Hooch

Okay thanks. I'll give it a try tonight.

Hey all. I am now converting my usersystem to sessions from cookies.I need help on a condition.Here's what I had with my cookies.. if($logged[username] && $logged[level] ==5) { And here is what I have with sessions. Mind you I knowthe part after "&&" is wrong, but I forget how to code it. if (isset($_SESSION['s_username'])) && $_SESSION['s_level'] == 5) { Thanks a bunch guys/gals.Hooch

*sighThanks man!!Works perfect.

The salt is the same.I echo out all the info on the login page (for my testing purposes). echo "posted pw = ".$password." DB pw = ".$data['password']."<BR/>";echo "posted name = ".$_POST['username']." DB name = ".$data['username']."<BR/>";echo "DB salt = ".$data['salt']." login page salt = ".$salt; The password seems to be the only difference here.I just checked the difference in the passwords. (once hashed)After login page, hashed pw = db2e637a0ce0bcc946372ed056364cb081af264fThis is the Database pw ==== 320b7b2cf3288c5dfe8b05041fa88314 It's 14 characters less

I replaced $server = $data['server'];$time = $data['time'];$salt = sha1($server . $time); with $salt = $data['salt']; The passwords are not matching yet. if ($_POST['login']) { $info = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error()); $data = mysql_fetch_array($info);include 'includes/clean.php'; $username = clean($_POST['username']);$password = clean($_POST['password']);$salt = $data['salt'];//The problem must be in here????$password = sha1($password);$password = sha1(substr($password, 0, 20) . substr($salt, 0, 20) . substr($password, 19, 20) . substr($salt, 19, 20));

okay, I think the register is done. session_start();ob_start(); include "includes/config.php"; $server = $_SERVER['REMOTE_ADDR']; $time = time()+(60*60*24*5); $salt = sha1($server . $time); if ($_POST[register]) { include 'includes/clean.php'; $username = clean($_POST['username']); $password = clean($_POST['password']); $password = sha1($password); $password = sha1(substr($password, 0, 20) . substr($salt, 0, 20) . substr($password, 19, 20) . substr($salt, 19, 20)); $query = mysql_query("INSERT INTO users ( `id`, `server`, `time`, `salt`, `level`, `username`, `password`, `firstname`, `lastname`, `question`, `answer`, `email`, `website`, `city`, `province`, `zip`, `bio`, `online`) VALUES ('', '$server', '$time', '$salt', '$level', '$username', '$password', '$firstname', '$lastname', '$question', '$answer', '$email', '$website', '$city', '$province', '$zip', '$bio', '$online')")or die(mysql_error()); echo "<center>You have successfully registered!<br>"; echo "<a href=\"login.php\" class=\"members\">Click to login</a></center>"; } else { //Form here } But the login is not working. My hash is somehow incorrect. if ($_POST['login']) { $info = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error()); $data = mysql_fetch_array($info);include 'includes/clean.php'; $username = clean($_POST['username']);$password = clean($_POST['password']);$server = $data['server'];$time = $data['time'];$salt = sha1($server . $time);$password = sha1($password);$password = sha1(substr($password, 0, 20) . substr($salt, 0, 20) . substr($password, 19, 20) . substr($salt, 19, 20)); if($data['password'] != $password) { echo "<center><br><br><span class=\"black-medium\">Incorrect username or password!</span><br><br>"; echo "<a href=\"login.php\" target\"_self\" class=\"members\">Back</a><br><br><br>"; }else{ echo ("<meta http-equiv=\"Refresh\" content=\"2; URL=login.php\"/><center>Thank You! You will be redirected</center>");echo ("<br><br>"); } } I would love some help. Thank you.

I got rid of the cookies.I thought the password was hashed,and also I thought I generated the salt. See code below where I think the hash and salt are... <?php session_start();ob_start(); include "includes/config.php"; $server = $_SERVER['REMOTE_ADDR']; $time = time()+(60*60*24*5); //---------------------- Generation of Salt? --------------------- $salt = sha1($server . $time); if ($_POST[register]) { include 'includes/clean.php'; $username = clean($_POST['username']); $password = clean($_POST['password']); //--------------------------- Hash? ---------------------------- $password = sha1(substr($password, 0, 20) . substr($salt, 0, 20) . substr($password, 19, 20) . substr($salt, 19, 20)); $query = mysql_query("INSERT INTO users ( `id`, `server`, `time`, `salt`, `level`, `username`, `password`, `firstname`, `lastname`, `question`, `answer`, `email`, `website`, `city`, `province`, `zip`, `bio`, `online`) VALUES ('', '$server', '$time', '$salt', '$level', '$username', '$password', '$firstname', '$lastname', '$question', '$answer', '$email', '$website', '$city', '$province', '$zip', '$bio', '$online')")or die(mysql_error()); echo "<center>You have successfully registered!<br>"; echo "<a href=\"login.php\" class=\"members\">Click to login</a></center>"; } else { //Form here }?> FYI my clean.php is function clean($string){$string = mysql_real_escape_string($string);$string = trim($string);return $string;} I'm also curious if it's more secure to save $server, $salt, and $time in another table oreven another db? Thank you for your time Guy.

I had some time to start a secure registration. Guy, could you please have a look? And maybe let me know how I am doing?Thank you,Hooch(Simplified for review) <?php session_start();ob_start(); include "includes/config.php"; setcookie("server", $_SERVER['REMOTE_ADDR']); setcookie("time", time()+(60*60*24*5)); $salt = sha1($server . $time); if ($_POST[register]) { include 'includes/clean.php'; $server = $_POST['server']; $time = $_POST['time']; $salt = $_POST['salt']; $username = clean($_POST['username']); $password = clean($_POST['password']); $password = sha1(substr($password, 0, 20) . substr($salt, 0, 20) . substr($password, 19, 20) . substr($salt, 19, 20)); $query = mysql_query("INSERT INTO users ( `id`, `server`, `time`, `salt`, `level`, `username`, `password`, `firstname`, `lastname`, `question`, `answer`, `email`, `website`, `city`, `province`, `zip`, `bio`, `online`) VALUES ('', '$server', '$time', '$salt', '$level', '$username', '$password', '$firstname', '$lastname', '$question', '$answer', '$email', '$website', '$city', '$province', '$zip', '$bio', '$online')")or die(mysql_error()); echo "<center>You have successfully registered!<br>"; } else { //Form goes here }?>

Thank you kindly Guy. All is working perfect.

andersmoen: I'm glad you mentioned it now. Since there is a possible problem. (From what Guys said). So thank you. I will be making all my code to your suggestion. Guy: I do want to go in rows. I was trying to code my block.php into your suggestion. It does go down instead of across. But I wanted to make sure it is the wayyou were directing me. This gallery could have 1 picture up to 36..maybe even a few more. So I need itto adjust dynamically. Every attempt I made ended up in a column or an error. FYI this is my block.php simplified. <td>header</td></tr><tr> <td>picture</td></tr><tr> <td>comments</td> Does this need to be changed at all?Thank for your time

***RESLOVED**Hey all. I have coded this before and it works. But for some reason on my present project it's all messed up.I am wanting to update current info from a DBHere is the link from the DB viewing page.. <a href="update.php?id=<? echo $rows['id']; ?>" class="links-999999-12">update</a> This goes to update.php?id="my selection"The link seems to work. Whatever ID I select, I go to that page.But the page does not display that ID's info.It just show the second ID in the DB. This is true for any ID I select.For some reason the ID is not selected correctly.Here is my update.php code. <?phpob_start(); session_start(); include 'db.php';if($logged['username'] && $logged['level'] == 5){$query = mysql_query("SELECT * FROM gallery WHERE id='$id'") or die(mysql_error()); $row = mysql_fetch_array($query);?><link href="style.css" rel="stylesheet" type="text/css" /><form name="form1" method="post" action="update_chk.php"><table width="" border="1" align="center" cellpadding="0" cellspacing="0" bgcolor="#666666"><tr> <td height="" colspan="2" class=""><? echo $row['id']; ?> </td> </tr> <tr> <td align="center"><div align="left" class="black"> <div align="right"><strong>Name</strong>: </div> </div></td> <td><input name="header" type="text" class="txtbox" id="header" value="<? echo $row['header']; ?>"></td> </tr> <tr> <td><div align="right" class="black"><strong>Active:</strong></div></td> <td><input name="active" type="text" class="txtbox" id="active" value="<? echo $row['active']; ?>" size="5" maxlength="1" /></td> </tr> <tr> <td class="black" align=""><div align="right"><strong>Category:</strong> </div></td> <td> <select name="category" class="txtbox"> <option value="" selected="selected">Selection</option> <option value="home">Pictures from home</option> <option value="trips">Pictures from trips</option> <option value="friends">Pictures with friends</option> <option value="family">Pictures with family</option> <option value="silly">Silly pictures.</option> <option value="misc">Misc.</option> </select> </td> </tr> <tr> <td align="right" class="black"><strong>Comments:</strong></td> <td><textarea name="comments" cols="35" rows="3" wrap="VIRTUAL" class="txtbox" value="<? echo $row['comments']; ?>"/></textarea></td> <tr> <td colspan="2" align="center"><input name="Submit" type="submit" class="txtbox" value="Submit" /></td> </tr></table></form><?mysql_close();} else {echo 'You need to be logged in to view this page. <a href="index.php">Back!</a>';}?> Thank you for your time,Hooch

I'm trying the code out now Guy. (thank you very much)But I'm not sure this will work if there is over 6 pictures.The code below echo's out 1 block (picture). <?PHP$nr_per_row = 6;$nr = 0;$result = mysql_query("SELECT * FROM gallery WHERE active = 1") or die(mysql_error()); echo "<table width=\"\" border=\"1\" align=\"center\" cellpadding=\"0\" cellspacing=\"0\">";while($row = mysql_fetch_assoc($result)){ if ($nr % $nr_per_row == 0) //if $nr = 6, this is true { echo "<tr>"; include 'block.php'; $nr++; } if ($nr % $nr_per_row == 0) //if $nr = 6, this is true, end the row. echo "</tr>";} if ($nr % $nr_per_row != 0) { echo "</tr>"; echo "</table>"; }?> So before I go any further, is this how you wanted the code to end up?ThanksHoochP.S here is block.php <td colspan="" class="" align="center" width="150"> <b><?php echo "<div class=\"FF6600\">".$row['header']."</div"; ?></b> </td> </tr> <tr> <td align="center"> <a href="images/<?php echo $row['id']; ?>.jpg" target="_blank" class=""><img src="images/<?php echo $row['id']; ?>t.jpg" alt="<?php echo $row['header']; ?>" width="100" border="3" class="links-FF6600-12" /></a> </td> </tr> <tr> <td height="35" class="grey" valign="top" align="center"> <?php echo $row['comments']; ?> </td>

For echo statements within HTML I have always done that. Works like a charm every time. Not once have I had an error. Thanks though.

That is exactly what happens. It has happened twice now to me. The code above is where this happens. I changed the code to php and now have it within a while statement. If you would still like to see this.. I can set upa test page to show you.

Thank you kindly for your help guys.

