Title: [Bounty] Fix this php code for me .5 btc
Post by: BitcoinINV on September 06, 2012, 09:53:07 PM
<?php $con = mysql_connect("localhost","]",""); if (!$con) { die('Could not connect: ' .mysql_error()); } mysql_select_db("", $con); $username=$_POST['skiz22285']; $result = mysql_query("SELECT * FROM `users` LIMIT 0, 30 "); echo "<table border='1'> <tr>
<th> Email </th> <th> username </th>
</tr>";
{ echo "<tr>";
echo "<td>" .$row['email'] ."</td>"; echo "<td>" .$row['username'] ."</td>";
echo "</tr>"; } echo "</table>"; mysql_close ($con); ?> <html> <body> Login Successful <p><a href="index.php\">Click here to logout!</a></p> </body> </html>
What I need it to do is display the users mysql information, right now its just posting the email and username with no database outputs.
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: Bitsky on September 06, 2012, 09:58:40 PM
Try this: $rows=mysql_num_rows($result); for ($i=0; $i<$rows; $i++) { $row=mysql_fetch_array($result); echo "<tr>"; echo "<td>" .$row['email'] ."</td>"; echo "<td>" .$row['username'] ."</td>"; echo "</tr>"; }
If you don't need an incrementing counter, you could also do while ($row=mysql_fetch_array($result)) { echo "<tr>"; echo "<td>" .$row['email'] ."</td>"; echo "<td>" .$row['username'] ."</td>"; echo "</tr>"; } instead of the for-loop
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: BitcoinINV on September 06, 2012, 10:04:38 PM
Try this: $rows=mysql_num_rows($result); for ($i=0; $i<$rows; $i++) { $row=mysql_fetch_array($result); echo "<tr>";--------------------------------------------------------------------- Parse error echo "<td>" .$row['email'] ."</td>"; echo "<td>" .$row['username'] ."</td>"; echo "</tr>"; }
If you don't need an incrementing counter, you could also do while ($row=mysql_fetch_array($result)) { echo "<tr>"; echo "<td>" .$row['email'] ."</td>"; echo "<td>" .$row['username'] ."</td>"; echo "</tr>"; } instead of the for-loop Get a parse error
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: Bitsky on September 06, 2012, 10:14:32 PM
Just tested the following code without any problems <html> <body> <?php $con=mysql_connect('localhost', 'user', 'pass'); if (!$con) { die('Could not connect: '.mysql_error()); } mysql_select_db("db", $con); $username=$_POST['skiz22285']; $result=mysql_query("SELECT * FROM users LIMIT 0, 30"); echo "<table border='1'> <tr> <th>Email</th> <th>Username</th> </tr>"; $rows=mysql_num_rows($result); for ($i=0; $i<$rows; $i++) { $row=mysql_fetch_array($result); echo "<tr>"; echo "<td>".$row['email']."</td>"; echo "<td>".$row['username']."</td>"; echo "</tr>"; } echo "</table>"; mysql_close ($con); ?> Login Successful <p><a href="index.php\">Click here to logout!</a></p> </body> </html>
Also tested the while-loop with no problems.
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: BitcoinINV on September 06, 2012, 11:32:17 PM
The problem with that is it displays all the mysql data, its not user specific.
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: dree12 on September 06, 2012, 11:45:16 PM
<?php $con=mysql_connect('localhost', 'user', 'pass'); if (!$con) { die('Could not connect: '.mysql_error()); } mysql_select_db("db", $con); $username=$_POST['skiz22285']; $username=mysql_real_escape_string($username); $result=mysql_query("SELECT * FROM users WHERE username='$username'"); $row=mysql_fetch_array($result); echo "Email: ".$row['email']."<br/>"; echo "Username: ".$row['username']; mysql_close ($con); ?> Note that this uses $_POST['skiz22285'], which is probably not what you want.
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: BitcoinINV on September 07, 2012, 12:38:56 AM
the skiz22285 thing is just something for a troubleshooting guide I was reading but when I ran your code i got Parse error: syntax error, unexpected T_VARIABLE on line 78
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: gweedo on September 07, 2012, 12:41:32 AM
<?php $con=mysql_connect('localhost', 'user', 'pass'); if (!$con) { die('Could not connect: '.mysql_error()); } mysql_select_db("db", $con); $username=$_POST['skiz22285']; $username=mysql_real_escape_string($username); $result=mysql_query("SELECT * FROM users WHERE username='$username'"); $row=mysql_fetch_array($result); echo "Email: ".$row['email']."<br/>"; echo "Username: ".$row['username']; mysql_close ($con); ?>
he forgot a ; on the line of $username=mysql_real_escape_string($username)
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: dree12 on September 07, 2012, 01:11:31 AM
<?php $con=mysql_connect('localhost', 'user', 'pass'); if (!$con) { die('Could not connect: '.mysql_error()); } mysql_select_db("db", $con); $username=$_POST['skiz22285']; $username=mysql_real_escape_string($username); $result=mysql_query("SELECT * FROM users WHERE username='$username'"); $row=mysql_fetch_array($result); echo "Email: ".$row['email']."<br/>"; echo "Username: ".$row['username']; mysql_close ($con); ?>
he forgot a ; on the line of $username=mysql_real_escape_string($username)
That was it. Fixed now, it should work.
