Jump to content


  • Content Count

  • Joined

  • Last visited

Posts posted by Panta


  2. please i'm working on a project that requires a student to register as well as print out his form with passport.The problem i'm having is that those pic with correct format are not accepted, it kept on tellin me that i can only upload gif....., which is meant for a picture that is not of the format required. this is my script

    <body><table width="100%" border="0" cellspacing="0" cellpadding="2">  <tr>    <td align="center"><h1><font color="#0000FF" face="Arial">ADD STUDENT PROFILE</font></h1></td>  </tr></table><br><br><table width="100%" border="0" cellspacing="0" cellpadding="2">  <tr>    <td align="right"><font size="1" face="Arial"><a href='main.php'>Student List</a></font></td>  </tr></table><br><br><form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data" name='s' onsubmit='return validated()';><table width="70%" border="0" align="center" cellpadding="2" cellspacing="2">  <tr>    <td width="33%" align="right"><font size="2" face="Arial"><strong>Matric Number</strong></font></td>    <td width="5%" align="center">:</td>    <td width="62%"><input type='text' name='matric' size=30 maxlength=15></td>  </tr>  <tr>    <td align="right"><font size="2" face="Arial"><strong>Name</strong></font></td>    <td align="center">:</td>    <td><input type='text' name='name' size=30 maxlength=50></td>  </tr>  <tr>    <td align="right"><font size="2" face="Arial"><strong>Course</strong></font></td>    <td align="center">:</td>    <td><input type='text' name='course' size=30 maxlength=50></td>  </tr>  <tr>    <td align="right"><font size="2" face="Arial"><strong>Semester</strong></font></td>    <td align="center">:</td>    <td><input type='text' name='sem' size=5 maxlength=2></td>  </tr>  <tr>    <td align="right"><font size="2" face="Arial"><strong>######</strong></font></td>    <td align="center">:</td>    <td><input type='radio' name='######' value='Male' checked> Male  <input type='radio' name='######' value='Female'> Female</td>  </tr>  <tr>    <td align="right"><font size="2" face="Arial"><strong>Contact Number</strong></font></td>    <td align="center">:</td>    <td><input type='text' name='tel' size=30 maxlength=50></td>  </tr>  <tr>    <td align="right"><font size="2" face="Arial"><strong>Address</strong></font></td>    <td align="center">:</td>    <td><input type='text' name='address' size=50 maxlength=100></td>  </tr>  <tr>    <td align="right"><font size="2" face="Arial"><strong>Picture</strong></font></td>    <td align="center">:</td>    <td>	<input type="hidden" name="MAX_FILE_SIZE" value="10485760">	<input type="file" name="picture"  size="40"> <font size="1" face="Arial"> Maxsize 1MB</font>	</td>  </tr>  <tr>    <td> </td>    <td> </td>    <td><input type='submit' name="submit" value='Submit'> <input type='reset' value='Reset'></td>  </tr></table></form></body></html><?php	$submit=isset($_POST[submit]); 	if ($submit) 	{				include 'database.php';						$data = addslashes(fread(fopen($picture, "r"), filesize($picture)));		$pjpeg="image/pjpeg";		$jpeg="image/jpeg";		$gif="image/gif";		$png="image/png";		$bmp="image/bmp";				if ($picture_type == $pjpeg || $picture_type == $jpeg || $picture_type == $gif || $picture_type == $png || $picture_type == $bmp)		{				$sql="INSERT INTO info (matric, name, course, sem, ######, tel, address ,bin_data,filename,filesize,filetype)			VALUES ('$matric', '$name', '$course', '$sem', '$######', '$tel', '$address', '$data','$picture_name','$picture_size','$picture_type')";		$result=mysql_query($sql);			header ("Location: main.php");		}		else{		echo "<script language='JavaScript'>";		echo "window.alert('Error! You only can upload jpeg, gif, png, bmp file type.')";		echo "</script>"; 		}	}	?>

  3. please i have this login script but the problem is that i have names and password that i stored the password with md5, but it can not see them. the page is displayin "The Admin_name was not found."

