I used to store all my data in 000webhost, today I decided to move to hostinger. So.. after moving it I replaced the old mysql_connect info by the new one. Alright, after doing that I tested it, everything has ran fine, except some echo functions.
check file (connects to the server and do the login):
<?php
$servidorr = "mysql.XXXX.co.uk";
$bdd = "XXXXXXXX";
$usuarioo = "XXXXX";
$senhaa = "XXXXXXX";
if (!empty($_POST) AND (empty($_POST['usuario']) OR empty($_POST['senha']))) {
header("Location: geton"); exit;
}
mysql_connect($servidorr, $usuarioo, $senhaa) or trigger_error(mysql_error());
mysql_select_db($bdd) or trigger_error(mysql_error());
$usuario = mysql_real_escape_string($_POST['usuario']);
$senha = mysql_real_escape_string($_POST['senha']);
$lang = mysql_real_escape_string($_POST['lang']);
$sql = "SELECT `id`, `nome`, `nivel` FROM `usuarios` WHERE (`usuario` = '". $usuario ."') AND (`senha` = '". sha1($senha) ."') AND (`ativo` = 1) LIMIT 1";
$updatelang = "UPDATE usuarios SET lang='$lang' WHERE usuario='$usuario'";
$query = mysql_query($sql);
if (mysql_num_rows($query) != 1) {
echo "<script>alert('Oops! Looks like there is something wrong with your login! *perhaps a typo or you did not fill out the fields*'); location.href='geton'</script>"; exit;
} else {
$resultado = mysql_fetch_assoc($query);
mysql_query($updatelang);
if (!isset($_SESSION)) session_start();
$_SESSION['UsuarioID'] = $resultado['id'];
$_SESSION['UsuarioNome'] = $resultado['nome'];
$_SESSION['usuario'] = $resultado['usuario'];
$_SESSION['UsuarioNivel'] = $resultado['nivel'];
$_SESSION['lang'] = $resultado['lang'];
header("Location: http://mapmaking.zz.mu/pages/home"); exit;
}
?>
Home file (these echos are just for testing and this is not the original file, the original one has the same php stuff, except the echo functions, those are in random lines):
<?php
if (!isset($_SESSION)) session_start();
$tlang = $_SESSION['UsuarioLang'];
$aclevel = $_SESSION['UsuarioNivel'];
$nick = $_SESSION['UsuarioNome'];
$neededal = 1;
if (!isset($_SESSION['UsuarioID']) OR ($_SESSION['UsuarioNivel'] < $neededal)) {
session_destroy();
header("Location: http://inside.mapmaking.uk.to/geton"); exit;
}
session_start();
echo $tlang;
echo $aclevel;
echo $nick;
echo "$level$tlang$tlang";
?>
[this one basically start the session and check if the connected user acess level is 1]
Echo $tlang does not work! :( somehow it doesn’t, I have no idea why ;_;
Hope you guys help me, thank you!!
$_SESSION['lang'] != $_SESSION['UsuarioLang']
You assign a value to the first one, yet expect value from the second one.
$_SESSION['lang'] = $resultado['lang'];
$tlang = $_SESSION['UsuarioLang'];
Change this line:
$_SESSION['lang'] = $resultado['lang'];
to the following:
$_SESSION['UsuarioLang'] = $resultado['lang'];
You should also call session_start() without the isset check. Also, you should consider using && instead of AND and || instead of OR, as PHP has weird operator precedence rules (the assignment = has a higher precendence than either AND or OR).
Related
what my code does now is its posting the session in the database and everytime I refresh this page it keeps posting the same session again and again. I don't get why? The solution is probably a simple one but I tried everything. Hope to get some help.
<?php
session_start();
require '../../required/connection.php';
require '../../required/functions.php';
if (!isset($_SESSION['alive']))
{
$id = $_GET['trxid'];
$_SESSION['alive'] = uniqid();
$currentSession = $_SESSION['alive'];
$checkQuery = "SELECT token FROM request_data WHERE token='$currentSession'";
$checkResult = mysqli_query($con, $checkQuery);
$row = mysqli_num_rows($checkResult);
if($row < 1)
{
$firstQuery = "INSERT INTO request_data (token, link) VALUES ('$currentSession', '$id')";
$firstResult = mysqli_query($con, $firstQuery);
}
}
I think that something went wrong in your connection.php or functions.php. Is it also possible that you have server errors that lead to this behavior? Further it could be that you have modified the configurations of sessions in the php.ini (for example the lifetime)?
The following example is based on your code and works on the page phpfiddle.org
<?php
session_start();
// just for testing - you can comment it in and out
//$_SESSION['alive'] = null;
if (!isset($_SESSION['alive'])) {
echo 'FALSE; <br/>';
$_SESSION['alive'] = uniqid();
echo 'AFTER = "'. $_SESSION['alive'] . '"';
} else {
echo 'TRUE = "'. $_SESSION['alive'] . '"';
}
?>
This sql function works on all my scripts except this one. Does anyone see what's wrong with it? The part that isn't working... is the part where it's supposed to insert the variable into a table. The include is for logging in the database, and that's all correct(I double checked).
<?php
session_start();
include_once 'dbh.php';
$confirm = $_POST['confirm'];
$check = $_SESSION['forum_name'];
if ($confirm == $check) {
include_once 'dbh.php';
$sql = "INSERT INTO forum_names (name) VALUES ('$forum_name');";
$result = mysqli_query($conn, $sql);
header("Location: ../redir.php?postsuccess=success");
} else {
echo "Your names do not match" . " ";
echo "<a href='../redir.php'>Click here to try again</a>";
}
?>
$forum_name doesn't exist. Therefore, either replace it with $check, or replace $check with $forum_name.
I have zero idea how this could possibly work on other pages using that code.
I want to make a shop for my website, so I need MySQL.
I want to take 50 Golds from the user, and give 5 atkdmg.
My current script looks like this:
<?php
ob_start();
session_start();
print('<meta http-equiv="content-type" content="text/html; charset=UTF-8"
/>');
include('config.php');
if(isset($_SESSION['rank']) && $_SESSION['rank'] >= 1)
{
if(isset($_SESSION['Gold']) && $_SESSION['Gold'] >= 50)
{
mysql_query("UPDATE users SET Gold = $_SESSION[Gold]-50 WHERE id =
$_SESSION[id];");
mysql_query("UPDATE users SET AtkDmg = $_SESSION[AtkDmg] + 5' WHERE id =
$_SESSION[id];");
} else header('location: shop.php');
} else header('location: login.php');
mysql_close()
?>
What is session? here it is:
<?php
ob_start();
session_start();
include('config.php');
include('login_form.php');
if(isset($_POST["login"])){
$nickname = $_POST["nickname"];
$password = md5($_POST["password"]);
$lekerdezes = mysql_query("SELECT * FROM users WHERE nickname =
'".mysql_real_escape_string($nickname)."' AND password = '$password'");
$vanelekerdezes = mysql_num_rows($lekerdezes);
if ($vanelekerdezes>0)
{
header('location: login.php');
$adatok=mysql_fetch_assoc($lekerdezes);
$_SESSION["id"]=$adatok["id"];
$_SESSION['bann'] = 0;
$_SESSION["nickname"]=$adatok["nickname"];
$_SESSION["rank"]=$adatok["rank"];
$_SESSION["Gold"]=$adatok["Gold"];
$_SESSION["AtkDmg"]=$adatok["AtkDmg"];
}
else
{
print 'Hibás felhasználónév vagy jelszó!';
print mysql_error();
}
} else if(isset($_SESSION["nickname"])){
header('location: home.php');
}
?>
I hope you can help me, I'm still learning PHP, so maybe that's why I can't fix this simple thing... So if you would write: learn PHP, I'm already doing that :)
First, adjust the session var:
$gold = $_SESSION['Gold'] = $_SESSION['Gold'] - 50;
$attackDamage = $_SESSION['AtkDmg'] = $_SESSION['AtkDmg'] + 5;
Edit your SQL strings like this:
"UPDATE users SET AtkDmg = $attackDamage etc etc
I used this series and I'm up to this video and mysql_num_rows has been pissing me off ever since the start.
http://www.youtube.com/watch?v=HP75yyjHgTg
i have easily spent 5 hours simply trying to fix all these mysql_num_rows errors.
At the Moment I'm doing profile page and I'm getting an error.
The Error is:
Warning: mysql_num_rows() expects parameter 1 to be resource, null given in /home/ztechrel/public_html/TESTING/blarg/REMAKE/profile.php on line 8 (line one is the mysql_num_rows part)
The Code in profile.php is:
<?php include("inc/incfiles/header.php"); ?>
<?php
if(isset($_GET['u'])) {
$username = mysql_real_escape_string($_GET['u']);
if(ctype_alnum($username)) //check user exists
$check = mysql_query("SELECT username,first_name FROM users WHERE username='$username'");
if(mysql_num_rows($check)===1)
{
$get = mysql_fetch_assoc($check);
$username = $get['username'];
$firstname = $get['first_name'];
}
else
{
echo "<h2>User Does Not Exist</h2>";
exit();
}
}
?>
is there a way i can fix this?
Or does anyone know another way i can write this?
I wouldn't be surprised he uses mysql_num_rows again, is there something i can use instead which is easy to implement?
If you need any other info just ask.
use this for checking error in your query
$username = mysql_real_escape_string($_GET['u']);
if(ctype_alnum($username)) {
//check user exists
$check = mysql_query("SELECT username,first_name FROM users
WHERE username='$username'") or die(mysql_error());
if(mysql_num_rows($check)===1){
$get = mysql_fetch_assoc($check);
$username = $get['username'];
$firstname = $get['first_name'];
}
else
{
echo "<h2>User Does Not Exist</h2>";
exit();
}
}
Make sure you are capture errors from PHP.
It might be the previous statement mysql_query is not executed and hence result is not set.
Try with below if mysql_query is executing properly or note
$check = mysql_query("SELECT username,first_name FROM users WHERE username='$username'") or die(mysql_error()."<br>".$sql);
This means your query returns nothing. Put echo for your query and display it in browser. Then copy the query and run it in phpmyadmin or mysql query browser or some other mysql editor. Try to find whether $username has correct value or any field name is wrong in the query.
Make sure variable $username is not empty., ctype_alnum is returning false. So $query is empty.
<?php include("inc/incfiles/header.php"); ?>
<?php
if(isset($_GET['u'])) {
$username = mysql_real_escape_string($_GET['u']);
if ($username != "" && if(ctype_alnum($username))) {
$check = mysql_query("SELECT username,first_name FROM users WHERE username='$username'");
if(mysql_num_rows($check)===1)
{
$get = mysql_fetch_assoc($check);
$username = $get['username'];
$firstname = $get['first_name'];
}
else
{
echo "<h2>User Does Not Exist</h2>";
exit();
}
}
}
?>
Here it's I have a problem with my PHP Code + Oracle Login form.
In this PHP file, I make login function. But I have an error like this :
Warning: oci_num_rows() expects parameter 1 to be resource, string given in C:\xampp\htdocs\developers\it\session.php on line 12
Wrong
-
<?php
session_start();
include ("config.php");
$username = $_POST['username'];
$password = $_POST['password'];
$do = $_GET['do'];
if($do=="login")
{
$cek = "SELECT PASSWORD, USER_LEVEL FROM T_USERS WHERE USERNAME='$username' AND PASSWORD='$password'";
$result = oci_parse($conn, $cek);
oci_execute($result);
if(oci_num_rows($cek)==1)
{
$c = oci_fetch_array($result);
$_SESSION['username'] = $c['username']; ociresult($c,"USERNAME");
$_SESSION['USER_LEVEL'] = $c['USER_LEVEL']; ociresult($c,"USER_LEVEL");
if($c['USER_LEVEL']=="ADMINISTRATOR")
{
header("location:supervisor.php");
}
else if($c['user_level']=="User")
{
header("location:user.php");
}
else if($c['user_level']=="Root")
{
header("location:administrator.php");
}
else if($c['user_level']=="Manager")
{
header("location:manager.php");
}
else if($c['user_level']=="Admin")
{
header("location:admin.php");
}
else if($c['user_level']=="Director")
{
header("location:director.php");
}
}
else
{
echo "Wrong";
}
}
?>
I have tried to search in google, but still don't find anything.
Someone knows, what's the problem ?
Thanks for advance.
According to your script instead of
if(oci_num_rows($cek)==1)
you should call
if(oci_num_rows($result)==1)
You probably want to use $result and not $cek when you're asking for the number of rows returned from oci_num_rows(). However, you really want to avoid using $username and $password directly in the string like that. It'll make you wide open for SQL injection attacks, so look into using oci_parse together with oci_bind_by_name.
After that you should also always call exit() after the sequence of redirects, as the script will continue running if you don't (and that might be a security issue other places).
I also got the same case, so I tricked it with a script like this, but I don't know whether there was an impact or not. because the session and validation went smoothly.
$username =$_POST['username'];
$password = $_POST['password'];
$conn = oci_connect('xxx', 'xxx', 'localhost/MYDB');
$pass_encription = md5($password);
$query = "SELECT * from *table_name* WHERE *field1*='".$username."' and *field2*='".$password."'";
$result = oci_parse($conn, $query);
oci_execute($result);
$exe = oci_fetch($result);
if ($exe > 0)
{
oci_close($conn);
oci_execute($result);
$row =oci_fetch_array($result);
$sid = $row['field_1_parameter'];
$snama = $row['field_2_parameter'];
$sjab = $row['field_3_parameter'];
$session = array (
'field_1_array' =>$sid,
'field_2_array' =>$snama,
'field_3_array' =>$sjab
);
if($sjab == 'Administrator')
{
$this->session->set_userdata($session);
redirect('redirecting_page');
}
`