I can't seem to come up with the right code here. I want to show pictures from a certain folder. This will be for a very simple gallery. There is a place to upload pics and add a name andcomments for each pic. I want to put the pics across the page, then when they hit the table end they start a new row. To show where my while statement is...here is my code. The way it is set now, the pics are in a table, but they are displayed in a column format. Instead of a row like I want. <table width="770" border="0" align="center" cellpadding="0" cellspacing="0"> <tr align="center" valign="middle"> <td height="150" colspan="2" align="center"> <?include 'db.php';$query2 = mysql_query("SELECT * FROM gallery") or die(mysql_error()); while($rows = mysql_fetch_array($query2)){?> <table width="100" border="2" cellpadding="0" cellspacing="0" bordercolor="#000000"> <tr> <td class="FF6600" align="center"><b><? echo $rows[header]; ?></b> </td> </tr> <tr> <td> <a href="images/<? echo $rows['id']; ?>.jpg" target="_blank" class=""><img src="images/<? echo $rows['id']; ?>t.jpg" alt="<? echo $rows['header']; ?>" width="100" border="3" class="links-FF6600-12" /></a> </td> </tr> <tr> <td hieght="35" class="grey" valign="top" align="center"><? echo $rows[comments]; ?> </td> </tr> </table> <? } ?> </td> </tr></table> If possible, I would like to code this myself..I just need a good hint/clueto guide me in the right direction. I'm sure there is an easy way to do this..but I'm stumped here. Thank you for any help.Hooch***EDIT*** To make this a little easier, what about each row having 6 thumbnails.

Hello all. I have a gallery made up for a friend. he uploads pics for family. Right now I have 8 image place holders set. The funny part lies when only 1 pic is uploaded. That 1 pic shows up in every place holder. Even though they are linked to another (future)picture. FYI each pic uploaded is named like so...1.jpg, then second pic uploadedis 2.jpg. But once that second pic is uploaded...the other 6 pics will dissapear. Just the 1st 2 pics will be there now. Why is this? Can it be fixed? Thank you,Hooch**EDIT I just set up the page for 12 image place holders. Right now spot 1 and 2 have pics. So all is fine up to number 10 and 11. They show pic number 1.FYI here is my code... <tr align="center" valign="middle"> <td height="150"> </td> <td colspan="2"> <a href="images/1.jpg" target="_blank" class="black"><img src="images/1t.jpg" alt="Olivia" width="100" height="75" border="3" /></a> <a href="images/2.jpg" target="_blank" class="black"><img src="images/2t.jpg" width="100" height="73" border="3" /></a> <a href="images/3.jpg" target="_blank" class="black"><img src="images/3t.jpg" alt="" width="100" height="100" border="3" /></a> <a href="images/4.jpg" target="_blank" class="black"><img src="images/4t.jpg" alt="" width="100" height="100" border="3" /></a> <a href="images/5.jpg" target="_blank" class="black"><img src="images/5t.jpg" alt="" width="100" height="100" border="3" /></a> <a href="images/6.jpg" target="_blank" class="black"><img src="images/6t.jpg" alt="" width="100" height="100" border="3" /></a> </td> <td> </td> </tr> <tr valign="middle"> <td height="150" align="center"> </td> <td colspan="2" align="center"> <a href="images/7.jpg" target="_blank" class="black"><img src="images/7t.jpg" alt="" width="100" height="100" border="3" /></a> <a href="images/8.jpg" target="_blank" class="black"><img src="images/8t.jpg" alt="" width="100" height="100" border="3" /></a> <a href="images/9.jpg" target="_blank" class="black"><img src="images/9t.jpg" alt="" width="100" height="100" border="3" /></a> <a href="images/10.jpg" target="_blank" class="black"><img src="images/10t.jpg" alt="" width="100" height="100" border="3" /></a> <a href="images/11.jpg" target="_blank" class="black"><img src="images/11t.jpg" alt="" width="100" height="100" border="3" /></a> <a href="images/12.jpg" target="_blank" class="black"><img src="images/12t.jpg" alt="" width="100" height="100" border="3" /></a> </td> </tr>

