Posts by nav33n

hmm.. Since you are a beginner, I dont think you will understand OOPS concepts if you have no idea about it. You can either start learning OOPS concepts like classes, objects, then make your code work OR wait for the one who helped you create this code to make it work OR create a new login page from the scratch.

Welcome to Daniweb vbjenny! :)

Welcome to Daniweb Amanda!

Welcome to Daniweb Charley!

try action="<?php echo $_SERVER; ?>"

Since you are using classes in your script, its kinda difficult to make out what it does. (fetch_GET, fetch_POST, authenticator, etc. ). The best way to debug your code would be to print or echo messages to check the flow of your script. You can use print_r($_POST) in login_check.php to see if all the variables are posted properly. You can echo your sql statements( i dont see any!) and execute it to see if it returns a resultset. You can use die function to get mysql error message. And also, check for 'unwanted' exit keyword.

Cheers,
Naveen

I dont know if this can help, but read out the user comments in this page.
Cheers,
Naveen

That must not be a problem. Eg.

if(variable1==condition1) {
   //check if variable1 satisfies condition2
   if(variable1==condition2) {
   //check if variable1 satisfies condition3
      if(variable1==condition3) {
      //variable1 satisfies condition1, condition2 and condition3
      } else if (variable1==condition4) {
       //variable1 satisfies condition1, condition2 and condition4 but not condition3
      } else {
            //variable1 doesnt satisfy condition3 and condition4, but satisfies only condition1 and condition2
      } 
   } else {
   //variable1 doesnt satisfy condition2,condition3 and condition4 but satisfies only condition1  
   }
} else {
   //variable1 doesnt satisfy condition1
}

And what do you mean by do the type by extension ?

'm not sure if this would be the best way to do it...

Exactly. Its not the best way. Its not safe. And, btw, file_put_contents only works if your php version is >= 5. Even I suggest you to use mysql database. But, if you can't have a database, then you can use a text file(or xml) as a 'database'.

you are welcome :)

:) Welcome to Daniweb!

Try this.

This lists all the images in the specified folder.

<?php
$jpgdir = "./uploads/jpg/";

$dh = opendir($jpgdir);
echo "JPG FILES";

print("<table border=2>");
while (($file = readdir($dh)) !== false) {
	if($file!='.' && $file!='..')
	{
		print( "<tr><td>");
		print("<form name=del method=post action=\"del.php\">");
		echo "<A HREF=\"$jpgdir/$file\"><IMG src=\"$jpgdir/$file\"/ height=70 width=70></A><BR>\n";
		echo "<input type=\"hidden\" name=\"path\" value=\"$jpgdir/$file\">";
		print("</td><td>");
		echo "<input type=\"submit\" name=\"del\" value=\"Delete\">";
		print("</td></tr>");
		print("</form>");
	}
}
print("</table>");
closedir($dh);
?>

This code deletes that image and sends the user back to the image listing page.

<?php
$jpgdir = "./uploads/jpg/";;
$file=$_REQUEST['path'];

// Open a known directory, and proceed to read its contents
if (is_dir($jpgdir)) {
   if ($dh = opendir($jpgdir)) {
              unlink($file);
       closedir($dh);
   }
}
header("location: jpgview.php");
?>

This works.

Cheers,
Naveen

Your connection to mysql is getting reset everytime. Lets see if someone has an answer for this.

if ((($_FILES["file"]["type"] == "application/octet-stream"))
&& ($_FILES["file"]["size"] < 400000))
{
//do whatever you want... 
} else {
echo "The file you uploaded is not application/ocet-stream. Or the filesize is > 400000";
exit;
}

Cheers,
Naveen

Ok ! Instead of mysql_connect, try connecting using mysql_pconnect . If that doesn't fix your problem, also try using the port number in your hostname. For example, instead of localhost, try localhost:3306 . Make sure that port 3306 is not blocked by your firewall.

What are you trying to achieve ? Is this all the code you have ? Try a simple example.

<?php
$conn=mysql_connect("hostname","username","password");
mysql_select_db("dbname");
$query="select * from tablename";
$result=mysql_query($query);
while($row=mysql_fetch_array($result)){
  print_r($row);
}
?>

Execute the above code and tellme if you find any errors.
P.S. Change username, localhost, password, dbname, tablename according to your needs.

How come the error keep changing from

Parse error: parse error, unexpected '?' in /home/content/B/r/1/Hidden/html/-APPI-/NAV/allied_footer.php on line 25

to

Parse error: parse error, unexpected T_INCLUDE_ONCE in /home/content/B/r/1/Hidden/html/-APPI-/NAV/allied_footer.php on line 26

? Comment the include_once line and check if you still get the error.

umm.. my question is, do you really need this complicated code to generate random password ? The user is going to reset it anyway. Well, for small purposes like this one, I would rather use something like this. This will generate random password. Send a link to the user with this random password.

There are a number of attacks beside sql injections,others are like cross scripting flaws,session theft.You can take a look at
http://www.sklar.com/page/article/owasp-top-ten

Also a good place you can learn more about php security is http://phpsec.org

Thats a good link ! :)

Have you created a user called dorcas ? Have you given the user "dorcas" all permissions ?
If your answer is no, this might help you.

Thats because, you have mysql_close($con) in your code. You should use mysql_close only after you have performed whatever operation you want to do with the database. I would use something like this.

function open_connection(){
 $host='localhost';
$user='user';
$db='dbname';
$password='pass';
$conn=mysql_connect($host,$user,$password);
mysql_select_db($db);
return $conn;
}
function close_connection($conn){
mysql_close($conn);
}

So, whenever I have something to do with the database, I call the function open_connection().
$connection=open_connection();
....sql statements.....
Then close it using
close_connection($connection);

Cheers,
Naveen

Can you show us your code ?

Oh thanks.. Umm.. so the OP should use zxvf since he/she is creating a tar.gz file ?

umm.. I am not sure about this. But shouldn't system("tar xvf /home/trial/x.tar"); be system("tar xvf /home/trial/x.tar.gz"); ?

<?php
mysql_connect('localhost','root');
mysql_query("CREATE DATABASE IF NOT EXISTS employees");
mysql_query("USE employees");
mysql_query("DROP TABLE IF EXISTS employees");
mysql_query("CREATE TABLE employees (
SSN varchar (30) NOT NULL,
firstName varchar (30) NOT NULL,
lastName varchar (30) NOT NULL,
birthday date NOT NULL,
employeeType varchar (30) NOT NULL,
departmentName varchar (30) NOT NULL,
PRIMARY KEY (SSN)
) TYPE=INNODB");
echo "Database and table created successfully...";
?>

You can do it this way..

Cheers,
Naveen

:-) People still forgetting to Search The Google ey? I definitely learnt that lesson here, and I have to say I'm much the better for it.

:P

http://www.w3schools.com/php/php_file_upload.asp

Well, yeah.. Add all the tags.. Search your code for "?". Check if its either <?php or ?>.

hmm.. I dont see anything wrong with this. What I dont understand is, how come your footer(allied_footer.php) starts off with no <html> tag, no <body tag, no <table> tag ! Are you sure this is all you have in allied_footer.php ? Are you sure you dont have any <? in between ?

fill in the form and click submit. On submit, it will echo these 2 queries. :)

Well, If you are unable to understand what I am saying, I have a simple suggestion for you. Instead of mysql_query("insert into ....."); you can do something like this.

$query="insert into ....."; 
echo $query;
mysql_query($query);

By doing so, you can echo $query to know what exactly the query is.

Okay! I checked what I had posted here and its working fine. Can you also post the code of analyticstracking.php ?

$query="INSERT INTO `user_info` ( `id` ,`username`) VALUES (
'', '$reg_username')";
echo $query;
mysql_query($query) or die(mysql_error());

$query2="INSERT INTO `users` ( `id` , `username` , `password` , `money` , `regged` , `email` , `location` , `ip` , `r_ip`, `referal`)
VALUES ('', '$reg_username', '$reg_password', '10000', '$time', '$email', '$location', '$ip', '$ip', '$referal2')";
echo $query2;
mysql_query($query2) or die(mysql_error());

Okay! Try these 2 lines instead of your insert statements. It will print 2 queries. Execute these queries in phpmyadmin or any other mysql client.

Can you show us whats in allied_footer.php ? and yep, dont forget code tags.

And what is in allied_footer.php ?

Dang. I did a stupid mistake.

<?php

echo "
<br />
</td>
</tr>
<tr>
<td align=\"right\" ></td>
<td align=\"right\" valign=\"top\">
<table style=\"margin-left:15px;border-style:solid;border-width:2px;border-color:#000000\" width=\"580\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\" bgcolor=\"336699\" height=\"20\" bordercolor=\"#000000\">
<tr>
<td>
<div align=\"center\"><font color=\"#FFFFFF\" face=\"Verdana, Arial, Helvetica, sans-serif\" size=\"1\">&copy;
Allied Power Products, Inc.</font></div>
</td>
</tr>
</table>
<div align=\"center\"><font face=\"Verdana, Arial, Helvetica, sans-serif\" size=\"1\"><b><br>
CAUTION:</b> The final determination as to the suitability of<br>
this product for any purpose is solely that of the user.<br>
Our products are not to be used to lift or move<br>
people or to lift anything over people.</font></div>
</td>
</tr>";
$virtual_page = "Main_Page";
include_once "analyticstracking.php";
echo "</body>
</html>";
?>

Check now.

Ok! so the values are being posted correctly. umm.. Try this..

<?php
session_start();
include_once"includes/db_connect.php";
if (isset($_SESSION['username'])){
header("Location: /game/play.php");
exit();
}

$referal=$_GET['ref'];

$referal2=$_POST['ref2'];

$scriptcheck=$_POST['scriptcheck'];
$scriptcheck2=$_POST['scrip'];
$sc=rand(111,999);

if(!$referal2){
$referal2=0;
}


if ($_POST['Submit']) {

// Define post fields into simple variables
$reg_username = $_POST['reg_username'];

$email = $_POST['email'];
$email1 = $_POST['email1'];
$reg_password = $_POST['reg_password'];
$reg_password2 = $_POST['reg_password2'];
$location=strip_tags($_POST['location']);
$reg_username=trim($reg_username);

$today = gmdate('Y-m-d H:i:s');


$reg_username = stripslashes($reg_username);
$email = stripslashes($email);
$reg_username = strip_tags($reg_username);
$email = strip_tags($email);


if((!$reg_username) ||(!$reg_password) ||(!$email) || (!$location)){
$message="Please fill in all fields";
}else{
if($reg_password != $reg_password2){
$message="Passwords do not match";
}elseif ($reg_password = $reg_password2){
}else{
if($email != $email1){
$message="Emails do not match";
}elseif ($email = $email1){
if($scriptcheck != $scriptcheck2){
print"Script check wrong!";
}else{
if (ereg('[^A-Za-z]', $reg_username)) {
$message="Your username can only contain letters.";
}elseif (!ereg('[^A-Za-z]', $reg_username)) {


if (strlen($reg_username) <= 3 || strlen($reg_username) >= 40){
$message= "password too big or small.";
}elseif (strlen($reg_username) > 3 || strlen($reg_username) < 40){

if (strlen($reg_password and $reg_password2) <= 5 || strlen($reg_password and $reg_password2) >= 15){
$message= "password too big or small.";
}elseif (strlen($reg_password and $reg_password2) > 5 || strlen($reg_password and $reg_password2) < 15){


$sql_email_check = mysql_query("SELECT email FROM users
WHERE email='$email' AND status='Alive'");
$sql_username_check = mysql_query("SELECT username FROM users
WHERE username='$reg_username'");

$email_check = mysql_num_rows($sql_email_check);
$username_check = mysql_num_rows($sql_username_check);

if(($email_check > 0) || ($username_check > 0)){
echo "Im sorry but there has been an error please read on..<br />";
if($email_check > 0){
print"Your email address has already been used by another gangster!";
unset($email);
}
if($username_check > 0){
print"Your desired username is already in use!";
unset($reg_username);
}


}else{ …

Actually, its not $virtual_page="Main_Page". Its because, You have opened the double quote and you are closing it at the end. (after </html>). And you are having a php tag within a php tag !

<?php

echo "
<br />
</td>
</tr>
<tr>
<td align=\"right\" ></td>
<td align=\"right\" valign=\"top\">
<table style=\"margin-left:15px;border-style:solid;border-width:2px;border-color:#000000\" width=\"580\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\" bgcolor=\"336699\" height=\"20\" bordercolor=\"#000000\">
<tr>
<td>
<div align=\"center\"><font color=\"#FFFFFF\" face=\"Verdana, Arial, Helvetica, sans-serif\" size=\"1\">&copy;
Allied Power Products, Inc.</font></div>
</td>
</tr>
</table>
<div align=\"center\"><font face=\"Verdana, Arial, Helvetica, sans-serif\" size=\"1\"><b><br>
CAUTION:</b> The final determination as to the suitability of<br>
this product for any purpose is solely that of the user.<br>
Our products are not to be used to lift or move<br>
people or to lift anything over people.</font></div>
</td>
</tr>";
<?php
$virtual_page = "Main_Page";
include_once "analyticstracking.php";
echo "</body>
</html>";
?>

This will probably do.

Woah! Thats a lil complicated query !

umm.. He wants to count the number of child entries for a particular parent. For example, for mainid=1(description John), there are 2 entries in child. He wants to calculate the entries of each parent, put it in the first column named Total child. Then the sum of Is_important in the second column and the sum of has_been_used in the 3rd column. He wants this to be returned as one resultset !

Edit: Zadj, If you could show us what/how you have achieved this, we can try to debug/find errors in it.

SELECT * FROM Customers where EmailAddress like '%" @ "%'"

Why do we need double quotes around @ ? ("@")
PS. I tried it and it gave me an error.
We can use SELECT * FROM customers where emailaddresses like '%@%';

Its easier if you use javascript for this. Check these links.
http://www.javascriptkit.com/script/script2/timestamp.shtml
or
http://www.javascriptkit.com/script/script2/tengcalendar.shtml
Its simple to use. Call the javascript function wherever you want!

<?
$file = isset($_POST['file']) ? $_POST['file']:"testfile.php";
$newstring = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form action="newfile.php" method="post" name="new">';
echo $file;
$newstring.='<input name="file" type="text" size="30" maxlength="60" /><input name="" type="submit" value="CREATE FILE" />
</form>
</body>
</html>';
$newfile = fopen($file, "w+") or die ("could not create file.");
fclose($newfile);
$myfile = @fopen($file, "w+") or die ("could not open file.");
@fwrite($myfile, $newstring) or die ("could not write to file");
fclose($myfile);
$msg = "<p>File created <a href='$file'>$file</a> and it has stuff in it</p>";
echo $msg;
?>

There. This should work! You were using php tags in a variable which was already in a php script.

Cheers,
Naveen

Next time, put your code within [/code ] tags.

Anyway, put print_r($_POST); at the beginning of the script and tell us what does it print after you click on register button.[code=php ] [/code ] tags.

Anyway, put print_r($_POST); at the beginning of the script and tell us what does it print after you click on register button.

Notices can be ignored. They dont cause much pain !

Oh, btw, I think you are not posting your form variables properly. Are you sure the form is posted properly and all the values are being passed from page1 to page2 ?

I am so used to google. I dont like yahoo's interface!

You are outputting something on line 11 of checkout.php . As naju has mentioned, either call header function before outputting anything or comment line 11 !

umm..As far as I know, you cant do that without using frames. Even if you use include or require, whenever the page is loaded, it will include the banner page again. Lets see if someone has a solution for this !

Yep. Possible.

Wow! great.. :P

$message = "I found this site at http://mysite.com. Check it out!";

There.

Use onload event. Call a function when the body loads. In that function, disable all those textboxes you want to disable.