Php Help
Posted: Mon Jul 12, 2010 11:02 am
[deleted]
A community of PHP developers offering assistance, advice, discussion, and friendship.
http://forums.devnetwork.net/
Code: Select all
$sql = "SELECT * from table WHERE something = 'something'";
mysql_query($sql) or die(mysql_error());
Code: Select all
//your version
$result = query("INSERT INTO tb_users (username, password, first_name, last_name, total_upload_size, email, loggedIn) VALUES (".$username.", ".$password.", ".$f_name.", ".$l_name.", '0kb', ".$email.", 1)");
//my version
$result = query("INSERT INTO tb_users (username, password, first_name, last_name, total_upload_size, email, loggedIn) VALUES ('$username', '$password', '$f_name', '$l_name', '0kb', '$email', 1)");
Code: Select all
<?php
/*
Class Name: SQL_Connect.php
This class will contain most SQL database handleing
to use these functions in a website use the include()
function at head of the desired webpage
EX.
include(SQL_Connect.php)
please make sure this file is hidden on server
it contains the server root username and password
include calls to this file should also be hidden
in source code.
*/
$server_handle;
$db_name;
$database;
function connectToServer(){
Global $server_handle;
$server_handle = mysql_connect('127.0.0.1', 'root', '') or die(mysql_error());
if($server_handle){
return True;
} else {
return False;
}
}
function connectToDatabase($name){
Global $db_name, $database, $server_handle;
$db_name = $name;
$database = mysql_select_db($db_name, $server_handle) or die(mysql_error());
if($database){
return True;
} else {
return False;
}
}
function query($query){
$result = mysql_query($query) or die(mysql_error());
return $result;
}
function checkForMatch($file_handle, $field, $var){
while ($db_field = mysql_fetch_assoc($file_handle)){
if( $db_field[$field] == $var ){
print $db_field[$field].' '.$var.'<br>';
return true;
}
}
return false;
}
function isLoggedIn($ipAddress, $file_handle){
while ($db_field = mysql_fetch_assoc($file_handle)){
if( $db_field['IP'] == $ipAddress && $db_field['loggedIn'] == '1' ){
return $db_field;
}
}
return false;
}
function closeDatabase(){
Global $server_handle;
mysql_close($server_handle) or die(mysql_error());
}
?>
Code: Select all
<html>
<head>
<title>Title comes later</title>
<link rel='stylesheet' href='index-layout.css'>
<!-- This Is the code for the logon box -->
<?php
include('data/SQL_Connect.php');
//Connects to the server MySQL database
$con = connectToServer();
if($con){
$dat = connectToDatabase('users');
if(!$dat){
print('Could not connect to database');
}
} else {
print('Could not connect to server');
}
//defautl values of username and password
$username = '';
$password = '';
/* NOT DONE needs SQL database */
$ipAddress = $_SERVER['REMOTE_ADDR']; //gets users ip address
/*
if( ipAddress is on banlist ){
header('Location: data/banned.html');
}*/
/*
This code will only be executed if the user clicks the submit button in index.html
The information in the forms username and password will be sent here.
*/
if(isset($_POST['submit1']))
{
//strip tags to remove hamful scripting input into the boxes
$username = strip_tags($_POST['username1']);
$password = strip_tags($_POST['password1']);
$file_handle = query('SELECT * FROM tb_users'); //get tb_users
//if it username and password match
if(checkForMatch($file_handle, 'username', $username) && checkForMatch($file_handle, 'password', $password)){
$result1 = query("UPDATE 'users'.'tb_users' SET 'loggedIn' = '1' WHERE 'tb_users'.'ID' = 0");
$result2 = query("UPDATE 'users'.'tb_users' SET 'IP' = '$ipAddress");
if($result1 && $result2){
closeDatabase(); //close database
header('Location: main.php'); //goto the main page
} else {
print 'Could not log you in'; //couldn't change ip or logged in.
}
}
print 'Username or password are incorrect <br>';
}
?>
</head>
<body>
<div id='login'>
<form class='log' name='form1' method='POST' action='index.php'>
<p>Username</p>
<input class='field' name='username1' type=Text><br>
<p>Password</p>
<input class='field' name='password1' type='Password'><br><br>
<input class='button' name='submit1' type='Submit' value='Login'>
<p><a href=signup.php>Create an Account</a></p>
</form>
</div>
</body>
</html>
Code: Select all
<html>
<head>
<title>Title comes later</title>
<link rel='stylesheet' href='index-layout.css'>
<?php
//checks if any of the spaces in array are blanks
include('data/SQL_Connect.php');
$ipAddress = $_SERVER['REMOTE_ADDR']; //gets users ip address
function checkBlanks($array){
$counter = 0;
for( $counter; $counter < count($array); $counter++ ){
if( $array[$counter] == '' ){
return false;
}
}
return true;
}
function createNewUser(){
Global $ipAddress;
//strip tags to remove hamful scripting input into the boxes
$username = strip_tags($_POST['username2']);
$password = strip_tags($_POST['password2']);
$confirm = strip_tags($_POST['confirm1']);
$f_name = strip_tags($_POST['f_name1']);
$l_name = strip_tags($_POST['l_name1']);
$email = strip_tags($_POST['mail1']);
$code = strip_tags($_POST['code1']);
//Check to see if any of the fields are blank.
if( checkBlanks( array( $username, $password, $confirm, $f_name, $l_name, $email, $code ) ) ){
//In final version, the access code will be part of a SQL database
//Access codes will only be obtained from an admin
if( $code == 'test' ){
//make sure user is using correct password
if( $password == $confirm ) {
//check to see if username is taken (prolly not)
$file_handle = query('SELECT * FROM tb_users');
$match = checkForMatch($file_handle, 'username', $username);
//ok, so password and username are correct, and username is not taken
if(!$match){
//finally create new user.
$result = query("INSERT INTO tb_users (username, password, first_name, last_name, total_uploaded_kb, email, loggedIn, IP) VALUES ('$username', '$password', '$f_name.', '$l_name', '0', '$email', '1', '$ipAddress')");
if($result){
closeDatabase();
header('Location: main.php');
} else {
print 'There was a problem with the server';
}
} else {
print 'That username is already taken';
}
} else {
print 'Your password and confirm password do not match.';
}
} else {
print 'The Access Code is incorrect, please obtain a correct access code from a system admin.';
}
} else {
print 'One or more of the forms is blank.';
}
}
//Connects to the server MySQL database
$con = connectToServer();
if($con){
$dat = connectToDatabase('users');
if(!$dat){
print('Could not connect to database');
}
} else {
print('Could not connect to server');
}
/* This code will execute if the button submit2 is pressed*/
if(isset($_POST['submit2'])){
createNewUser();
}
?>
</head>
<body>
<div id='sub'>
<p>All fields are required.</p>
<form class='sub1' name='form2' method='POST' action='signup.php'>
Username
<input class='field' name='username2' type=Text><br><br>
Password
<input class='field' name='password2' type=Password><br><br>
Confirm Password
<input class='field' name='confirm1' type=Password><br><br>
First Name
<input class='field' name='f_name1' type=Text><br><br>
Last Name
<input class='field' name='l_name1' type=Text><br><br>
Email Address
<input class='field' name='mail1' type=Text><br><br>
Access Code
<input class='field' name='code1' type=Password><br><br>
<input class='button' name='submit2' type='Submit' value='Submit'>
</form>
</div>
</body>
</html>