TaDa!! $mkDIR = ("images/users/".$username); mkdir($mkDIR); chmod($mkDIR, 0777); $file = "images/bg.jpg"; if( copy ($file, 'images/users/' . $username . '/bg.jpg') ) { echo ""; } else { echo ""; } Works like a charm

So a field name can never be a variable then. Hmmm. What I was tring to do was have 1 entry box to do the following: In the header of certain webpages I want an editable text area. This will change with each new tour the group has. This is why I had a variable in the one field. They have 4 different pages with that option. Can you think of a sly way around this? Or will I have to make a form for each page?Thanks guy for your comments

She's a no go.Here's my snippet of the mkDIR and then the code you made me. $mkDIR = ("images/users/".$username); mkdir($mkDIR); chmod($mkDIR, 0777); $file = "images/bg.jpg"; if ((copy($mkDIR,$file))) { echo "File successfully copied"; } else { echo "Error copying file"; } Is never moves that file over.Any ideas?**EDIT I did a little reading here on W3. Would this be a better solution? Quote from W3"move_uploaded_file(file,newloc) Note: This function only works on files uploaded via HTTP POST."is it possible to hide an upload within a form? And have that uploadedfile come from the same server the form is on?

The second part is correct, thank you. I need a base image to start off with for every user. But it needs to be in their own folder. Thats why I didn't link a static pic. I will give this a try tonight. Much appreciated. Thanks again.

I will have the jpg in the folder above all the username folders. Any idea what the code would be?

I have a usersystem set up that when a user registers,a folder is created in their name. Is it possibleto have a picture (.jgp) placed in that folder automatically?Thank you Hooch

Hopefully this post can simplify my question. Here is my form.. <input name="text" type="text" class="txtbox" size="40" value="Up to 36 Characters allowed"/> <select name="header" class="txtbox"> <option value="edit">just testing</option> <option value="home">home</option> <option value="members">members</option> <option value="tours">tours</option> <option value="events_links">events_links</option> <option value="about">about</option> <option value="contact">contact</option> <option value="stay_eat">stay_eat</option> </select><br /> Set direct for the Tours link <select name="tour" class="txtbox"> <option value="<? echo $r[tour]; ?>" selected="selected"><? echo $r[tour]; ?></option> <option value="1">1 = Garden Path</option> <option value="2">2 = Autumn Leaves</option> <option value="3">3 = Country Christmas</option> </select> <br /> <input type="submit" class="txtbox" value="Submit" /> This form has 3 entries. The second entry "header" is a field in the database. So how would this be coded for the DB update? As stated earlier, this is what I tried (plus many other atempts)... $update = mysql_query("Update headers set '$header' = '$text', tour = '$rrr'")or die('Error : ' .mysql_error()); The variable for a field ("header") is the problem. Is this even possible??Thank you,Hooch

