Page 5 of 27 First ... 3456715 ... Last
  • Jump to page:
    #61
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    1
    Rep Power
    0
    Thanks for your awesome tutorial!

    I'm wondering how to integrate an idle timeout to destroy the session if a user leaves the computer and forgets to logout?
  2. #62
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Hi,

    simply store the current timestamp on each request, either in the session itself or in the database (in case you also need it elsewhere). Each time you resume the session, check the timestamp and see if it's outside your time limit. If it is, destroy the session.

    PHP Code:
    <?php

    define
    ('SESSION_TIMEOUT'60);        // in minutes; this should be in some global configuration file

    function session_timed_out() {
        return isset(
    $_SESSION['last_activity']) && time() >= $_SESSION['last_activity'] + SESSION_TIMEOUT 60;
    }

    function 
    logout() {
        if (
    session_id()) {
            
    // clear $_SESSION array
            
    $_SESSION = array();
            
    // delete session file
            
    session_destroy();
            
    // delete session cookie
            
    if (ini_get('session.use_cookies')) {
                
    $session_cookie_params session_get_cookie_params();
                
    setcookie(
                    
    session_name(), ''time() - 24 60 60
                    
    $session_cookie_params['path'], $session_cookie_params['domain'],
                    
    $session_cookie_params['secure'], $session_cookie_params['httponly']
                );
            }
        }
    }
        

    session_start();

    // check timeout
    if (session_timed_out()) {
        echo 
    'the session has timed out!';
        
    logout();
    } else {
        
    $_SESSION['last_activity'] = time();
    }
    Last edited by Jacques1; February 1st, 2013 at 08:20 PM.
  4. #63
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    1
    Rep Power
    0
    thx for this awesome thread.
    If i may ask (if it's out of topic then i'm very sorry),

    Is it possible to make the login to accept 2 input (such as if the user forget the username, he can use email address instead, since email address is also a unique key)

    Do i modify it in the coding or in the query?

    PHP Code:
    $query "
                SELECT
                    id,
                    username,
                    password,
                    salt,
                    email,
                FROM users
                WHERE
                    username = :username
            "

    I'm guessing this is where i have to change it since this detects if the username is the same or not (though im still a bit unclear about token)

    Thanks in advance
  6. #64
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    7
    Rep Power
    0

    Greetings from chile


    Hi, it is an excellent tutorial. I would like to add a Level access to pages.
    I am not expert on php that is why i ask you to help me a little more.
    I need only 3 differente level access: 1: goes to index1.php, 2: goes to index2.php and 3 goes to index3.php.

    You have called it private.php

    Thanks
  8. #65
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    4
    Rep Power
    0
    I'm new to PHP, and am of course being difficult & trying to develop on a Windows box.

    I've read through the code & everything makes sense, but I can't get anything to work. Do I need anything other than the files named in the first post to get up & running?

    I have a MySQL database up & running. I have PHP installed on IIS, which returns fine when calling a file with
    PHP Code:
    <?php phpinfo(); ?>
    in it.

    Whenever I try to call any of the files I've created based on this tutorial, all I get is a white screen. Clearly I'm doing something wrong since everyone else is having such success with this.

    Can someone help a n00b out, please?
  10. #66
  11. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    Adding custom user levels is a matter of modifying the check that you perform at the top of the private pages:
    PHP Code:
    // At the top of the page we check to see whether the user is logged in or not
        
    if(empty($_SESSION['user']))
        {
            
    // If they are not, we redirect them to the login page.
            
    header("Location: login.php");
            
            
    // Remember that this die statement is absolutely critical.  Without it,
            // people can view your members-only content without logging in.
            
    die("Redirecting to login.php");
        } 
    Instead of only checking to see whether $_SESSION['user'] is empty, you also need to check to make sure the specific user is authorized to view the page. Remember that $_SESSION['user'] is an array that contains data about the user, so you could use this to get their username or any other piece of data related to that user.

    You could also add a new field to the database to store their user level, and you could retrieve their user level in this array as well. In order to do this, you would also need to modify the query in login.php so that the user level field is retrieved from the MySQL database when the user logs in.

    ----

    I have never used PHP with IIS before, but I would guess that you don't have the MySQL extension enabled in php.ini. phpinfo() will tell you both the location of php.ini, and whether or not you actually have the MySQL extension enabled.