    <?php error_reporting(E_ALL);     ini_set('display_errors', 1);     include 'config.php';     $submit = isset($_POST['login']) ? $_POST['login'] : "";     $admin = isset($_POST['admin']) ? $_POST['admin'] : "";     $admin = mysql_real_escape_string(strip_tags(htmlspecialchars($admin) ) );     $password = isset($_POST['password']) ? md5($_POST['password']) : "";   $error_string = ''; # error_string is modified in db.php!  $page_mode = $_POST['page_mode']; # empty variable defaults to '' (or null)  if ($page_mode === 'login'){  if ($admin == '' || strlen($password) == 0) # password can be of spaces, which must not be trimmed!    $error_string .= 'Please enter your Admin_name and password.<br>';  else  {    $result = mysql_query("SELECT id, admin, password FROM principal WHERE admin='".$admin."' and password='".$password."';");    if (!($row = mysql_fetch_assoc($result)))      $error_string .= 'The Admin_name was not found.<br>';    else if ($row['password'] != ($password))      $error_string .= 'The password did not match.<br>';    else    {      $_SESSION['user_id'] = $row['id'];      $_SESSION['user_name'] = $row['admin'];      header('Location: alright');      exit();    }  }}?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>  <head>    <title>Admin login page</title>    <style type="text/css">    .error_text {      color: #FF0000;      width: 400px;      text-align: center;    }    .left_box {      float: left;      width: 150px;      text-align: right;      padding-right: 5px;    }    .right_box {      clear: right;    }    </style>  </head>  <body>    <div class="error_text"><?php echo $error_string; ?></div>    <form action="adminlogin.php" method="post">    <input type="hidden" name="page_mode" value="login">    <div class="left_box">Admin</div>    <div class="right_box"><input type="text" name="admin" size="30" maxlength="255" value="<?php if (isset($admin)) echo $admin; ?>"></div>    <div class="left_box">Password</div>    <div class="right_box"><input type="password" name="password" size="30"></div>    <div class="left_box"> </div>    <div class="right_box"><input type="submit" value="Log In" size="30"></div>    </form>  </body></html>

  4. It's a good idea to store passwords in the database as a hash because it improves security if anyone gets ahold of the database, they can't figure out any passwords. You can use MD5 if you want, it's probably better to use SHA-1 though. You need to hash the user's password when they register so that you store the hashed password in the database, and each time someone logs in you hash whatever they typed in and compare the two hashes. If they entered the same password then the hashes will match.
    Thanks but assuming i have generated a numbers through "ran()" and want to use it as a scratch card,that is users are expected to login with it,begin that i have to print it out before given it to the users, do i need to hash since i cant print the hash numbers correctely
  5. $serial = mysql_real_escape_string(strip_tags(htmlspecialchars($serial) ) );$pin = isset($_POST['pin']) ? md5($_POST['pin']) : "";I think the pin are not in md5 thats why, so this is what i did and it worked $serial = isset($_POST['serial']) ? $_POST['serial'] : ""; $pin = isset($_POST['pin']) ? $_POST['pin'] : "";But i don't understand why it worked.please can u explain it for me

  6.  $result = mysql_query("SELECT logins FROM users WHERE serial='$serial' And pin='$pin'");        if (!$result) {            echo mysql_error();            exit;        }        $row = mysql_fetch_array($result);        if (!$row) {            echo "No such pin or serial no"             exit;

    hope this takes care of what u meant but still is not working

  7.  $result = mysql_query("SELECT logins FROM users WHERE serial='$serial' And pin='$pin'");        if (!$result) {            echo mysql_error();            exit;        }        $row = mysql_fetch_array($result);        if (!$row) {            echo "No such pin or serial no"             exit;

    hope this takes care of what u meant

  8. You're not displaying an error message if the user wasn't found in the database, that might be the issue.
    i want the it to verify the serial and pin and if exist it should update the logins
  9. i'm designing a site that requires pin number to login.i have my script but is not given me what i want

    PINLOGIN STARTS<?php//start the session so you would stay logged in//always must be on topsession_start();//include config.php fileinclude('config.php');?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><title>The site</title></head><body><center><a href="?p=idx">Home</a> - <a href="?p=page">Protected page</a><?php$p=$_GET['p'];//see my ?id= browsing tutorial?><form action='testing.php' method='POST'>Serial: <input type='text' name='serial'><br>Pin: <input type='password' name='pin'><br><input name="login" type="submit" value="Submit"><br> <a href="register.php">Not registered</a>?</form></center></body></html>PINLOGIN.PHP ENDS<?php    error_reporting(E_ALL);    ini_set('display_errors', 1);    include 'config.php';    $submit = isset($_POST['login']) ? $_POST['login'] : "";    $serial = isset($_POST['serial']) ? $_POST['serial'] : "";    $serial = mysql_real_escape_string(strip_tags(htmlspecialchars($serial) ) );    $pin = isset($_POST['pin']) ? md5($_POST['pin']) : "";    if ($submit){        if ((!$serial) || (!$pin) || ($serial=='') || ($pin=='') ) {            header("Refresh: 2;".$_SERVER['HTTP_REFERER']);            echo '<center>Please enter both - serial and password!</center>';            exit;        }	        $result = mysql_query("SELECT logins FROM users WHERE serial='$serial'");        if (!$result) {            echo mysql_error();            exit;        }        $row = mysql_fetch_array($result);        if (!$row) {            echo mysql_error();            exit;        }        $cnt = $row['logins'];        if ($cnt != 3) {            $cnt++;            $result = mysql_query("UPDATE users SET logins='$cnt' WHERE serial='$serial'");            if (!$result) {                echo mysql_error();                exit;            }            echo "worked";        }        else {            echo "Password was used three times.";        }    }    else {        echo "something";    }?>

    the is my script but when submit it will not display anythig can some one help me out

