Mr FIAT - Your #1 source for vintage car parts

Anyone know PHP? Help me!

Currently reading:
Anyone know PHP? Help me!

bulldog5046

bulldog5046

faster! FASTER!!!
Parked in the garage Written a guide
Joined
May 8, 2005
Messages
9,053
Points
1,538
Howdee, i currently have this part of my site that compares the password from the database to check that it is correct and allow the user to login.

PHP: 
if (!(isset($_VARS['login_login']) && isset($_VARS['login_password']))) {
    if (@$_COOKIE['login_login'] && @$_COOKIE['login_password']) {
	$_VARS['login_login'] = $_COOKIE['login_login'];
	$_VARS['login_password'] = $_COOKIE['login_password'];
    }
}

problem comes that i'm currectly locking it all down to make it secure and now i need it to detect the password in MD5 and compare it.

i didnt write this so my knowledge is vague of it.

does anyone know how? can they please show me?

Thanks,
Ryan
 
okay ignore me, i fixed it, i was looking at the wrong code.

This part just retrives the password from the cookie and what the user has entered.

i have added the MD5 later in the script where it actually makes the comparison (y)
 
okay, heres another one for you.

i've added another field to my table called 'ip_address' for recording users ip addresses.

i have echo'd the variable to check it works and it is fine but for some reason its killing the signup script.

PHP: 
        $sql="
            INSERT INTO users 
            VALUES (
                NULL,
                '$s_email',md5('$s_password');,$s_ipod,$X_SESSION[referer_id],'$s_address',0,0,0,".time().",'$IP'
             )
        ";

can anyone see anything wrong here? neither me or my mate can.

i have also tried replacing '$IP' with a value '1' and set the default for this field in the database to '0' but its still killing the signup script with no errors.....

Much Appreciated,
Ryan

P.S if i NULL this value it still wont work!?
 
Last edited:
PHP: 
$sql="INSERT INTO users VALUES(NULL,'$s_email',md5('$s_password'),$s_ipod," . $X_SESSION[referer_id] . ",'$s_address',0,0,0,".time().",'$IP')";
I assume thats using the mysql md5 command, if it's php one, you need to obviously break out of the string and " . md ... include it

Plus you might need the " ' " around it... not sure...
 
ben said:
PHP: 
$sql="INSERT INTO users VALUES(NULL,'$s_email',md5('$s_password'),$s_ipod," . $X_SESSION[referer_id] . ",'$s_address',0,0,0,".time().",'$IP')";
I assume thats using the mysql md5 command, if it's php one, you need to obviously break out of the string and " . md ... include it

Plus you might need the " ' " around it... not sure...
Click to expand...

in "" its parsed by PHP, so not too much of an issue using php functions inside like that, though i would move the literal quotes outside --> 'md5($s_password)' :) Beacuase of this, the ". var ." is redundant. if using literal quotes this is needed... same goes for functions etc.

Are you sure you're putting the IP field in the right place? A way to force it is to include the field list directly after the table name --> "INSERT INTO users (f1, f2, f3 etc) VALUES (v1, v2, v3 etc)";

Also it will need to be a text datatype rather than numerical (and therefor needs wrapping with ' ') because of the multiple .'s

PHP: 
$s_password = md5($s_password);
$IP = $_SERVER["REMOTE_ADDR"];
$sql="INSERT INTO users(...) VALUES(NULL,'$s_email','$s_password', $s_ipod, $X_SESSION[referer_id], '$s_address',0,0,0,time(),'$IP')";
 
Luke said:
Are you sure you're putting the IP field in the right place? A way to force it is to include the field list directly after the table name --> "INSERT INTO users (f1, f2, f3 etc) VALUES (v1, v2, v3 etc)";
Click to expand...

i have tried this using the 'UPDATE' method.

PHP: 
dbExec("UPDATE users SET ip_address = $IP; WHERE id=$_VARS[id];");

still without success.

its becomming annoying now. i spent a good few hours last night medding about with it.

i'm curious to if the command 'dbExec' could be defining the fields in the database?
 
bulldog5046 said:
i have tried this using the 'UPDATE' method.

PHP: 
dbExec("UPDATE users SET ip_address = $IP; WHERE id=$_VARS[id];");

still without success.

its becomming annoying now. i spent a good few hours last night medding about with it.

i'm curious to if the command 'dbExec' could be defining the fields in the database?
Click to expand...

solved.

For anyone using the Smarty template i have discovered you use 'dbExec' to INSERT and use 'dbFastGet' to SELECT :) works a treat now :)
 
You must log in or register to reply here.

Similar threads

D
Recommend me a VPN
Replies
1
Views
6K
chris3234
C
levemircento
recommend me internet providings
Replies
19
Views
16K
levemircento
levemircento
hastingsmum
anyone good at fixing iphones?
Replies
7
Views
4K
hastingsmum
hastingsmum
hastingsmum
Multi ECU Scan settings help plz
Replies
15
Views
20K
varesecrazy
V
D
Anyone Else here Using Linux ?
Replies
14
Views
3K
Bodo
B
Back
Top