    The blank white screen occurs because you have display errors turned off. See the FAQ for details on how to turn that on by editing php.ini.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  12. #67
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    4
    Rep Power
    0
    Originally Posted by E-Oreo
    I have never used PHP with IIS before, but I would guess that you don't have the MySQL extension enabled in php.ini. phpinfo() will tell you both the location of php.ini, and whether or not you actually have the MySQL extension enabled.

    The blank white screen occurs because you have display errors turned off. See the FAQ for details on how to turn that on by editing php.ini.
    This was exactly my problem. A while ago, when first getting into PHP on IIS, I used the PDO connection for MSSQL. For the sake of learning through your tutorial, I installed a MySQL database and tried to connect to it without enabling the MySQL PDO connections.

    And you were also on the money with your note about displaying errors being turned off. It looks like the default install needed me to set up my error reporting explicitly.

    For anyone that is seeing issues in IIS, I'd suggest this:
    1. Ensure PHP Manager is installed.
    2. Under PHP Extensions, Enable php_pdo_mysql.dll
    3. (I added all mysql exensions for the sake of testing)
    4. Under PHP Settings, click Configure error reporting & click "Development Machine"


    This got me up & running with just the details from E-Oreo's post.

    THANK YOU, E-Oreo! I was at wit's end & was about ready to go back to C#, which is not what I wanted to do.
  14. #68
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    4
    Rep Power
    0
    If anyone is interested in running this on MSSQL through PDO, the following is essentially all you need to change (assuming your PHP config references MSSQL PDO):

    In "common.php":
    From:
    PHP Code:
    $db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8"$username$password$options); 
    To:
    PHP Code:
    $db = new PDO("sqlsrv:Server={$host};Database={$dbname}"$username$password); 
    This is working for me, but I have no idea what I'm doing, so someone please correct me if I'm doing something wrong.
  16. #69
  17. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    2
    Rep Power
    0

    edit_account.php


    Could you help me please.I have added postcode to the database


    I keep getting error on edit_account <br /><b>Notice</b>: Undefined index: postcode in <b>C:\xampp\htdocs\tutorials\test3\edit_account.php</b> on line <b>182</b><br />

    If change I it, it works after that. Just the first time the edit_account loads

    the 2 lines I put in to retrieve the date are the postcode lines in the below

    $query_params = array(
    ':email' => $_POST['email'],
    'ostcode' => $_POST['postcode'],
    ':user_id' => $_SESSION['user']['id'],





    $_SESSION['user']['postcode'] = $_POST['postcode'];



    Thanks
  18. #70
  19. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    6
    Rep Power
    0

    Error Codes(die) In Div


    I am fairly new to php I have successfully edited part of the codes to suit the website I am building

    but I would like to place the error messages (die messages) from the forms (register, login and edit) in a div called "status" which will be hidden within the forms about the submit so that when the form is submitted instead of redirecting to a individual page and displaying the message is displays with the form in the status div

    could anybody possible help me with this ?

    Many Thanks
  20. #71
  21. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    I keep getting error on edit_account <br /><b>Notice</b>: Undefined index: postcode in <b>C:\xampp\htdocs\tutorials\test3\edit_account.php</b> on line <b>182</b><br />
    You probably have something like this in your code:
    Code:
    <input type="text" name="postcode" value="<?php echo htmlentities($_POST['postcode'], ENT_QUOTES, 'UTF-8'); ?>" />
    However, $_POST['postcode'] is undefined unless you have submitted your form. So you need to first check whether it has been defined before you try to output it.
    Code:
    <input type="text" name="postcode" value="<?php if(isset($_POST['postcode'])) echo htmlentities($_POST['postcode'], ENT_QUOTES, 'UTF-8'); ?>" />
    ----

    but I would like to place the error messages (die messages) from the forms (register, login and edit) in a div called "status" which will be hidden within the forms about the submit so that when the form is submitted instead of redirecting to a individual page and displaying the message is displays with the form in the status div
    This requires restructuring the flow of the processing code, but isn't a major change. One common approach is to use an array to collect error messages from your process code, and then at the end of the processing code, only proceed with finalization (ex: running an insert or update query) if no errors were found.

    For example, currently the edit page is fundamentally structured like this:
    Code:
    if(invalid email) {
      stop processing and show error
    }
    
    if(email in use) {
      stop processing and show error
    }
    
    update the user account
    
    show the form
    As a result of this structure, "update the user account" and "show the form" are not run if "stop processing and show error" is hit. However, what you want to do is change this so that "show the form" is always shown regardless of whether an error occurs. However, you still want "update the user account" to only be run if no errors occur.

    So a simple way to restructure this:
    Code:
    $errors = array();
    
    if(invalid email) {
      $errors[] = "invalid email error";
    }
    
    if(email in use) {
      $errors[] = "email in user error";
    }
    
    if(empty($errors)) {
      update the user account
    }
    
    show errors if any
    show the form
    Now, instead of an error ending the script, it simply accumulates in the $errors array and the script continues. Since an error no longer ends the script, you now need to wrap the update code inside an if statement as well. If $errors is empty, you know that no errors have occurred and it is OK to run the update. Then immediately before you output your form, you can also output your errors if there are any. Use the implode() function to collapse your $errors array into a string.


    Note that you should continue to use die() after a header redirect call.

    Comments on this post

    • ricp24 agrees : Perfect very helpful(reputaion points doesnt seem to be working just wanted to show my appriation)
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  22. #72
  23. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    6
    Rep Power
    0
    Thankyou for your help I started to do the surgested on the register form and success with it remaining on the form but instead of printing the error message its printing "Array" attached below is my code so can see where and how I have gone wrong

    Note I had to remove any urls as I am a new user

    Many Thanks

    PHP Code:
    <?php 

        
    // First we execute our common code to connection to the database and start the session 
        
    require("common.php"); 
         
        
    // This if statement checks to determine whether the registration form has been submitted 
        // If it has, then the registration code is run, otherwise the form is displayed 
        
    if(!empty($_POST)) 
        { 
        
    $errors= array();
            
    // Ensure that the user has entered a non-empty username 
            
    if(empty($_POST['username'])) 
            { 
               
    $errors[] = "Please enter a Username"
            } 
             
            
    // Ensure that the user has entered a non-empty password 
          
    if(empty($_POST['password'])) 
            { 
              
    $errors[] = "Please enter a Password";
            } 
             
            
    // Make sure the user entered a valid E-Mail address 
            // filter_var is a useful PHP function for validating form input, see: 
            // url
            //url
            
    if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) 
            { 
               
    $errors[] = "Invalid Email Address";
            } 
             
            
    // We will use this SQL query to see whether the username entered by the 
            // user is already in use.  A SELECT query is used to retrieve data from the database. 
            // :username is a special token, we will substitute a real value in its place when 
            // we execute the query. 
            
    $query 
                SELECT 
                    1 
                FROM users 
                WHERE 
                    username = :username 
            "

             
            
    // This contains the definitions for any special tokens that we place in 
            // our SQL query.  In this case, we are defining a value for the token 
            // :username.  It is possible to insert $_POST['username'] directly into 
            // your $query string; however doing so is very insecure and opens your 
            // code up to SQL injection exploits.  Using tokens prevents this. 
            // For more information on SQL injections, see Wikipedia: 
            // url 
            
    $query_params = array( 
                
    ':username' => $_POST['username'
            ); 
             
            try 
            { 
                
    // These two statements run the query against your database table. 
                
    $stmt $db->prepare($query); 
                
    $result $stmt->execute($query_params); 
            } 
            catch(
    PDOException $ex
            { 
                
    // Note: On a production website, you should not output $ex->getMessage(). 
                // It may provide an attacker with helpful information about your code.  
                
    die("Failed to run query: " $ex->getMessage()); 
            } 
             
            
    // The fetch() method returns an array representing the "next" row from 
            // the selected results, or false if there are no more rows to fetch. 
            
    $row $stmt->fetch(); 
             
            
    // If a row was returned, then we know a matching username was found in 
            // the database already and we should not allow the user to continue. 
            
    if($row
            { 
          
    $errors[] = "Username Taken Please Choose Another"
            } 
             
            
    // Now we perform the same type of check for the email address, in order 
            // to ensure that it is unique. 
            
    $query 
                SELECT 
                    1 
                FROM users 
                WHERE 
                    email = :email 
            "

             
            
    $query_params = array( 
                
    ':email' => $_POST['email'
            ); 
             
            try 
            { 
                
    $stmt $db->prepare($query); 
                
    $result $stmt->execute($query_params); 
            } 
            catch(
    PDOException $ex
            { 
                die(
    "Failed to run query: " $ex->getMessage()); 
            } 
             
            
    $row $stmt->fetch(); 
             
            if(
    $row
            { 
        
    $errors[] = "This email address is already registered";
            } 
            
            
    //If $errors is emtpy Create account 
             
    if(empty($errors)) {
            
    // An INSERT query is used to add new rows to a database table. 
            // Again, we are using special tokens (technically called parameters) to 
            // protect against SQL injection attacks. 
            
    $query 
                INSERT INTO users ( 
                    username, 
                    password, 
                    salt, 
                    email 
                ) VALUES ( 
                    :username, 
                    :password, 
                    :salt, 
                    :email 
                ) 
            "

             
            
    // A salt is randomly generated here to protect again brute force attacks 
            // and rainbow table attacks.  The following statement generates a hex 
            // representation of an 8 byte salt.  Representing this in hex provides 
            // no additional security, but makes it easier for humans to read. 
            // For more information: 
            // url
            // url
            // url
            
    $salt dechex(mt_rand(02147483647)) . dechex(mt_rand(02147483647)); 
             
            
    // This hashes the password with the salt so that it can be stored securely 
            // in your database.  The output of this next statement is a 64 byte hex 
            // string representing the 32 byte sha256 hash of the password.  The original 
            // password cannot be recovered from the hash.  For more information: 
            // url 
            
    $password hash('sha256'$_POST['password'] . $salt); 
             
            
    // Next we hash the hash value 65536 more times.  The purpose of this is to 
            // protect against brute force attacks.  Now an attacker must compute the hash 65537 
            // times for each guess they make against a password, whereas if the password 
            // were hashed only once the attacker would have been able to make 65537 different  
            // guesses in the same amount of time instead of only one. 
            
    for($round 0$round 65536$round++) 
            { 
                
    $password hash('sha256'$password $salt); 
            } 
             
            
    // Here we prepare our tokens for insertion into the SQL query.  We do not 
            // store the original password; only the hashed version of it.  We do store 
            // the salt (in its plaintext form; this is not a security risk). 
            
    $query_params = array( 
                
    ':username' => $_POST['username'], 
                
    ':password' => $password
                
    ':salt' => $salt
                
    ':email' => $_POST['email'
            ); 
             
            try 
            { 
                
    // Execute the query to create the user 
                
    $stmt $db->prepare($query); 
                
    $result $stmt->execute($query_params); 
            } 
            catch(
    PDOException $ex
            { 
                
    // Note: On a production website, you should not output $ex->getMessage(). 
                // It may provide an attacker with helpful information about your code.  
                
    die("Failed to run query: " $ex->getMessage()); 
            } 
             
            
    // This redirects the user back to the login page after they register 
            
    header("Location: login.php"); 
             
            
    // Calling die or exit after performing a redirect using the header function 
            // is critical.  The rest of your PHP script will continue to execute and 
            // will be sent to the user if you do not die or exit. 
            
    die("Redirecting to login.php"); 
        }}  
    ?>

    <!--If $errors is not empty display form and errors-->
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "url">
    <html xmlns="url">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Register</title>
    <link href="../Css/register.css" rel="stylesheet" type="text/css" />
    </head>
    <body>
    <div id="register">
      <form name="registerform" id="registerform" action="register.php" method="post">
      <p>Username
        <input name="username" type="text" id="username" size="18" value="" />
        <br />
        Email Address
        <input name="email" type="text" id="email" size="18" value="" />
          Password 
          <input name="password" type="password" id="password" size="18" value="" />
          <center>   
     <div id="status" >
         <?php echo  $errors;?>
          </div></center>
    <input type="submit" id="registerbtn" value="Send Request" />
        </p>
    </form>
    </div>
    </body>
    </html>
  24. #73
  25. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    6
    Rep Power
    0
    Don't worry done it now many thanks for your help