  10. Anything from $_POST is a string, not a number. If you're going to be comparing it as a number you should use intval to convert it first. Right now you're comparing a number with a string instead of a number with a number.
    So can you tell me how to convert it to number
  11. Web masters please can you look into my script.i want a script that will generate code at random and insert it to my database.but my script is not working

    <?  include 'config.php'; $submit=$_POST['Submit']; if($submit){$no = 1;while ($no <= $_POST['no'] )     { $pin = rand(1000000000,9999999999); mysql_query("INSERT INTO logincount	              (`pin`)				  VALUES				  ('$pin')") or die(mysql_error());				  	$no++;	}		echo "<font color='green'>". $_POST['no']. " Pin number(s) have been generated</font>";}		 ?><form name="form1" id="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">  <table border="0" cellpadding="3" cellspacing="3" width="62%">    <tbody>      <tr>        <td colspan="3" style="background-color: Silver;"><div align="center"> <strong><span style="font-size: 12pt;">Personal Identification Number Generator</span></strong> </div></td>      </tr>      <tr>        <td width="66%" align="right">Please enter the number of PINS you want to generate. </td>        <td width="20%"><input name="no" maxlength="16" id="no" />        </td>        <td width="14%">(example, 20)  </td>      </tr>      <tr>        <td align="right"> </td>        <td>         </td>        <td> </td>      </tr>      <tr>        <td></td>        <td style="text-align: left;"><input type="submit" name="Submit" value="Generate" /></td>        <td></td>      </tr>    </tbody>  </table></form><p> </p>

    will be waTIN

  12. Okay - Then, here is my updated CODE:HUM!!!... So what should I incorporate in "VISITORS.php" file?
    ur visitor .php should be the script that will process the form.that means will handle the form and will do with it what so ever u wish to do with the for.okso u need to learn sever scripting first
  13. <?phpinclude'config.php';$submit=$_POST['login'];$username = mysql_real_escape_string(strip_tags(htmlspecialchars($_POST['username'])));$password = md5($_POST['password']);//if submit button is pressedif ($submit){if((!$username) || (!$password) || ($username=='') || ($password=='')){header("Refresh: 2;".$_SERVER['HTTP_REFERER']);echo'<center>Please enter both - username and password!</center>'; }//lets see if the user exists by making a query which selects//submitted username and password from the database//and the we use mysql_num_rows() to count the results returned//if there is a user with a username and password like that $c will be 1//as it will be counted otherwise it'll stay 0.$qry = mysql_query("SELECT logins FROM users WHERE username='$user'");$row = mysql_fetch_array($qry);$cnt = $row['logins'];if ($cnt != 3) { $cnt++; mysql_query("UPDATE users SET logins='$cnt' WHERE username='$user'"); echo "worked";}else { echo "Password was used three times.";}}?>[/code]this is the code but is not updating the login
  14. I would imagine you could just put an IF ELSE statement inside the block which figures out if it was a successful login and save the counts. So something like this. Change the details of the script to make it work. The script is assuming you have a new field in your table which has the counter for the password. (I have not tested this out).
    $qry = mysql_query("SELECT logins FROM [users] WHERE username='$user'");$row = mysql_fetch_array($qry);$cnt = $row['logins'];if ($cnt != 3) {  $cnt++;  mysql_query("UPDATE [users] SET logins='$cnt' WHERE username='$user'");//set $_SESSION['username'] to the username from database$_SESSION['username'] = $r['username'];header("Refresh: 7; url=index.php?i=idx");echo'<center>Login successfull!</center>';//else, if there werent any records found show an error and //return the user to index.}else{header("Refresh: 2; url=index.php?i=idx");echo "<center>You couldn't be logged in!</center>";}}?>


  15. I suppose you mean unsuccessful login attempts? You could have an additional field in your table that records the amount of attempts, which gets reset when they successfully log in. If, when you check it, it is above three, then you don't allow the login and tell them to visit the reset page, or whatever.
    no. what i need is a script that counts the successful login and with a particular password, and when the password is used for 3 successful login, the user needs to get a new password for him to access the site again.and the new password will only be use for 3 times. thanks watin
  16. please can some one help me . I'm new to php environment . I need an ideal on how to write a script that counts the login success of a user.And when the user login successfully 3 times he or she will be ban from login in unless he or she obtained a new password.thanks. im watin

  17. A few thoughts. Don't assume I've covered everything.$sql="SELECT username,password,logins FROM $tbl_name WHERE username='$username'and logins='$logins'";This will not work. $logins has no value at this point, so you're searching for a null value. I don't see why you want to match anything in the logins column anyway. If you match your user, you will learn what the value of logins is. Then you can assign that to $logins. This will fix some of the mistakes I note below:if($result['$logins']==3) {$logins still doesn't have a value. I think you mean $result['logins'], without the $ symbol.$sql2="UPDATE table SET $logins=$logins+1";Again, $logins has no value. The name of your column is `logins`. But also: notice that you have not specified a row. If you try it this way, I believe you will set the value of logins in every row to the same thing. This would be a costly mistake. Get a WHERE clause in there.if($logins==1){Yup. Same problem. This will work after you've given $logins a value.
    <?php$host="localhost"; // Host name$username=""; // Mysql username$password=""; // Mysql password$db_name="school"; // Database name$tbl_name="logins"; // Table name// Connect to server and select databse.mysql_connect("$host", "$username", "$password")or die("cannot connect");mysql_select_db("$db_name")or die("cannot select DB");// username and password sent from form$submit=$_POST['form1'];$username = mysql_real_escape_string(strip_tags(htmlspecialchars($_POST['username'])));$password = md5($_POST['password']);//if submit button is pressedif ($submit){if((!$username) || (!$password) || ($username=='') || ($password=='')){header("Refresh: 2;".$_SERVER['HTTP_REFERER']);echo'<center>Please enter both - username and password!</center>';        }$result1=mysql_query("SELECT * FROM $tbl_name WHERE 'username'= '".$username."' AND `password`= '".$password."'") OR die(mysql_error());// Mysql_num_row is counting table row$count=mysql_num_rows($result1);if($count>0){$r=mysql_fetch_array($result1);/* check the total number of logins :: Removed the $ from logins below. Should be a string. Let's check to see if they're the right user before we do anything with logins... makes more sense. */if($result['logins']<=1)$sql2="UPDATE $tbl_name WHERE 'username'= '".$username."' AND `password`= '".$password."' SET $logins=$logins+1";mysql_query($sql2);session_register("username");session_register("password");header("location:login_success.php");/* If logins is greater than or = 3 is a bit safer. */else {if($result['logins']=3) {echo "Your Logins have expired";exit();}// Register $myusername, $mypassword and redirect to file "login_success.php"}}?>

    thanks alot but please check my corrections hope this is what you meant
  18. friends please i need you to look into my script .what i need is a script that will count a user as the user logs in.And when the user logs in 3 times to the site he will not be able to log in again. The script

    <?session_start();session_destroy();?><table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"><tr><form name="form1" method="post" action="checklogin.php"><td><table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"><tr><td colspan="3"><strong>Member Login </strong></td></tr><tr><td width="78">Username</td><td width="6">:</td><td width="294"><input name="username" type="text" id="username"></td></tr><tr><td>Password</td><td>:</td><td><input name="password" type="text" id="password"></td></tr><tr><td> </td><td> </td><td><input type="submit" name="Submit" value="Login"></td></tr></table></td></form></tr></table>checklogin.php<?php$host="localhost"; // Host name$username="root"; // Mysql username$password=""; // Mysql password$db_name="logins"; // Database name$tbl_name="logins"; // Table name// Connect to server and select databse.mysql_connect("$host", "$username", "$password")or die("cannot connect");mysql_select_db("$db_name")or die("cannot select DB");// username and password sent from form$username=$_POST['username'];$password=$_POST['password'];// To protect MySQL injection (more detail about MySQL injection)$username = stripslashes($username);$password = stripslashes($password);$username = mysql_real_escape_string($username);$password = mysql_real_escape_string($password);//$sql1="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";//$result1=mysql_query($sql1);// Mysql_num_row is counting table row//$count=mysql_num_rows($result1);// If result matched $myusername and $mypassword, table row must be 1 row$sql="SELECT username,password,logins FROM $tbl_name WHERE username='$username'and logins='$logins'";$query=mysql_query($sql);$result = MYSQL_QUERY($query);/* check the total number of logins */if($result['$logins']==3) {$TooManyLogins="Yes";}else {$sql2="UPDATE table SET $logins=$logins+1";mysql_query($sql2);}if($username===$result['username'] && $password===$result['password']) {if($TooManyLogins==="Yes") {echo "Your Logins have expired";exit();}else {if($logins==1){// Register $myusername, $mypassword and redirect to file "login_success.php"session_register("username");session_register("password");header("location:login_success.php");}else {echo "Wrong Username or Password";}}}?>

    i think this is not working

  • Create New...