Page 3 of 3

Re: not working code, please help!

Posted: Tue Dec 28, 2010 5:36 am
by social_experiment
mysql_real_escape_string() is an important part of security regarding entering data into the database. It wouldn't hurt your script to have it in place. :)

Re: not working code, please help!

Posted: Tue Dec 28, 2010 5:49 am
by elenait
I understand, but the code doesn't work with it. and the data is already in the databse, I just extract it from there. So I hope it is not a big problem in this case :D

Re: not working code, please help!

Posted: Tue Dec 28, 2010 8:45 am
by social_experiment
I see you quoted mysql_escape_string instead of mysql_real_escape_string(). What happens if you use it in your query, any error messages? Sure the data is already in the database but whoever is using your script is in effect 'adding' a value into a query that interacts with the database. Im no expert on SQL injection but if you leave it unprotected you are asking for trouble.

Need a 'forgot password' code

Posted: Wed Dec 29, 2010 1:09 am
by elenait
Hello!
I need a working forgot password and send password code in php.
I have some , but it doesn't work :
And I prefer not to send the password, but a link to the site that enables changing the password, and confirmation email message after it.
Thank you in advance!


forgot_password.php

Code: Select all

<?php 
include "config.php";
include "shablon_bez_acc.php";?>
<table id='text11' width="380" border="0" cellpadding="3" cellspacing="1" align="center" >
<tr>
<td >Моля, въведете имейла си: </td></tr>
<tr>
<td width="67%"><form name="email_to" method="post" action="send_password_ac.php">
<input name="mail" type="text" id="mail" size="25">
<input type="submit" name="Submit" value="Submit">
</form>
</td>
</tr>
</table>


send_password_ac.php

<?

include "config.php";
// value sent from form
$mail=$_POST['mail'];

// table name
$tbl_name='users';


// retrieve password from table where e-mail = $email_to(mark@phpeasystep.com)
$sql="SELECT password FROM users WHERE mail='$mail'";
$result=mysql_query($sql);

// if found this e-mail address, row must be 1 row
// keep value in variable name "$count"
$count=mysql_num_rows($result);

// compare if $count =1 row
if($count==1){

$rows=mysql_fetch_array($result);

// keep password in $your_password
$your_password=$rows['password'];

// ---------------- SEND MAIL FORM ----------------

// send e-mail to ...
$to=$mail;

// Your subject
$subject="Your password here";

// From
$header="from: your name <your email>";

// Your message
$messages= "Your password for login to our website \r\n";
$messages.="Your password is $password \r\n";
$messages.="more message... \r\n";

// send email
$sentmail = mail($to,$subject,$messages,$header);

}

// else if $count not equal 1
else {
echo "<center>Имейл адресът не съществува в базата данни!</center><br>";
}

// if your email succesfully sent
if($sentmail){
echo "<center>Паролата Ви беше изпратена на посочения имейл.<br>
               <a href='index.php'>начало</а></center><br>";
}
else {
echo "<center>Паролата не може да бъде изпратена<br>
               <a href='index.php'>начало</а></center>";
}

?>

image functions problem

Posted: Wed Dec 29, 2010 2:46 am
by elenait
Hello!
I have a problem with image functions, which I don't understand.
When I ran the code on my localhost it worked, now I upoladed on a web server and there is a problem:
(I marked the lines mentioned below)

Thank you in advance!


Warning: imagecreatetruecolor() [function.imagecreatetruecolor]: Invalid image dimensions in /home/artisti/public_html/check_image.php on line 117

Warning: imagecopyresampled(): supplied argument is not a valid Image resource in /home/artisti/public_html/check_image.php on line 119

Warning: imagejpeg(): supplied argument is not a valid Image resource in /home/artisti/public_html/check_image.php on line 120

Warning: imagedestroy(): supplied argument is not a valid Image resource in /home/artisti/public_html/check_image.php on line 122


code:

<? ob_start(); //Its turning on the output buffer. So any output is kept in the buffer. And ob_flush() is to flush the buffer ?><?php
session_start();

//if (isset($_SESSION['username'])) {
$type_id=$_SESSION['type_id'];
$username=$_SESSION['username'];
include "config.php";
//include "shablon.php";
//make variables available
if (isset($_POST['Submit'])) {
//$image_caption = $_POST['image_caption'];
//$username = $_POST['user'];
$image_tempname = $_FILES['image_filename']['name'];
date_default_timezone_set('Europe/Helsinki');
$today = date("Y-m-d");
define ("MAX_SIZE","500");


$size=filesize($_FILES['image_filename']['tmp_name']);

if ($size > MAX_SIZE*1024)

{echo "<div id='text11'><center>Рамерът е голям!<br>
Моля, <a href='check_image.php'>опитай</a> с по-малък файл!</center></div>";


//$errors=1;

exit;

}

//upload image and check for image type
//make sure to change your path to match your images directory
$ImageDir ="img_user/";

$ImageThumb = $ImageDir . "thumbs/";// za syzdavane na miniaturi
$ImageName = $ImageDir . $image_tempname;

if (move_uploaded_file($_FILES['image_filename']['tmp_name'],
$ImageName)) {

//get info about the image being uploaded
list($width, $height, $type, $attr) = getimagesize($ImageName);

switch ($type) {
case 1:
$ext = ".gif";
break;
case 2:
$ext = ".jpg";
break;
case 3:
$ext = ".png";
break;
default:
echo "<div id='text11'><center>Съжалявам, но файлът не беше от следните формати: GIF, JPG, или PNG <br></center></div>";
echo "<div id='text11'><center>Моля, <a href='check_image.php'>опитай пак</a>.</center></div>";
}
if ($type > 3) {
echo "<div id='text11'><center>Съжалявам, но файлът не беше от следните формати: GIF, JPG, или " .
"PNG .<br></center></div>";
echo "<div id='text11'><center>Моля, <a href='check_image.php'>опитай пак</a>.</center></div>";
} else {


//insert info into image table

$insert = "INSERT INTO images
(image_caption, username, image_date)
VALUES
('', '$username', '$today')";
$insertresults = mysql_query($insert)
or die(mysql_error());
if ($insertresults) {echo "<div id='text11'><center><h3>Файлът е качен успешно!</h3><br>
<a href='check_image.php'>опитай пак</a> или <a href='gallery.php'>виж галерия</a></div>" ;}






$lastpicid = mysql_insert_id();

$newfilename = $ImageDir . $lastpicid .".jpg";

if ($type == 2) {
rename($ImageName, $newfilename);
} else {
if ($type == 1) {
$image_old = imagecreatefromgif($ImageName);
} elseif ($type == 3) {
$image_old = imagecreatefrompng($ImageName);
}

//"convert" the image to jpg
$image_jpg = imagecreatetruecolor($width, $height);
imagecopyresampled($image_jpg, $image_old, 0, 0, 0, 0,
$width, $height, $width, $height);
imagejpeg($image_jpg, $newfilename);

imagedestroy($image_old);
imagedestroy($image_jpg);

}



$newthumbname = $ImageThumb . $lastpicid . ".jpg";

//get the dimensions for the thumbnail
$thumb_width = $width * 0.10;
$thumb_height = $height * 0.10;

//create the thumbnail
$largeimage = imagecreatefromjpeg($newfilename);
line 117: $thumb = imagecreatetruecolor($thumb_width, $thumb_height);
imagecopyresampled($thumb, $largeimage, 0, 0, 0, 0,
line : 119 $thumb_width, $thumb_height, $width, $height);
line 120 : imagejpeg($thumb, $newthumbname);
imagedestroy($largeimage);
line 122 : imagedestroy($thumb);}

}
}else{
$querycount="SELECT username FROM images WHERE username='$username' ";
$result=mysql_query($querycount) or die (mysql_error());
$num_rows = mysql_num_rows($result);
if ($num_rows<'6') {
?>
<html>
<head>
<title>Прикачете снимки!</title>
</head>
<body>

<form name="form1" method="post" action='<?=$_SERVER['PHP_SELF']?>'
enctype="multipart/form-data">

<table id='text11' border="0" cellpadding="5">


</tr><tr><td>Може да качите до 6 снимки, <? echo $username; ?>!</td></tr>
<tr><td>
Приемат се следните формати: GIF, JPG/JPEG и PNG.<br></td></tr><tr>
<td>Прикачи снимка: <input name="image_filename" type="file" id="image_filename" value=''></td><br>
</tr>

<br>
<tr><td align="center"><input type="submit" name="Submit" value="Прикачи"> <input type="reset" name="Submit2" value="Изчисти"></td></tr>

</form><tr><td align="center">
<a href='gallery.php'>виж галерия</a></td></tr></table>

</body>
</html><?php }}if (($num_rows=='6')||($num_rows>'6')) {exit ("<div id='text11'><center>Имате право да качите до 6 снимки!<br><a href='gallery.php'>виж галерия</a></center></div>");}

if (isset($_POST['Submit']) && ($size =='0')) {exit ("<div id='text11'><center>Моля, <a href='check_image.php'>прикачете</a> файл!</center></div>");}
//} else {header("Location:login.php");} ?>
<? ob_flush(); ?>

Re: not working code, please help!

Posted: Wed Dec 29, 2010 7:48 am
by social_experiment
RE The forgotten password script : Passwords shouldn't be keep as plain text inside the database. If a user forgets their password you should reset the password, send it to them and urge them to change the password again once they login.