    PHP Code:
    <?php

    $submitted_username 
    htmlentities($_POST['username'], ENT_QUOTES'UTF-8');

    $submitted_email htmlentities($_POST['email'], ENT_QUOTES'UTF-8');

    $submitted_password htmlentities($_POST['password'], ENT_QUOTES'UTF-8');

        
    // First we execute our common code to connection to the database and start the session 
        
    require("common.php"); 
         
        
    // This if statement checks to determine whether the registration form has been submitted 
        // If it has, then the registration code is run, otherwise the form is displayed 
        
    if(!empty($_POST)) 
        { 
            
    // Ensure that the user has entered a non-empty username 
            
    if(empty($_POST['username'])) 
            { 
               
    $errors "Please enter a Username"
            } 
             
            
    // Ensure that the user has entered a non-empty password 
          
    else if(empty($_POST['password'])) 
            { 
              
    $errors "Please enter a Password";
            } 
             
            
    // Make sure the user entered a valid E-Mail address 
            // filter_var is a useful PHP function for validating form input, see: 
            // 
            
    else if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) 
            { 
               
    $errors "Invalid Email Address";
            } 
             
            
    // We will use this SQL query to see whether the username entered by the 
            // user is already in use.  A SELECT query is used to retrieve data from the database. 
            // :username is a special token, we will substitute a real value in its place when 
            // we execute the query. 
            
    $query 
                SELECT 
                    1 
                FROM users 
                WHERE 
                    username = :username 
            "

             
            
    // This contains the definitions for any special tokens that we place in 
            // our SQL query.  In this case, we are defining a value for the token 
            // :username.  It is possible to insert $_POST['username'] directly into 
            // your $query string; however doing so is very insecure and opens your 
            // code up to SQL injection exploits.  Using tokens prevents this. 
            // For more information on SQL injections, see Wikipedia: 

            
    $query_params = array( 
                
    ':username' => $_POST['username'
            ); 
             
            try 
            { 
                
    // These two statements run the query against your database table. 
                
    $stmt $db->prepare($query); 
                
    $result $stmt->execute($query_params); 
            } 
            catch(
    PDOException $ex
            { 
                
    // Note: On a production website, you should not output $ex->getMessage(). 
                // It may provide an attacker with helpful information about your code.  
                
    die("Failed to run query: " $ex->getMessage()); 
            } 
             
            
    // The fetch() method returns an array representing the "next" row from 
            // the selected results, or false if there are no more rows to fetch. 
            
    $row $stmt->fetch(); 
             
            
    // If a row was returned, then we know a matching username was found in 
            // the database already and we should not allow the user to continue. 
            
    if($row
            { 
          
    $errors "Username Taken Please Choose Another"
            } 
             
            
    // Now we perform the same type of check for the email address, in order 
            // to ensure that it is unique. 
            
    $query 
                SELECT 
                    1 
                FROM users 
                WHERE 
                    email = :email 
            "

             
            
    $query_params = array( 
                
    ':email' => $_POST['email'
            ); 
             
            try 
            { 
                
    $stmt $db->prepare($query); 
                
    $result $stmt->execute($query_params); 
            } 
            catch(
    PDOException $ex
            { 
                die(
    "Failed to run query: " $ex->getMessage()); 
            } 
             
            
    $row $stmt->fetch(); 
             
            if(
    $row
            { 
        
    $errors "This email address is already registered";
            } 
            
            
    //If $errors is emtpy Create account 
             
    if(empty($errors)) {
                 
    $errors_ok true ;}
            
    // An INSERT query is used to add new rows to a database table. 
            // Again, we are using special tokens (technically called parameters) to 
            // protect against SQL injection attacks.
            
    if ($errors_ok) { 
            
    $query 
                INSERT INTO users ( 
                    username, 
                    password, 
                    salt, 
                    email 
                ) VALUES ( 
                    :username, 
                    :password, 
                    :salt, 
                    :email 
                ) 
            "

             
            
    // A salt is randomly generated here to protect again brute force attacks 
            // and rainbow table attacks.  The following statement generates a hex 
            // representation of an 8 byte salt.  Representing this in hex provides 
            // no additional security, but makes it easier for humans to read. 
            // For more information: 
            // 
            