Thanks guy.The update query is from a form.$update = mysql_query("Update headers set '$set' = '$text', tour = '$rrr'")or die('Error : ' .mysql_error());The set '$set' is from a variable. $set can changed with any entry. All the variables you see there are froma form.To clarify more...here is my full code. (Work in progress for sure)The form above is towards the bottom of this code. <? ob_start(); session_start(); include '../includes/header_L2.php';include '../includes/config.php';if($logged['username'] && $logged['level'] == 5) {?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><title>Admin Panel</title><link href="../includes/style.css" rel="stylesheet" type="text/css" /></head><body><table width="" border="0" align="center" cellpadding="5" cellspacing="0" bgcolor="#999999" class="black-10"> <tr> <td width="" height="" bgcolor="#B51628" align="center"> <a href="../index.php" class="footer2">Home</a> : <a href="../login.php" class="footer2">CPanel</a> : <a href="studios.php" class="footer2">Set Studios</a> </td> </tr> <tr> <td> <strong>Current Admins</strong> <br /> <? $getusers = mysql_query("SELECT * from users WHERE level = 5 ORDER BY lastname ASC"); while ($users = mysql_fetch_array($getusers)) { echo $users['firstname']; echo " "; echo $users['lastname']; echo "-("; echo $users['username']; echo ") <br>"; } echo "<hr>"; echo "<strong>Members that need thier status set</strong>"; echo "<br>"; include("../includes/db.php"); $status = mysql_query("SELECT * from users WHERE status = '0' ORDER BY lastname ASC"); //if ($status >= 1) { if(mysql_num_rows($status) >= 1 ){ while ($r = mysql_fetch_array($status)) { ?> <a href="admin2.php?user=<? echo $r['username']; ?>" target="_self" class="tour-footer"> <? echo $r['firstname']; ?> <? echo $r['lastname']; ?> - (<? echo $r['username']; ?>) </a><br /> <? } echo "<hr>"; } else { echo "All caught up here :)"; echo "<hr>"; } echo "<strong>Online Users</strong> "; echo "(Last 5 Minutes)"; echo "<br>"; include 'online.php'; $offline=300; $current=time(); $offline=($current-$offline); $getusers = mysql_query("SELECT * from users where online >= '$offline'"); while ($users = mysql_fetch_array($getusers)) { echo $users['username']; echo " "; } //echo "<br>"; echo "<hr>"; ?> <form method="GET" action="search.php"> <strong>Search for a member</strong> <br /> User, First or Lastname: <input name="search" type="text" class="txtbox" size="25" /> <input type="submit" class="txtbox" value="Search!" /></form> </td> </tr></table><?$info = mysql_query("SELECT * FROM headers") or die(mysql_error()); $r = mysql_fetch_array($info);//if(isset($_POST['submit']))$set = $_POST['set'];$text = $_POST['text'];$rrr = $_POST['tour'];?><form method="POST" action="index.php"><table width="700" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td height="20"> </td> </tr> <tr> <td class="black-medium"><div align="center">Below you can test (or change) text for a header </div></td> </tr> <tr> <td align="center"><input name="text" type="text" class="txtbox" size="40" value="Up to 36 Characters allowed"/></td> </tr> <tr> <td align="center"> Select "just testing" and see results below <select name="set" class="txtbox"> <option value="edit">just testing</option> <option value="home">home</option> <option value="members">members</option> <option value="tours">tours</option> <option value="events_links">events_links</option> <option value="about">about</option> <option value="contact">contact</option> <option value="stay_eat">stay_eat</option> </select><br /> Set direct for the Tours link <select name="tour" class="txtbox"> <option value="<? echo $r[tour]; ?>" selected="selected"><? echo $r[tour]; ?></option> <option value="1">1 = Garden Path</option> <option value="2">2 = Autumn Leaves</option> <option value="3">3 = Country Christmas</option> </select> <br /> <input type="submit" class="txtbox" value="Submit" /> </td> </tr></table></form><?$update = mysql_query("Update headers set '$set' = '$text', tour = '$rrr'")or die('Error : ' .mysql_error()); if(isset($_POST['set'])) echo"<meta http-equiv='Refresh' content='0; URL=index.php'>";//$update = mysql_query("Update headers set $set = '" . mysql_real_escape_string($set) . "'")or die('Error : ' .mysql_error());?><table width="700" height="81" border="0" align="center" cellpadding="0" cellspacing="0" background="../images/header-700-81.jpg"> <tr> <td width="180" valign="middle"> </td> <td width="520" colspan="2" align="left" valign="middle" class="red-large-20"> <? echo $r['edit']; ?></td> </tr></table></body></html><?include '../includes/footer_L2.php';} else{echo "<link href=\"../includes/style.css\" rel=\"stylesheet\" type=\"text/css\" />";echo("<center><p> </p><p> </p><p> </p>Sorry, but you are not allowed to view this page!"); echo("<br><a href=\"../index.php\" target\"_self\" class=\"link\">BACK</a></center>");}?>