Report, edit, etc...Posted by IanMM on 2006-05-04 at 23:42:10
I use this but it does not change the sql row. Please help me figure it out.
CODE
<?php
include('connect.php');
$user=$_REQUEST['id'];
$active=$_REQUEST['active'];
$q="SELECT * FROM xboards_users WHERE username='$user' AND active='no' LIMIT 1";
$sql_check=mysql_query($q);
$email_check=@mysql_num_rows($sql_check);
if($email_check > 0) {
echo "This acount is already active";
}
else {
$sql=mysql_query("UPDATE xboards_users SET active='yes' WHERE username='$user' AND active='no'");
$sq=mysql_affected_rows();
echo "Your acount is now active! $sq";
}
?>
include('connect.php');
$user=$_REQUEST['id'];
$active=$_REQUEST['active'];
$q="SELECT * FROM xboards_users WHERE username='$user' AND active='no' LIMIT 1";
$sql_check=mysql_query($q);
$email_check=@mysql_num_rows($sql_check);
if($email_check > 0) {
echo "This acount is already active";
}
else {
$sql=mysql_query("UPDATE xboards_users SET active='yes' WHERE username='$user' AND active='no'");
$sq=mysql_affected_rows();
echo "Your acount is now active! $sq";
}
?>
Report, edit, etc...Posted by MindArchon on 2006-05-05 at 02:48:34
CODE
$query = "UPDATE xboards_users SET active='yes' WHERE username='$user' AND active='no'";
$result = mysql_query($query);
$sq=mysql_affected_rows();
echo "Your acount is now active! $sq";
That's the code I would use, it seems to be the same as yours. Most likely there is an error somewhere in your update.
Report, edit, etc...Posted by IanMM on 2006-05-05 at 11:16:15
Ok thank you now it works.
I'm having another problem. This one's with sessions.
You can tell I'm making a login script.
I'm having another problem. This one's with sessions.
CODE
<?php
include('connect.php');
$username=$_POST['username'];
$pass=$_POST['pass'];
$sql ="SELECT * FROM xboards_users WHERE username='$username' AND password='$pass' AND active='yes'";
$login =mysql_query($sql);
$doublecheck =@mysql_num_rows($login);
@session_start();
$i=0;
while ($i < $doublecheck) {
$username2=mysql_result($login,$i,"username");
$pass=mysql_result($login,$i,"password");
}
$_SESSION['username'] = $username2;
$_SESSION['password'] = $pass;
$is=$_SESSION['username'];
echo "Welcome $is ";
mysql_close();
?>
include('connect.php');
$username=$_POST['username'];
$pass=$_POST['pass'];
$sql ="SELECT * FROM xboards_users WHERE username='$username' AND password='$pass' AND active='yes'";
$login =mysql_query($sql);
$doublecheck =@mysql_num_rows($login);
@session_start();
$i=0;
while ($i < $doublecheck) {
$username2=mysql_result($login,$i,"username");
$pass=mysql_result($login,$i,"password");
}
$_SESSION['username'] = $username2;
$_SESSION['password'] = $pass;
$is=$_SESSION['username'];
echo "Welcome $is ";
mysql_close();
?>
You can tell I'm making a login script.
Report, edit, etc...Posted by Centreri on 2006-05-05 at 16:50:11
Are you sure it's @session_start()? session_start(); worked fine for me.
Report, edit, etc...Posted by IanMM on 2006-05-05 at 17:30:37
I get these if the at is not there:
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /data/home/y05h1b/public_html/wg/axboards/login.php:3) in /data/home/y05h1b/public_html/wg/axboards/login.php on line 4
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /data/home/y05h1b/public_html/wg/axboards/login.php:3) in /data/home/y05h1b/public_html/wg/axboards/login.php on line 4
Edit: fixed I needed to put it as the first line. But it still won't read the sent sessions.
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /data/home/y05h1b/public_html/wg/axboards/login.php:3) in /data/home/y05h1b/public_html/wg/axboards/login.php on line 4
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /data/home/y05h1b/public_html/wg/axboards/login.php:3) in /data/home/y05h1b/public_html/wg/axboards/login.php on line 4
Edit: fixed I needed to put it as the first line. But it still won't read the sent sessions.
Report, edit, etc...Posted by Centreri on 2006-05-05 at 19:15:07
Ah. Nevermind, then. I might have a later version 
.
.Report, edit, etc...Posted by IanMM on 2006-05-05 at 23:09:28
No the @ needed to be deleted, but now it won't send the session name and read it.
Report, edit, etc...Posted by MindArchon on 2006-05-06 at 01:26:35
Put the "@session_start();" as the very first line, even before including the connection script. You cannot output anything, or echo ANYTHING before you set the headers to sessions.
Report, edit, etc...Posted by IanMM on 2006-05-06 at 10:43:10
I already did that and removed the @ and it worked. Now it won't send the session name.
Report, edit, etc...Posted by brutetal on 2006-05-07 at 14:21:49
How can it not send the session name?
Try this login script:
<?php
session_start();
require 'connect.php';
$act = $_REQUEST[act];
$ip = $_SERVER['REMOTE_ADDR'];
$timestamp = date("m-d-Y g:i:s A");
if ($act = login){
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
$userId = $_POST['username'];
$password = $_POST['password'];
// check if the user id and password combination exist in database
$sql = "SELECT *
FROM member
WHERE username = '$userId' AND password = '$password'";
$result = mysql_query($sql) or die('Query failed. ' . mysql_error());
while($row = mysql_fetch_array($result)) {
$locaton = .$row[access_location];
}
if (mysql_num_rows($result) == 1) {
// the user id and password match,
// set the session
$_SESSION['logged_in'] = true;
$sql = "INSERT INTO member ('last_log_on', 'ip') VALUES ( '$timestamp', '$ip') WHERE username = $userID'";
$result2 = mysql_query($sql) or die ("Not working try again");
$sql2 = "UPDATE members SET online = (1) WHERE username ='$userID'";
$result3 = mysql_query($sql2) or die ("Not working try again");
header ('location: $location');
} else {
$errorMessage = '<warning>Sorry, wrong username / password</warning>';
}
};
print $errorMessage;
?>
This one might work, I just quickly typed it.
Try this login script:
CODE
<?php
session_start();
require 'connect.php';
$act = $_REQUEST[act];
$ip = $_SERVER['REMOTE_ADDR'];
$timestamp = date("m-d-Y g:i:s A");
if ($act = login){
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
$userId = $_POST['username'];
$password = $_POST['password'];
// check if the user id and password combination exist in database
$sql = "SELECT *
FROM member
WHERE username = '$userId' AND password = '$password'";
$result = mysql_query($sql) or die('Query failed. ' . mysql_error());
while($row = mysql_fetch_array($result)) {
$locaton = .$row[access_location];
}
if (mysql_num_rows($result) == 1) {
// the user id and password match,
// set the session
$_SESSION['logged_in'] = true;
$sql = "INSERT INTO member ('last_log_on', 'ip') VALUES ( '$timestamp', '$ip') WHERE username = $userID'";
$result2 = mysql_query($sql) or die ("Not working try again");
$sql2 = "UPDATE members SET online = (1) WHERE username ='$userID'";
$result3 = mysql_query($sql2) or die ("Not working try again");
header ('location: $location');
} else {
$errorMessage = '<warning>Sorry, wrong username / password</warning>';
}
};
print $errorMessage;
?>
This one might work, I just quickly typed it.
Report, edit, etc...Posted by RexyRex on 2006-05-08 at 20:32:54
The line after session_start() (which should be near the top) should be session_name("blah"); 
Report, edit, etc...Posted by Sicarul on 2006-05-10 at 01:14:05
QUOTE
<?php
session_start();
require 'connect.php';
$act = $_REQUEST[act];
$ip = $_SERVER['REMOTE_ADDR'];
$timestamp = date("m-d-Y g:i:s A");
if ($act = login){
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
$userId = $_POST['username'];
$password = $_POST['password'];
// check if the user id and password combination exist in database
$sql = "SELECT *
FROM member
WHERE username = '$userId' AND password = '$password'";
$result = mysql_query($sql) or die('Query failed. ' . mysql_error());
while($row = mysql_fetch_array($result)) {
$locaton = .$row[access_location];
}
if (mysql_num_rows($result) == 1) {
// the user id and password match,
// set the session
$_SESSION['logged_in'] = true;
$sql = "INSERT INTO member ('last_log_on', 'ip') VALUES ( '$timestamp', '$ip') WHERE username = $userID'";
$result2 = mysql_query($sql) or die ("Not working try again");
$sql2 = "UPDATE members SET online = (1) WHERE username ='$userID'";
$result3 = mysql_query($sql2) or die ("Not working try again");
header ('location: $location');
} else {
$errorMessage = '<warning>Sorry, wrong username / password</warning>';
}
};
print $errorMessage;
?>
session_start();
require 'connect.php';
$act = $_REQUEST[act];
$ip = $_SERVER['REMOTE_ADDR'];
$timestamp = date("m-d-Y g:i:s A");
if ($act = login){
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
$userId = $_POST['username'];
$password = $_POST['password'];
// check if the user id and password combination exist in database
$sql = "SELECT *
FROM member
WHERE username = '$userId' AND password = '$password'";
$result = mysql_query($sql) or die('Query failed. ' . mysql_error());
while($row = mysql_fetch_array($result)) {
$locaton = .$row[access_location];
}
if (mysql_num_rows($result) == 1) {
// the user id and password match,
// set the session
$_SESSION['logged_in'] = true;
$sql = "INSERT INTO member ('last_log_on', 'ip') VALUES ( '$timestamp', '$ip') WHERE username = $userID'";
$result2 = mysql_query($sql) or die ("Not working try again");
$sql2 = "UPDATE members SET online = (1) WHERE username ='$userID'";
$result3 = mysql_query($sql2) or die ("Not working try again");
header ('location: $location');
} else {
$errorMessage = '<warning>Sorry, wrong username / password</warning>';
}
};
print $errorMessage;
?>
I'll work on this code.
You should at start connect to your mysql server:
CODE
/* Change at will */
$host = 'localhost';
$db = 'mydb';
$dbuser = 'SicarulZ'
$dbpassword = '0123456789';
$conn = mysql_connect($host, $dbuser, $dbpassword);
mysql_select_db($db);
$host = 'localhost';
$db = 'mydb';
$dbuser = 'SicarulZ'
$dbpassword = '0123456789';
$conn = mysql_connect($host, $dbuser, $dbpassword);
mysql_select_db($db);
The code in red is dangerous for your SQL Database, be careful.
You should check that it's a safe string... you can easily do:
CODE
$userId = mysql_real_escape_string($userId, $conn);
$password = mysql_real_escape_string($password, $conn);
$password = mysql_real_escape_string($password, $conn);
The "loggedin" variable you set isn't useful at all, as just having user and password set is enough, i would also recommend to encrypt passwords in database with MD5...
Well, try it fixing those things, or fix them on your own code, i hope you get it working soon
Report, edit, etc...Posted by brutetal on 2006-05-10 at 03:24:21
I know I quickly wrote the code, and copied a part of it from my original code.
Thats why I have the line:
require 'connect.php';
to connect to the mysql database
And the online thing, its to show a small notification/img to see which members/users are logged in and online or logged off and offline.
The passwords are encrpted, this was just a script I quickly put together.
Thats why I have the line:
require 'connect.php';
to connect to the mysql database
And the online thing, its to show a small notification/img to see which members/users are logged in and online or logged off and offline.
The passwords are encrpted, this was just a script I quickly put together.
Report, edit, etc...Posted by Sicarul on 2006-05-10 at 05:56:27
QUOTE(brutetal @ May 10 2006, 04:23 AM)
I know I quickly wrote the code, and copied a part of it from my original code.
Thats why I have the line:
require 'connect.php';
to connect to the mysql database
And the online thing, its to show a small notification/img to see which members/users are logged in and online or logged off and offline.
The passwords are encrpted, this was just a script I quickly put together.
[right][snapback]483509[/snapback][/right]
Thats why I have the line:
require 'connect.php';
to connect to the mysql database
And the online thing, its to show a small notification/img to see which members/users are logged in and online or logged off and offline.
The passwords are encrpted, this was just a script I quickly put together.
[right][snapback]483509[/snapback][/right]
Yeah, but he didn't connect to it either, and you can still make it without loggedin...
I mostly talked to xXIanXx trough your code, anyway i'm gonna make my own code and put it here soon(Testing it before)
Edit: Nvm, didn't see the other include('connect.php');, my error
Report, edit, etc...Posted by IanMM on 2006-05-10 at 13:10:18
I'll try them later today and tell you what happens.
ADDITION:
Well what do ya know I looked at your script and found out i forgot to put:mysql_fetch_array($login);
So here's what it looks like now:
and it looked like this before:
ADDITION:
Well what do ya know I looked at your script and found out i forgot to put:mysql_fetch_array($login);
So here's what it looks like now:
CODE
$sql ="SELECT * FROM xboards_users WHERE username='$username' AND password='$pass' AND active='yes'";
$login =mysql_query($sql);
if(@mysql_num_rows($login) == 1) {
$doublecheck =@mysql_num_rows($login);
mysql_fetch_array($login);
$i=0;
while ($i < $doublecheck) {
$username2=mysql_result($login,$i,"username");
$pass2=mysql_result($login,$i,"password");
}
$login =mysql_query($sql);
if(@mysql_num_rows($login) == 1) {
$doublecheck =@mysql_num_rows($login);
mysql_fetch_array($login);
$i=0;
while ($i < $doublecheck) {
$username2=mysql_result($login,$i,"username");
$pass2=mysql_result($login,$i,"password");
}
and it looked like this before:
CODE
$sql ="SELECT * FROM xboards_users WHERE username='$username' AND password='$pass' AND active='yes'";
$login =mysql_query($sql);
$doublecheck =@mysql_num_rows($login);
$i=0;
while ($i < $doublecheck) {
$username2=mysql_result($login,$i,"username");
$pass2=mysql_result($login,$i,"password");
}
$login =mysql_query($sql);
$doublecheck =@mysql_num_rows($login);
$i=0;
while ($i < $doublecheck) {
$username2=mysql_result($login,$i,"username");
$pass2=mysql_result($login,$i,"password");
}
Report, edit, etc...Posted by Sicarul on 2006-05-10 at 13:50:03
Ok, i tested this code and it worked just great, it's your code modified(a lot) xD
connect.php
login.php
Hope you like it(Or else... 
xD)
connect.php
QUOTE(PHP Code)
<?php
/* Change these values or it won't work */
$host = 'myhost';
$db = 'mydb';
$dbuser = 'myuser';
$dbpassword = 'mypassword';
$conn = mysql_connect($host, $dbuser, $dbpassword);
mysql_select_db($db);
?>
/* Change these values or it won't work */
$host = 'myhost';
$db = 'mydb';
$dbuser = 'myuser';
$dbpassword = 'mypassword';
$conn = mysql_connect($host, $dbuser, $dbpassword);
mysql_select_db($db);
?>
login.php
QUOTE(PHP Code)
<?php
session_start();
/* You can risk-free change values until... */
$loggedoutsuccess = "Logged out succesfully";
$wronguser = "The user you entered doesn't exist or the password you entered was incorrect";
$table = 'xboard_users';
/* ...here */
if($_GET['logout'] == 1)
{
$_SESSION['username'] = '';
$_SESSION["password"] = '';
echo $loggedoutsuccess;
}
elseif(!empty($_POST))
{
//Sent form
$unsafe_username = $_POST['username'];
$unsafe_password = $_POST['pass'];
$typedatafrom = 1;
}
elseif(!empty($_SESSION))
{
//Logged in before
$unsafe_username = $_SESSION['username'];
$unsafe_password = $_SESSION['pass'];
$typedatafrom = 2;
}
if(!empty($unsafe_username) && !empty($unsafe_password))
{
include('connect.php');
$safe_username = mysql_real_escape_string($unsafe_username);
$safe_password = mysql_real_escape_string($unsafe_password);
//Optionally and safer you can use $safepassword = md5($unsafe_password);... it doesn't need escape string as it makes a hash of 32 characters wich are safe, and if someone hacks your DB hacker can't see passwords so easily, a well done password may take years to discover in MD5
// Important NOTE: i noticed you were using 'yes' as a value in active, but in the table i made, i used active as a TINYINT of length 1 to use 0 or 1 instead of yes or no, as 1 or 0 occupies less space than a 3 letter varchar
$sql = 'SELECT * FROM ' . $table . ' WHERE username=\'' . $safe_username . '\' AND password=\'' . $safe_password . '\' AND active=1';
$login = mysql_query($sql);
if(!$login)
{
// Didn't find any user with that name & password =(
die($wronguser);
}
$numrows = mysql_num_rows($login);
if($numrows == 1)
{
//We found our user!
$userdata = mysql_fetch_array($login);
$username = $userdata['username'];
$password = $userdata['password'];
$_SESSION['username'] = $username;
$_SESSION['pass'] = $password;
$is = $_SESSION['username'];
if($typedatafrom == 1)
{
// This is the message that appears when you log in
echo 'Welcome ' . $is . ', click <a href="login.php?logout=1">here to logout</a>';
}
elseif($typedatafrom == 2)
{
//And this is the one you receive when you logged in before
echo 'Welcome back ' . $is . ', click <a href="login.php?logout=1">here to logout</a>';
}
}
else
{
// Didn't find the user
die($wronguser);
}
//We close SQL
mysql_close();
}
else
{
//We show the form
?>
<form method="POST" action="login.php">
<table align="center">
<TR>
<TD align="right">
Username:
<input type="text" name="username">
<br>
Password:
<input type="text" name="pass">
<br>
<input type="submit" value="Send">
</TD>
</TR>
</table>
</form>
<?
}
?>
session_start();
/* You can risk-free change values until... */
$loggedoutsuccess = "Logged out succesfully";
$wronguser = "The user you entered doesn't exist or the password you entered was incorrect";
$table = 'xboard_users';
/* ...here */
if($_GET['logout'] == 1)
{
$_SESSION['username'] = '';
$_SESSION["password"] = '';
echo $loggedoutsuccess;
}
elseif(!empty($_POST))
{
//Sent form
$unsafe_username = $_POST['username'];
$unsafe_password = $_POST['pass'];
$typedatafrom = 1;
}
elseif(!empty($_SESSION))
{
//Logged in before
$unsafe_username = $_SESSION['username'];
$unsafe_password = $_SESSION['pass'];
$typedatafrom = 2;
}
if(!empty($unsafe_username) && !empty($unsafe_password))
{
include('connect.php');
$safe_username = mysql_real_escape_string($unsafe_username);
$safe_password = mysql_real_escape_string($unsafe_password);
//Optionally and safer you can use $safepassword = md5($unsafe_password);... it doesn't need escape string as it makes a hash of 32 characters wich are safe, and if someone hacks your DB hacker can't see passwords so easily, a well done password may take years to discover in MD5
// Important NOTE: i noticed you were using 'yes' as a value in active, but in the table i made, i used active as a TINYINT of length 1 to use 0 or 1 instead of yes or no, as 1 or 0 occupies less space than a 3 letter varchar
$sql = 'SELECT * FROM ' . $table . ' WHERE username=\'' . $safe_username . '\' AND password=\'' . $safe_password . '\' AND active=1';
$login = mysql_query($sql);
if(!$login)
{
// Didn't find any user with that name & password =(
die($wronguser);
}
$numrows = mysql_num_rows($login);
if($numrows == 1)
{
//We found our user!
$userdata = mysql_fetch_array($login);
$username = $userdata['username'];
$password = $userdata['password'];
$_SESSION['username'] = $username;
$_SESSION['pass'] = $password;
$is = $_SESSION['username'];
if($typedatafrom == 1)
{
// This is the message that appears when you log in
echo 'Welcome ' . $is . ', click <a href="login.php?logout=1">here to logout</a>';
}
elseif($typedatafrom == 2)
{
//And this is the one you receive when you logged in before
echo 'Welcome back ' . $is . ', click <a href="login.php?logout=1">here to logout</a>';
}
}
else
{
// Didn't find the user
die($wronguser);
}
//We close SQL
mysql_close();
}
else
{
//We show the form
?>
<form method="POST" action="login.php">
<table align="center">
<TR>
<TD align="right">
Username:
<input type="text" name="username">
<br>
Password:
<input type="text" name="pass">
<br>
<input type="submit" value="Send">
</TD>
</TR>
</table>
</form>
<?
}
?>
Hope you like it
(Or else... xD)Report, edit, etc...Posted by IanMM on 2006-05-10 at 14:13:32
Report, edit, etc...Posted by Sicarul on 2006-05-13 at 23:42:33
So... did it work?
Report, edit, etc...Posted by IanMM on 2006-05-14 at 00:20:48
Yes. Now I need to get the front page going.