    $salt dechex(mt_rand(02147483647)) . dechex(mt_rand(02147483647)); 
             
            
    // This hashes the password with the salt so that it can be stored securely 
            // in your database.  The output of this next statement is a 64 byte hex 
            // string representing the 32 byte sha256 hash of the password.  The original 
            // password cannot be recovered from the hash.  For more information: 
            // n 
            
    $password hash('sha256'$_POST['password'] . $salt); 
             
            
    // Next we hash the hash value 65536 more times.  The purpose of this is to 
            // protect against brute force attacks.  Now an attacker must compute the hash 65537 
            // times for each guess they make against a password, whereas if the password 
            // were hashed only once the attacker would have been able to make 65537 different  
            // guesses in the same amount of time instead of only one. 
            
    for($round 0$round 65536$round++) 
            { 
                
    $password hash('sha256'$password $salt); 
            } 
             
            
    // Here we prepare our tokens for insertion into the SQL query.  We do not 
            // store the original password; only the hashed version of it.  We do store 
            // the salt (in its plaintext form; this is not a security risk). 
            
    $query_params = array( 
                
    ':username' => $_POST['username'], 
                
    ':password' => $password
                
    ':salt' => $salt
                
    ':email' => $_POST['email'
            ); 
             
            try 
            { 
                
    // Execute the query to create the user 
                
    $stmt $db->prepare($query); 
                
    $result $stmt->execute($query_params); 
            } 
            catch(
    PDOException $ex
            { 
                
    // Note: On a production website, you should not output $ex->getMessage(). 
                // It may provide an attacker with helpful information about your code.  
                
    die("Failed to run query: " $ex->getMessage()); 
            } 
             
            
    // This redirects the user back to the login page after they register 
            
    header("Location: login.php"); 
             
            
    // Calling die or exit after performing a redirect using the header function 
            // is critical.  The rest of your PHP script will continue to execute and 
            // will be sent to the user if you do not die or exit. 
            
    die("Redirecting to login.php"); 
        }} 
    ?>

    <!--If $errors is not empty display form and errors-->
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 

    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Register</title>
    <link href="../Css/register.css" rel="stylesheet" type="text/css" />
    </head>
    <body>
    <div id="register">
      <form name="registerform" id="registerform" action="registertest.php" method="post">
      <p>Username
        <input name="username" type="text" id="username" size="19" value="<?php echo $submitted_username?>" />
        <br />
        Email Address
        <input name="email" type="text" id="email" size="19" value="<?php echo $submitted_email?>" />
          Password 
          <input name="password" type="password" id="password" size="20" value="<?php echo $submitted_password?>" />
          <center>   
     <div id="status" >
         <marquee behavior="scroll" scrollamount="3" direction="left">
         Status =     <?php echo  $errors;?>
         </marquee>
        </div></center>
    <input type="submit" id="registerbtn" value="Send Request" />
        </p>
    </form>
    </div>
    </body>
    </html>
    Last edited by requinix; February 21st, 2013 at 09:27 PM. Reason: fixed the php tags
  26. #74
  27. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    2
    Rep Power
    0
    [QUOTE=E-Oreo]You probably have something like this in your code:
    Code:
    <input type="text" name="postcode" value="<?php echo htmlentities($_POST['postcode'], ENT_QUOTES, 'UTF-8'); ?>" />
    However, $_POST['postcode'] is undefined unless you have submitted your form. So you need to first check whether it has been defined before you try to output it.
    Code:
    <input type="text" name="postcode" value="<?php if(isset($_POST['postcode'])) echo htmlentities($_POST['postcode'], ENT_QUOTES, 'UTF-8'); ?>" />
    ----

    That left the input box blank so if the person doesnt put in the postcode it clears the original postcode when you submit it.Any other suggestions?

    Really appreciate your help! Thanks.
  28. #75
  29. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    423
    Rep Power
    8

    What is safer?


    what is safer:

    SHA256 or SHA512

    and an other one, for executing the query I use:

    $query = "SELECT username FROM member WHERE username='$username";
    $result = mysqli_query($cxn,$query)
    or die("Couldn't execute query.");

    $cxn has the connection-information.

    Is the other method (the one in the tutorial here with
    ->execute()) better or this one?
Page 5 of 27 First ... 3456715 ... Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo