs2=".$userid."\n\n"
             ."If you ever lose or forget your password, a new "
             ."password will be generated for you and sent to this "
             ."email address, if you would like to change your "
             ."email address you can do so by going to the "
             ."My Account page after signing in.\n\n"
             ."- Jpmaster77's Site";

      return mail($email,$subject,$body,$from);
   }
   
   /**
    * sendConfirmation - Sends a confirmation to users
    * who click a "Send confirmation" button.  This
    * only needs to be used if the EMAIL_WELCOME constant
    * is changed to true and the user's 'valid' field is 0
    */
   function sendConfirmation($user, $userid, $email){
       $from = "From: ".EMAIL_FROM_NAME." <".EMAIL_FROM_ADDR.">";
       $subject = "jpmaster77's Site - Welcome!";
       $body = $user.",\n\n"
               ."We're sorry for the inconvenience.  We are making\n"
               ."our website more secure for both your and our \n"
               ."benefit.\n\n"
               ."To activate your account you can either click on the\n"
               ."following link or copy the link and paste it into your\n"
               ."address bar.\n\n"
               ."http://localhost:8888/jpsystem/LS2dev/valid.php?qs1=".$user."&qs2=".$userid."\n\n"
               ."We here at Jpmaster77's Site hope you continue to\n"
               ."enjoy our wonderful service.\n\n"
               ."Sincerely,\n\n"
               ."- Jpmaster77's Site";
               
      return mail($email,$subject,$body,$from);
   }
   
   
   /**
    * sendNewPass - Sends the newly generated password
    * to the user's email address that was specified at
    * sign-up.
    */
   function sendNewPass($user, $email, $pass){
      $from = "From: ".EMAIL_FROM_NAME." <".EMAIL_FROM_ADDR.">";
      $subject = "Jpmaster77's Site - Your new password";
      $body = $user.",\n\n"
             ."We've generated a new password for you at your "
             ."request, you can use this new password with your "
             ."username to log in to Jpmaster77's Site.\n\n"
             ."Username: ".$user."\n"
             ."New Password: ".$pass."\n\n"
             ."It is recommended that you change your password "
             ."to something that is easier to remember, which "
             ."can be done by going to the My Account page "
             ."after signing in.\n\n"
             ."- Jpmaster77's Site";
             
      return mail($email,$subject,$body,$from);
   }
};

/* Initialize mailer object */
$mailer = new Mailer;
 
?>






img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht

Edited by fuser on 16-02-10 03:59
catinthecpu@hotmail.com
Author

RE: PHP help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-02-10 13:55
Alright, this whole thread has gotten really silly. You literally post large reams of code with a simple error like "parse error" or "error in sql syntax" or things that aren't even an error (type "Array", file_get_contents, etc.).

You get parse errors when you write invalid code. In the first parse error, you nested <?php tags inside of each other. In the second, you didn't close an if conditional. You could have found both had you actually tried.

Throw out the script you downloaded and are trying to modify, and just start from scratch. It's okay to learn from other people's code, but you'll never learn unless you write your own.

When you get an error like "parse error" or "unexpected T_STRING" or unexpected "T_ELSE" or whatever other error, try to understand the error. Don't just run to the forum with 4 pages of code and a wish.

- Read the error a few times over if you don't get what it's saying.
- Look at line numbers an error references, if any.
- Output variables that don't seem to be what you expect them to be.
- For arrays, use var_dump() to output them.
- Try everything else you can think of.
- When all else fails, Google the error text. Seriously, thousands of people have had your same error before... doesn't matter what it is.

Then, if you're still stuck or don't understand after having read through other forum threads of people getting helped with these small errors... Post here. We don't mind helping, but you're not TRYING. At all.


Author

RE: PHP help

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 16-02-10 18:46
define wrote:
Alright, this whole thread has gotten really silly. You literally post large reams of code with a simple error like "parse error" or "error in sql syntax" or things that aren't even an error (type "Array", file_get_contents, etc.).

You get parse errors when you write invalid code. In the first parse error, you nested <?php tags inside of each other. In the second, you didn't close an if conditional. You could have found both had you actually tried.

Throw out the script you downloaded and are trying to modify, and just start from scratch. It's okay to learn from other people's code, but you'll never learn unless you write your own.

When you get an error like "parse error" or "unexpected T_STRING" or unexpected "T_ELSE" or whatever other error, try to understand the error. Don't just run to the forum with 4 pages of code and a wish.

- Read the error a few times over if you don't get what it's saying.
- Look at line numbers an error references, if any.
- Output variables that don't seem to be what you expect them to be.
- For arrays, use var_dump() to output them.
- Try everything else you can think of.
- When all else fails, Google the error text. Seriously, thousands of people have had your same error before... doesn't matter what it is.

Then, if you're still stuck or don't understand after having read through other forum threads of people getting helped with these small errors... Post here. We don't mind helping, but you're not TRYING. At all.


well, I guess I'm not really used to PHP, and I usually panic easily when something happens, and I usually read the error text over and over again, but most of the time I'm unable to figure the answer out. Thanks for the advice.


img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht
catinthecpu@hotmail.com
Author

RE: PHP help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-02-10 01:25
fuser wrote:
well, I guess I'm not really used to PHP, and I usually panic easily when something happens, and I usually read the error text over and over again, but most of the time I'm unable to figure the answer out.

I know... and I am genuinely giving advice. Until you stop panicking, you'll continue to be unable to figure the answer out and will, ultimately, never get used to PHP.

There's nothing wrong with asking for help; there's something to be said for learning how to fix the problem when it's a problem that you can fix, though. Otherwise, you're going to continue to encounter the same basic issues that you have been encountering, and you'll continue to get stuck instead of knowing how to solve them for the next time they occur (because they will occur again and again as you progress).

So, in case you have, don't take offense to what I'm saying. Everything I'm saying is with the goal of helping you improve as a PHP programmer. Smile


Author

RE: PHP help

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 17-02-10 09:09
no, there's no error whatsoever. the issue here is that the code I used sends a confirmation e-mail which the user has to click on before he can log in.

the problem now is that I can't host my project on an online server, so I can't send and receive emails, so I'm locked out of my own site, so I think the best way to do this is to allow the user to log into the site as soon as he has registered to the site without the need of the validation e-mail.

and I'm in a major panic mode now. I have only a week left to present my project, so I'm feeling quite fucked.


img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht
catinthecpu@hotmail.com
Author

RE: PHP help

michelfalke
Member

Your avatar

Posts: 9
Location: Longitude l = new Longitude();
Joined: 08.01.10
Rank:
Guest
Posted on 17-02-10 11:11
/**
* sendConfirmation - Sends a confirmation to users
* who click a "Send confirmation" button. This
* only needs to be used if the EMAIL_WELCOME constant
* is changed to true and the user's 'valid' field is 0
*/

put ur user's valid field in db on 1 or put the constant on false and u can login to ur own site again =)

for testing purposes i would say hire a cheap ass server or google for free webservers with smtp


School sux hbh teaches me way more =)

Edited by michelfalke on 17-02-10 11:14
michelfalke50@hotmail.com
Author

RE: PHP help

michelfalke
Member

Your avatar

Posts: 9
Location: Longitude l = new Longitude();
Joined: 08.01.10
Rank:
Guest
Posted on 18-02-10 16:03
MoshBat wrote:
michelfalke wrote:
/**
* sendConfirmation - Sends a confirmation to users
* who click a "Send confirmation" button. This
* only needs to be used if the EMAIL_WELCOME constant
* is changed to true and the user's 'valid' field is 0
*/

put ur user's valid field in db on 1 or put the constant on false and u can login to ur own site again =)

for testing purposes i would say hire a cheap ass server or google for free webservers with smtp

He can't use a server, other than localhost.
And for the love of God, use full words, and people might take what you say seriously, or better yet, read it without thinking you're 11.


I don't know what u'r using on localhost but i'm using a database there aswell. And the comment in the script says what to do aswell.

And for testing purposes with the email validation there will come a point which i mentioned. Hire a server or check the internet for a free host.


School sux hbh teaches me way more =)
michelfalke50@hotmail.com
Page 2 of 3 < 1 2 3 >