Page 1 of 2

im still a noob in need of help but ignore last topic

Posted: Thu Jul 10, 2008 5:20 am
by chrismarsden
ok please ignore my last topic,

using a new template now...

Code: Select all

<?php
/************* Membership V1.0 *******************/
/*
Released by AwesomePHP.com, under the GPL License, a
copy of it should be attached to the zip file, or
you can view it on http://AwesomePHP.com/gpl.txt
*/
/************* Membership V1.0 *******************/ 
 
//Call Database & Connect
require_once('headers/database.php');
connect();
 
//We need functions
require_once('headers/functions.php');
 
 
//Get Admin Values
$get_cd = mysql_query("SELECT * FROM `memb_config`");
while($each = mysql_fetch_assoc($get_cd)){$$each['config_name'] = $each['config_value'];}
 
//If retrieving password
if($_POST['Submit'] == 'Login'){
    //Check standard fields
    if(is_valid_email($_POST['user_email']) == false){$message = 'Please enter a valid email.';}
    if($message == NULL && $_POST['user_password'] == NULL){$message = 'Please enter password.';}
    
    //Check Cpatcha
    if($message == NULL){
        $realanswer = trim(encode_decode(hex2bin($_POST['registration_id']),$CF_ENCDEC));
        if($CF_CAPTHCA == 'IMAGE'){
            if($_POST['answer'] != $realanswer){
                $message = 'Please enter the correct verification code.';
            }
        } else {
            if($realanswer != '*' AND $realanswer != $_POST['answer']){
                $message = 'Please answer the question correctly.';
            }
        }
    }
    
    //Everything OK, procceed
    if($message == NULL){
        $_POST['user_email'] = mysql_escape_string($_POST['user_email']);
        $_POST['user_password'] = mysql_escape_string($_POST['user_password']);
        $get_user = mysql_fetch_assoc(mysql_query("SELECT * FROM `memb_userlist` WHERE `user_email`='$_POST[user_email]' AND
            `user_password`='$_POST[user_password]'"));
        if($get_user['user_email'] == $_POST['user_email']){
            @session_start();
            $usersession = generate_session(100);
            $host_name = '.'.str_replace('www.','',$_SERVER['HTTP_HOST']);
            setcookie("usersession", $usersession, time()+31104000000, "/", $host_name, 0);
            $_SESSION['usersession'] = $usersession;
            $user_ip = get_ip();
            $insert_session = @mysql_query("INSERT INTO `memb_usersessions` 
                (`session_id`,`user_id`,`session_date`) VALUES ('$usersession','$get_user[user_id]',NOW())");
            $update_acces = @mysql_query("UPDATE `user_list` SET `last_access`= NOW(),`last_ip`='$user_ip'
                WHERE `user_id`='$get_user[user_id]' LIMIT 1"); 
            die('Please proceed to <a href="profile.php">profile.php</a>');
        } else{ 
            $message = 'Invalid login credentials.';
        }           
    }
}
 
//Disconnect Database
disconnect_data();
?>
<form name="login" id="login" method="post" action="<?php=$_SERVER['PHP_SELF'];?>" style="display:inline;">
<table width="100%"  border="1" cellspacing="0" cellpadding="5">
  <tr>
    <td colspan="2"><div align="center"><font color="#999999" size="4">User Login </font></div></td>
    </tr>
    <?php
    if($message != NULL){
    ?>
  <tr bgcolor="#FFDDDD">
    <td colspan="2"><strong><font color="#FF0000"><?php=$message;?></font></strong></td>
  </tr>
  <?php } ?>
  <tr>
    <td width="50%">Please enter Email: </td>
    <td width="50%"><input name="user_email" type="text" id="user_email" value="<?php=$_POST['user_email'];?>">
      </td>
  </tr>
  <tr>
    <td>Please enter Password: </td>
    <td width="50%"><input name="user_password" type="password" id="user_password"></td>
  </tr>
  <?php
  if($CF_CAPTHCA == 'IMAGE'){?>
  <tr>
    <td>Enter Verification Code: </td>
    <td><table  border="0" cellspacing="0" cellpadding="5">
      <tr>
        <td class="acont"><div align="center">
            <?php
                $referenceid = md5(mktime()*rand());
                //Generate the random string
                $chars = array("a","A","b","B","c","C","d","D","e","E","f","F","g","G","h","H","i","I","j","J","k",
                "K","l","L","m","M","n","N","o","O","p","P","q","Q","r","R","s","S","t","T","u","U","v",
                "V","w","W","x","X","y","Y","z","Z","1","2","3","4","5","6","7","8","9");
                $length = $CF_LENGH;
                $textstr = "";
                for ($i=0; $i<$length; $i++) {
                   $textstr .= $chars[rand(0, count($chars)-1)];
                }
                $new_string = encode_decode($textstr,$CF_ENCDEC);
                $image_link = bin2hex($new_string);
                ?>
            <img src="captcha.php?code=<?php=$image_link;?>">
            <input name="registration_id" type="hidden" id="registration_id" value="<?php=$image_link;?>">
        </div></td>
      </tr>
      <tr>
        <td class="acont"><div align="center">
            <input name="answer" type="text" id="answer">
        </div></td>
      </tr>
    </table></td>
  </tr>
<?php
  } else {
    $f = fopen($CF_QUESTIONFILE,'r');
    while($t = fread($f,102465)){
        $content .= $t;
    }
    fclose($f);
    $content = trim(preg_replace('/\/\*.*\*\//ism', '', $content));
 
    $temp = explode("\n",$content);
    $random = rand(0,count($temp)-1);
    $rand = $temp[$random];
    list($question,$registration_id) = explode('\n\\',$rand);
    $registration_id = bin2hex(encode_decode($registration_id,$CF_ENCDEC));
  ?>
  <tr>
    <td>Answer this: <strong><?php=$question;?></strong> </td>
    <td><input name="answer" type="text" id="answer" value="<?php=$_POST['answer'];?>">
      <input name="registration_id" type="hidden" id="registration_id" value="<?php=$registration_id;?>"></td>
  </tr>
  <?php } ?>
  <tr>
    <td colspan="2"><div align="center">
      <input type="submit" name="Submit" id="Submit" value="Login">
    </div></td>
    </tr>
  <tr>
    <td colspan="2"><div align="center">[<a href="forgotpass.php">Forgot Password </a> - <a href="register.php">Register</a>] </div></td>
  </tr>
</table>
</form>
now there is something whong here because when i go to login.php in the email field the code:

Code: Select all

<?php=$_POST['user_email'];?>
and in the answer this field the code:

Code: Select all

<?php=$_POST['answer'];?>
appears?


can some one help me with this, im new to php and im still learning...

thanks :banghead:

Re: im still a noob in need of help but ignore last topic

Posted: Thu Jul 10, 2008 5:32 am
by Jaggeh
Can you edit your post and change

Code: Select all

...
to

Code: Select all

...
Once I can ead it clearly I'll try and help you out.

Thanks.

Re: im still a noob in need of help but ignore last topic

Posted: Thu Jul 10, 2008 6:30 am
by jayshields
Try using

Code: Select all

<?php echo $_POST['whatever']; ?>
instead of

Code: Select all

<?php=$_POST['whatever'];?>

Re: im still a noob in need of help but ignore last topic

Posted: Thu Jul 10, 2008 9:40 am
by chrismarsden
ok re posted code as requested.

i tried changing the = to echo but i get the same problem of the code appearing in the text box.

could this be a settings error as if i turn off short tags the error:

Parse error: syntax error, unexpected '=' in C:\wamp\www\login.php on line 78

any help is greatly appreciated... thanks for suggestions so far.

Code: Select all

<?php
/************* Membership V1.0 *******************/
/*
Released by AwesomePHP.com, under the GPL License, a
copy of it should be attached to the zip file, or
you can view it on http://AwesomePHP.com/gpl.txt
*/
/************* Membership V1.0 *******************/ 
 
//Call Database & Connect
require_once('headers/database.php');
connect();
 
//We need functions
require_once('headers/functions.php');
 
 
//Get Admin Values
$get_cd = mysql_query("SELECT * FROM `memb_config`");
while($each = mysql_fetch_assoc($get_cd)){$$each['config_name'] = $each['config_value'];}
 
//If retrieving password
if($_POST['Submit'] == 'Login'){
    //Check standard fields
    if(is_valid_email($_POST['user_email']) == false){$message = 'Please enter a valid email.';}
    if($message == NULL && $_POST['user_password'] == NULL){$message = 'Please enter password.';}
    
    //Check Cpatcha
    if($message == NULL){
        $realanswer = trim(encode_decode(hex2bin($_POST['registration_id']),$CF_ENCDEC));
        if($CF_CAPTHCA == 'IMAGE'){
            if($_POST['answer'] != $realanswer){
                $message = 'Please enter the correct verification code.';
            }
        } else {
            if($realanswer != '*' AND $realanswer != $_POST['answer']){
                $message = 'Please answer the question correctly.';
            }
        }
    }
    
    //Everything OK, procceed
    if($message == NULL){
        $_POST['user_email'] = mysql_escape_string($_POST['user_email']);
        $_POST['user_password'] = mysql_escape_string($_POST['user_password']);
        $get_user = mysql_fetch_assoc(mysql_query("SELECT * FROM `memb_userlist` WHERE `user_email`='$_POST[user_email]' AND
            `user_password`='$_POST[user_password]'"));
        if($get_user['user_email'] == $_POST['user_email']){
            @session_start();
            $usersession = generate_session(100);
            $host_name = '.'.str_replace('www.','',$_SERVER['HTTP_HOST']);
            setcookie("usersession", $usersession, time()+31104000000, "/", $host_name, 0);
            $_SESSION['usersession'] = $usersession;
            $user_ip = get_ip();
            $insert_session = @mysql_query("INSERT INTO `memb_usersessions` 
                (`session_id`,`user_id`,`session_date`) VALUES ('$usersession','$get_user[user_id]',NOW())");
            $update_acces = @mysql_query("UPDATE `user_list` SET `last_access`= NOW(),`last_ip`='$user_ip'
                WHERE `user_id`='$get_user[user_id]' LIMIT 1"); 
            die('Please proceed to <a href="profile.php">profile.php</a>');
        } else{ 
            $message = 'Invalid login credentials.';
        }           
    }
}
 
//Disconnect Database
disconnect_data();
?>
<form name="login" id="login" method="post" action="<?=$_SERVER['PHP_SELF'];?>" style="display:inline;">
<table width="100%"  border="1" cellspacing="0" cellpadding="5">
  <tr>
    <td colspan="2"><div align="center"><font color="#999999" size="4">User Login </font></div></td>
    </tr>
    <?php
    if($message != NULL){
    ?>
  <tr bgcolor="#FFDDDD">
    <td colspan="2"><strong><font color="#FF0000"><?php=$message; ?></font></strong></td>
  </tr>
  <?php } ?>
  <tr>
    <td width="50%">Please enter Email: </td>
    <td width="50%"><input name="user_email" type="text" id="user_email" value="<?=$_POST['user_email'];?>"> 
      </td>
  </tr>
  <tr>
    <td>Please enter Password: </td>
    <td width="50%"><input name="user_password" type="password" id="user_password"></td>
  </tr>
  <?php
  if($CF_CAPTHCA == 'IMAGE'){?>
  <tr>
    <td>Enter Verification Code: </td>
    <td><table  border="0" cellspacing="0" cellpadding="5">
      <tr>
        <td class="acont"><div align="center">
            <?php
                $referenceid = md5(mktime()*rand());
                //Generate the random string
                $chars = array("a","A","b","B","c","C","d","D","e","E","f","F","g","G","h","H","i","I","j","J","k",
                "K","l","L","m","M","n","N","o","O","p","P","q","Q","r","R","s","S","t","T","u","U","v",
                "V","w","W","x","X","y","Y","z","Z","1","2","3","4","5","6","7","8","9");
                $length = $CF_LENGH;
                $textstr = "";
                for ($i=0; $i<$length; $i++) {
                   $textstr .= $chars[rand(0, count($chars)-1)];
                }
                $new_string = encode_decode($textstr,$CF_ENCDEC);
                $image_link = bin2hex($new_string);
                ?>
            <img src="captcha.php?code=<?=$image_link;?>">
            <input name="registration_id" type="hidden" id="registration_id" value="<?=$image_link;?>">
        </div></td>
      </tr>
      <tr>
        <td class="acont"><div align="center">
            <input name="answer" type="text" id="answer">
        </div></td>
      </tr>
    </table></td>
  </tr>
<?php
  } else {
    $f = fopen($CF_QUESTIONFILE,'r');
    while($t = fread($f,102465)){
        $content .= $t;
    }
    fclose($f);
    $content = trim(preg_replace('/\/\*.*\*\//ism', '', $content));
 
    $temp = explode("\n",$content);
    $random = rand(0,count($temp)-1);
    $rand = $temp[$random];
    list($question,$registration_id) = explode('\n\\',$rand);
    $registration_id = bin2hex(encode_decode($registration_id,$CF_ENCDEC));
  ?>
  <tr>
    <td>Answer this: <strong><?=$question;?></strong> </td>
    <td><input name="answer" type="text" id="answer" value="<?=$_POST['answer'];?>">
      <input name="registration_id" type="hidden" id="registration_id" value="<?=$registration_id;?>"></td>
  </tr>
  <?php } ?>
  <tr>
    <td colspan="2"><div align="center">
      <input type="submit" name="Submit" id="Submit" value="Login">
    </div></td>
    </tr>
  <tr>
    <td colspan="2"><div align="center">[<a href="forgotpass.php">Forgot Password </a> - <a href="register.php">Register</a>] </div></td>
  </tr>
</table>
</form>

Re: im still a noob in need of help but ignore last topic

Posted: Thu Jul 10, 2008 10:16 am
by WebbieDave
<?php= is not a valid tag yet remains in your code. Change it to <?php echo
chrismarsden wrote:i tried changing the = to echo but i get the same problem of the code appearing in the text box.
I don't see this change in your code. Make sure you change all <?= to <?php echo then try running the code again.

Re: im still a noob in need of help but ignore last topic

Posted: Thu Jul 10, 2008 10:19 am
by chrismarsden
sorry i did change it but then changed it back when it didnt work.

Re: im still a noob in need of help but ignore last topic

Posted: Thu Jul 10, 2008 12:05 pm
by WebbieDave
Well, can you change it back and repost it?

Re: im still a noob in need of help but ignore last topic

Posted: Thu Jul 10, 2008 1:20 pm
by califdon
First of all, the previous posters are 100% correct, you can't expect php to recognize invalid syntax. Also, you are placing many of these <?php ... ?> calls from inside a quoted string, which can also never work. Put the quotation marks inside the php echo statement.

Re: im still a noob in need of help but ignore last topic

Posted: Thu Jul 10, 2008 1:56 pm
by WebbieDave
califdon wrote:you are placing many of these <?php ... ?> calls from inside a quoted string
Where is he or she doing that califdon, Jack of Zircons?

Re: im still a noob in need of help but ignore last topic

Posted: Thu Jul 10, 2008 6:20 pm
by califdon
WebbieDave wrote:
califdon wrote:you are placing many of these <?php ... ?> calls from inside a quoted string
Where is he or she doing that califdon, Jack of Zircons?
Several places, like:

Code: Select all

 ?>
  <tr>
     <td>Answer this: <strong><?php=$question;?></strong> </td>
     <td><input name="answer" type="text" id="answer" value="<?php=$_POST['answer'];?>">
He finished a php block, is now in plain html, and assigning a quoted string to the value attribute of the input element. Everything between the double quotes is a quoted string (he's not in php!).

Re: im still a noob in need of help but ignore last topic

Posted: Thu Jul 10, 2008 6:23 pm
by Benjamin
califdon, that's ok, it will still get interpreted by the PHP engine. I think the syntax highlighting is throwing you off.

<?php=$_POST['answer'];?> is not valid syntax however and I believe that would result in a parse error. = only works as echo with short tags.

Re: im still a noob in need of help but ignore last topic

Posted: Thu Jul 10, 2008 6:32 pm
by Eran
That's more than ok, it's common usage...

Re: im still a noob in need of help but ignore last topic

Posted: Thu Jul 10, 2008 6:40 pm
by Stryks
That is odd though ... outputting the <?php tags as part of the output. I would have expected an error message to be embedded before actually seeing the tags in output. Never actually tried this syntax though, so perhaps the = is stopping the <?php tag being recognized.

Either that or ... are we sure that PHP is actually parsing?

Re: im still a noob in need of help but ignore last topic

Posted: Thu Jul 10, 2008 6:46 pm
by Eran
No, PHP isn't parsing since it isn't recognizing the tags.

Re: im still a noob in need of help but ignore last topic

Posted: Thu Jul 10, 2008 6:50 pm
by califdon
I guess you're right. Perhaps it was the highlighting that threw me off. Sure, I've even done that, myself, although I usually avoid writing it that way. And of course you're right about the = sign. I think that works with ASP.

Well, I wish I could say that's the first time I've been wrong, but even if I did, you wouldn't believe me! :oops: