not working code, please help!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: not working code, please help!

Post by social_experiment »

mysql_real_escape_string() is an important part of security regarding entering data into the database. It wouldn't hurt your script to have it in place. :)
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
elenait
Forum Newbie
Posts: 21
Joined: Thu Dec 09, 2010 8:23 am

Re: not working code, please help!

Post by elenait »

I understand, but the code doesn't work with it. and the data is already in the databse, I just extract it from there. So I hope it is not a big problem in this case :D
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: not working code, please help!

Post by social_experiment »

I see you quoted mysql_escape_string instead of mysql_real_escape_string(). What happens if you use it in your query, any error messages? Sure the data is already in the database but whoever is using your script is in effect 'adding' a value into a query that interacts with the database. Im no expert on SQL injection but if you leave it unprotected you are asking for trouble.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
elenait
Forum Newbie
Posts: 21
Joined: Thu Dec 09, 2010 8:23 am

Need a 'forgot password' code

Post by elenait »

Hello!
I need a working forgot password and send password code in php.
I have some , but it doesn't work :
And I prefer not to send the password, but a link to the site that enables changing the password, and confirmation email message after it.
Thank you in advance!


forgot_password.php

Code: Select all

<?php 
include "config.php";
include "shablon_bez_acc.php";?>
<table id='text11' width="380" border="0" cellpadding="3" cellspacing="1" align="center" >
<tr>
<td >Моля, въведете имейла си: </td></tr>
<tr>
<td width="67%"><form name="email_to" method="post" action="send_password_ac.php">
<input name="mail" type="text" id="mail" size="25">
<input type="submit" name="Submit" value="Submit">
</form>
</td>
</tr>
</table>


send_password_ac.php

<?

include "config.php";
// value sent from form
$mail=$_POST['mail'];

// table name
$tbl_name='users';


// retrieve password from table where e-mail = $email_to(mark@phpeasystep.com)
$sql="SELECT password FROM users WHERE mail='$mail'";
$result=mysql_query($sql);

// if found this e-mail address, row must be 1 row
// keep value in variable name "$count"
$count=mysql_num_rows($result);

// compare if $count =1 row
if($count==1){

$rows=mysql_fetch_array($result);

// keep password in $your_password
$your_password=$rows['password'];

// ---------------- SEND MAIL FORM ----------------

// send e-mail to ...
$to=$mail;

// Your subject
$subject="Your password here";

// From
$header="from: your name <your email>";

// Your message
$messages= "Your password for login to our website \r\n";
$messages.="Your password is $password \r\n";
$messages.="more message... \r\n";

// send email
$sentmail = mail($to,$subject,$messages,$header);

}

// else if $count not equal 1
else {
echo "<center>Имейл адресът не съществува в базата данни!</center><br>";
}

// if your email succesfully sent
if($sentmail){
echo "<center>Паролата Ви беше изпратена на посочения имейл.<br>
               <a href='index.php'>начало</а></center><br>";
}
else {
echo "<center>Паролата не може да бъде изпратена<br>
               <a href='index.php'>начало</а></center>";
}

?>
Last edited by Benjamin on Wed Dec 29, 2010 1:10 am, edited 1 time in total.
Reason: Added [syntax=php] tags.
elenait
Forum Newbie
Posts: 21
Joined: Thu Dec 09, 2010 8:23 am

image functions problem

Post by elenait »

Hello!
I have a problem with image functions, which I don't understand.
When I ran the code on my localhost it worked, now I upoladed on a web server and there is a problem:
(I marked the lines mentioned below)

Thank you in advance!


Warning: imagecreatetruecolor() [function.imagecreatetruecolor]: Invalid image dimensions in /home/artisti/public_html/check_image.php on line 117

Warning: imagecopyresampled(): supplied argument is not a valid Image resource in /home/artisti/public_html/check_image.php on line 119

Warning: imagejpeg(): supplied argument is not a valid Image resource in /home/artisti/public_html/check_image.php on line 120

Warning: imagedestroy(): supplied argument is not a valid Image resource in /home/artisti/public_html/check_image.php on line 122


code:

<? ob_start(); //Its turning on the output buffer. So any output is kept in the buffer. And ob_flush() is to flush the buffer ?><?php
session_start();

//if (isset($_SESSION['username'])) {
$type_id=$_SESSION['type_id'];
$username=$_SESSION['username'];
include "config.php";
//include "shablon.php";
//make variables available
if (isset($_POST['Submit'])) {
//$image_caption = $_POST['image_caption'];
//$username = $_POST['user'];
$image_tempname = $_FILES['image_filename']['name'];
date_default_timezone_set('Europe/Helsinki');
$today = date("Y-m-d");
define ("MAX_SIZE","500");


$size=filesize($_FILES['image_filename']['tmp_name']);

if ($size > MAX_SIZE*1024)

{echo "<div id='text11'><center>Рамерът е голям!<br>
Моля, <a href='check_image.php'>опитай</a> с по-малък файл!</center></div>";


//$errors=1;

exit;

}

//upload image and check for image type
//make sure to change your path to match your images directory
$ImageDir ="img_user/";

$ImageThumb = $ImageDir . "thumbs/";// za syzdavane na miniaturi
$ImageName = $ImageDir . $image_tempname;

if (move_uploaded_file($_FILES['image_filename']['tmp_name'],
$ImageName)) {

//get info about the image being uploaded
list($width, $height, $type, $attr) = getimagesize($ImageName);

switch ($type) {
case 1:
$ext = ".gif";
break;
case 2:
$ext = ".jpg";
break;
case 3:
$ext = ".png";
break;
default:
echo "<div id='text11'><center>Съжалявам, но файлът не беше от следните формати: GIF, JPG, или PNG <br></center></div>";
echo "<div id='text11'><center>Моля, <a href='check_image.php'>опитай пак</a>.</center></div>";
}
if ($type > 3) {
echo "<div id='text11'><center>Съжалявам, но файлът не беше от следните формати: GIF, JPG, или " .
"PNG .<br></center></div>";
echo "<div id='text11'><center>Моля, <a href='check_image.php'>опитай пак</a>.</center></div>";
} else {


//insert info into image table

$insert = "INSERT INTO images
(image_caption, username, image_date)
VALUES
('', '$username', '$today')";
$insertresults = mysql_query($insert)
or die(mysql_error());
if ($insertresults) {echo "<div id='text11'><center><h3>Файлът е качен успешно!</h3><br>
<a href='check_image.php'>опитай пак</a> или <a href='gallery.php'>виж галерия</a></div>" ;}






$lastpicid = mysql_insert_id();

$newfilename = $ImageDir . $lastpicid .".jpg";

if ($type == 2) {
rename($ImageName, $newfilename);
} else {
if ($type == 1) {
$image_old = imagecreatefromgif($ImageName);
} elseif ($type == 3) {
$image_old = imagecreatefrompng($ImageName);
}

//"convert" the image to jpg
$image_jpg = imagecreatetruecolor($width, $height);
imagecopyresampled($image_jpg, $image_old, 0, 0, 0, 0,
$width, $height, $width, $height);
imagejpeg($image_jpg, $newfilename);

imagedestroy($image_old);
imagedestroy($image_jpg);

}



$newthumbname = $ImageThumb . $lastpicid . ".jpg";

//get the dimensions for the thumbnail
$thumb_width = $width * 0.10;
$thumb_height = $height * 0.10;

//create the thumbnail
$largeimage = imagecreatefromjpeg($newfilename);
line 117: $thumb = imagecreatetruecolor($thumb_width, $thumb_height);
imagecopyresampled($thumb, $largeimage, 0, 0, 0, 0,
line : 119 $thumb_width, $thumb_height, $width, $height);
line 120 : imagejpeg($thumb, $newthumbname);
imagedestroy($largeimage);
line 122 : imagedestroy($thumb);}

}
}else{
$querycount="SELECT username FROM images WHERE username='$username' ";
$result=mysql_query($querycount) or die (mysql_error());
$num_rows = mysql_num_rows($result);
if ($num_rows<'6') {
?>
<html>
<head>
<title>Прикачете снимки!</title>
</head>
<body>

<form name="form1" method="post" action='<?=$_SERVER['PHP_SELF']?>'
enctype="multipart/form-data">

<table id='text11' border="0" cellpadding="5">


</tr><tr><td>Може да качите до 6 снимки, <? echo $username; ?>!</td></tr>
<tr><td>
Приемат се следните формати: GIF, JPG/JPEG и PNG.<br></td></tr><tr>
<td>Прикачи снимка: <input name="image_filename" type="file" id="image_filename" value=''></td><br>
</tr>

<br>
<tr><td align="center"><input type="submit" name="Submit" value="Прикачи"> <input type="reset" name="Submit2" value="Изчисти"></td></tr>

</form><tr><td align="center">
<a href='gallery.php'>виж галерия</a></td></tr></table>

</body>
</html><?php }}if (($num_rows=='6')||($num_rows>'6')) {exit ("<div id='text11'><center>Имате право да качите до 6 снимки!<br><a href='gallery.php'>виж галерия</a></center></div>");}

if (isset($_POST['Submit']) && ($size =='0')) {exit ("<div id='text11'><center>Моля, <a href='check_image.php'>прикачете</a> файл!</center></div>");}
//} else {header("Location:login.php");} ?>
<? ob_flush(); ?>
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: not working code, please help!

Post by social_experiment »

RE The forgotten password script : Passwords shouldn't be keep as plain text inside the database. If a user forgets their password you should reset the password, send it to them and urge them to change the password again once they login.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Post Reply