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: BitcoinINV on September 07, 2012, 01:14:22 AM
when you first login it shows it for about 1 second then goes it goes away.
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: payb.tc on September 07, 2012, 01:18:15 AM
when you first login it shows it for about 1 second then goes it goes away.
goes away to what? a blank page?
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: dree12 on September 07, 2012, 01:20:16 AM
when you first login it shows it for about 1 second then goes it goes away.
Try this full HTML page: <!DOCTYPE html> <html> <head> <title>Title</title> </head> <body> <p> <?php $con=mysql_connect('localhost', 'user', 'pass'); if (!$con) { die('Could not connect: '.mysql_error()); } mysql_select_db("db", $con); $username=$_POST['skiz22285']; $username=mysql_real_escape_string($username); $result=mysql_query("SELECT * FROM users WHERE username='$username'"); $row=mysql_fetch_array($result); echo "Email: ".$row['email']."<br/>"; echo "Username: ".$row['username']; mysql_close ($con); ?> </p> </body> </html>
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: BitcoinINV on September 07, 2012, 01:21:19 AM
no the users info shows up for a second then it goes away. Here is the whole page code <?php /* ********** Member Page ********** */ /* Include Code */ include("assets/member.inc.php"); /* Is an Action set? */ if(isset($_GET['action'])) { $action = $_GET['action']; } else { $action = null; } if(isset($_GET['subaction'])) { $subaction = $_GET['subaction']; } else { $subaction = null; } if($action == 'logout') { echo $member->logout(); $title = 'Logging user out'; $content = '<div class="notice info">You are being logged out...</div>'; } elseif($action == 'settings') { $member->LoggedIn(); $user = $member->data(); if($subaction == 'password') { $title = 'Change Password'; $content = $member->changePassword($user->id); } elseif($subaction == 'email') { $title = 'Change E-Mail'; $content = $member->changeEmail($user->id); } elseif($subaction == 'delete') { $title = 'Delete Account'; $content = $member->deleteAccount($user->id); } else { $title = 'Settings'; $content = '<a href="member.php?action=settings&subaction=password" class="button full">Change Password</a><a href="member.php?action=settings&subaction=email" class="button full">Change E-Mail</a><a href="member.php?action=settings&subaction=delete" class="button full">Delete Account</a>'; } } elseif($action == 'register') { $title = 'Create an account'; $content = $member->register() . '<p class="options group"><a href="member.php?action=login">Already have an account?</a> • <a href="member.php?action=recover-password">Recover Password</a></p>'; } elseif($action == 'recover-password') { $title = 'Recover your password'; $content = $member->recoverPassword() . '<p class="options group"><a href="member.php?action=login">Already have an account?</a></p>'; } elseif($action == 'verification') { $title = 'Your account has been verified'; $content = $member->verification() . '<p class="options group"><a href="member.php?action=login">Already have an account?</a></p>'; } else { $title = 'Login'; $content = $member->login() . '<p class="options group"><a href="member.php?action=register">Register</a> • <a href="member.php?action=recover-password">Recover Password</a></p>'; }
?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><?php echo $title; ?></title> <!--CSS Files--> <link rel="stylesheet" type="text/css" href="assets/css/style.css" /> <head> <title><?php echo $title; ?></title> <!--CSS Files--> <link rel="stylesheet" type="text/css" href="assets/css/style.css" /> </head> <body> <div id="members" class="group"> <h1><?php echo $title; ?></h1> <?php echo $content; ?> <html> <body> <?php $con=mysql_connect('localhost', 'xxx', 'xxxxx'); if (!$con) { die('Could not connect: '.mysql_error()); } mysql_select_db("xxxxxx", $con); $username=$_POST['username']; $username=mysql_real_escape_string($username); $result=mysql_query("SELECT * FROM users WHERE username='$username'"); $row=mysql_fetch_array($result); echo "Email: ".$row['email']."<br/>"; echo "Username: ".$row['username']; mysql_close ($con); ?> Login Successful <p><a href="index.php\">Click here to logout!</a></p> </body> </html>
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: scintill on September 07, 2012, 01:22:46 AM
when you first login it shows it for about 1 second then goes it goes away.
I think whoever fixed the code, has earned their bounty -- 99% sure this has nothing to do with the code you originally posted.
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: payb.tc on September 07, 2012, 01:24:03 AM
no the users info shows up for a second then it goes away. Here is the whole page code <?php /* ********** Member Page ********** */ /* Include Code */ include("assets/member.inc.php"); /* Is an Action set? */ if(isset($_GET['action'])) { $action = $_GET['action']; } else { $action = null; } if(isset($_GET['subaction'])) { $subaction = $_GET['subaction']; } else { $subaction = null; } if($action == 'logout') { echo $member->logout(); $title = 'Logging user out'; $content = '<div class="notice info">You are being logged out...</div>'; } elseif($action == 'settings') { $member->LoggedIn(); $user = $member->data(); if($subaction == 'password') { $title = 'Change Password'; $content = $member->changePassword($user->id); } elseif($subaction == 'email') { $title = 'Change E-Mail'; $content = $member->changeEmail($user->id); } elseif($subaction == 'delete') { $title = 'Delete Account'; $content = $member->deleteAccount($user->id); } else { $title = 'Settings'; $content = '<a href="member.php?action=settings&subaction=password" class="button full">Change Password</a><a href="member.php?action=settings&subaction=email" class="button full">Change E-Mail</a><a href="member.php?action=settings&subaction=delete" class="button full">Delete Account</a>'; } } elseif($action == 'register') { $title = 'Create an account'; $content = $member->register() . '<p class="options group"><a href="member.php?action=login">Already have an account?</a> • <a href="member.php?action=recover-password">Recover Password</a></p>'; } elseif($action == 'recover-password') { $title = 'Recover your password'; $content = $member->recoverPassword() . '<p class="options group"><a href="member.php?action=login">Already have an account?</a></p>'; } elseif($action == 'verification') { $title = 'Your account has been verified'; $content = $member->verification() . '<p class="options group"><a href="member.php?action=login">Already have an account?</a></p>'; } else { $title = 'Login'; $content = $member->login() . '<p class="options group"><a href="member.php?action=register">Register</a> • <a href="member.php?action=recover-password">Recover Password</a></p>'; }
?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><?php echo $title; ?></title> <!--CSS Files--> <link rel="stylesheet" type="text/css" href="assets/css/style.css" /> <head> <title><?php echo $title; ?></title> <!--CSS Files--> <link rel="stylesheet" type="text/css" href="assets/css/style.css" /> </head> <body> <div id="members" class="group"> <h1><?php echo $title; ?></h1> <?php echo $content; ?> <html> <body> <?php $con=mysql_connect('localhost', 'xxx', 'xxxxx'); if (!$con) { die('Could not connect: '.mysql_error()); } mysql_select_db("xxxxxx", $con); $username=$_POST['username']; $username=mysql_real_escape_string($username); $result=mysql_query("SELECT * FROM users WHERE username='$username'"); $row=mysql_fetch_array($result); echo "Email: ".$row['email']."<br/>"; echo "Username: ".$row['username']; mysql_close ($con); ?> Login Successful <p><a href="index.php\">Click here to logout!</a></p> </body> </html> well first of all, this code has two heads remove one of them: <head> <title><?php echo $title; ?></title> <!--CSS Files--> <link rel="stylesheet" type="text/css" href="assets/css/style.css" /> then change <?php echo $content; ?> <html> <body> <?php to <?php echo $content; ?> <?php
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: scintill on September 07, 2012, 01:27:07 AM
no the users info shows up for a second then it goes away. Here is the whole page code
You've got nested <head>'s and <body>'s, this could cause the "going away". no the users info shows up for a second then it goes away. Here is the whole page code
EDIT: bah, you can't put formatting into the middle of code blocks. What payb.tc said. :)
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: BitcoinINV on September 07, 2012, 01:31:46 AM
when you first login it shows it for about 1 second then goes it goes away.
I think whoever fixed the code, has earned their bounty -- 99% sure this has nothing to do with the code you originally posted. I was getting the same results as, I am with there code so... no the users info shows up for a second then it goes away. Here is the whole page code <?php /* ********** Member Page ********** */ /* Include Code */ include("assets/member.inc.php"); /* Is an Action set? */ if(isset($_GET['action'])) { $action = $_GET['action']; } else { $action = null; } if(isset($_GET['subaction'])) { $subaction = $_GET['subaction']; } else { $subaction = null; } if($action == 'logout') { echo $member->logout(); $title = 'Logging user out'; $content = '<div class="notice info">You are being logged out...</div>'; } elseif($action == 'settings') { $member->LoggedIn(); $user = $member->data(); if($subaction == 'password') { $title = 'Change Password'; $content = $member->changePassword($user->id); } elseif($subaction == 'email') { $title = 'Change E-Mail'; $content = $member->changeEmail($user->id); } elseif($subaction == 'delete') { $title = 'Delete Account'; $content = $member->deleteAccount($user->id); } else { $title = 'Settings'; $content = '<a href="member.php?action=settings&subaction=password" class="button full">Change Password</a><a href="member.php?action=settings&subaction=email" class="button full">Change E-Mail</a><a href="member.php?action=settings&subaction=delete" class="button full">Delete Account</a>'; } } elseif($action == 'register') { $title = 'Create an account'; $content = $member->register() . '<p class="options group"><a href="member.php?action=login">Already have an account?</a> • <a href="member.php?action=recover-password">Recover Password</a></p>'; } elseif($action == 'recover-password') { $title = 'Recover your password'; $content = $member->recoverPassword() . '<p class="options group"><a href="member.php?action=login">Already have an account?</a></p>'; } elseif($action == 'verification') { $title = 'Your account has been verified'; $content = $member->verification() . '<p class="options group"><a href="member.php?action=login">Already have an account?</a></p>'; } else { $title = 'Login'; $content = $member->login() . '<p class="options group"><a href="member.php?action=register">Register</a> • <a href="member.php?action=recover-password">Recover Password</a></p>'; }
?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><?php echo $title; ?></title> <!--CSS Files--> <link rel="stylesheet" type="text/css" href="assets/css/style.css" /> <head> <title><?php echo $title; ?></title> <!--CSS Files--> <link rel="stylesheet" type="text/css" href="assets/css/style.css" /> </head> <body> <div id="members" class="group"> <h1><?php echo $title; ?></h1> <?php echo $content; ?> <html> <body> <?php $con=mysql_connect('localhost', 'xxx', 'xxxxx'); if (!$con) { die('Could not connect: '.mysql_error()); } mysql_select_db("xxxxxx", $con); $username=$_POST['username']; $username=mysql_real_escape_string($username); $result=mysql_query("SELECT * FROM users WHERE username='$username'"); $row=mysql_fetch_array($result); echo "Email: ".$row['email']."<br/>"; echo "Username: ".$row['username']; mysql_close ($con); ?> Login Successful <p><a href="index.php\">Click here to logout!</a></p> </body> </html> well first of all, this code has two heads remove one of them: <head> <title><?php echo $title; ?></title> <!--CSS Files--> <link rel="stylesheet" type="text/css" href="assets/css/style.css" /> then change <?php echo $content; ?> <html> <body> <?php to <?php echo $content; ?> <?php Still nothing lol been working on this for close to 3 hours now...... brain fried fixed all that payb.tc said with no avail lol, came from all the cuting and pasting trying to fix this dang thing
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: BitcoinINV on September 07, 2012, 01:33:13 AM
Update on what the code looks like so far ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><?php echo $title; ?></title> <!--CSS Files--> <link rel="stylesheet" type="text/css" href="assets/css/style.css" />
<body> <div id="members" class="group"> <?php echo $content; ?>
<?php <?php $con=mysql_connect('localhost', '', ''); if (!$con) { die('Could not connect: '.mysql_error()); } mysql_select_db("", $con); $username=$_POST['username']; $username=mysql_real_escape_string($username); $result=mysql_query("SELECT * FROM users WHERE username='$username'"); $row=mysql_fetch_array($result); echo "Email: ".$row['email']."<br/>"; echo "Username: ".$row['username']; mysql_close ($con); ?> </p> </body> </html>
Login Successful <p><a href="index.php\">Click here to logout!</a></p> </body> </html>
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: gweedo on September 07, 2012, 01:35:36 AM
Update on what the code looks like so far ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><?php echo $title; ?></title> <!--CSS Files--> <link rel="stylesheet" type="text/css" href="assets/css/style.css" />
<body> <div id="members" class="group"> <?php echo $content; ?>
<?php <?php $con=mysql_connect('localhost', '', ''); if (!$con) { die('Could not connect: '.mysql_error()); } mysql_select_db("", $con); $username=$_POST['username']; $username=mysql_real_escape_string($username); $result=mysql_query("SELECT * FROM users WHERE username='$username'"); $row=mysql_fetch_array($result); echo "Email: ".$row['email']."<br/>"; echo "Username: ".$row['username']; mysql_close ($con); ?> </p> </body> </html>
Login Successful <p><a href="index.php\">Click here to logout!</a></p> </body> </html> remove the ?> at the top
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: dree12 on September 07, 2012, 01:36:58 AM
Update on what the code looks like so far ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><?php echo $title; ?></title> <!--CSS Files--> <link rel="stylesheet" type="text/css" href="assets/css/style.css" />
<body> <div id="members" class="group"> <?php echo $content; ?>
<?php $username=$_POST['username']; $username=mysql_real_escape_string($username); $result=mysql_query("SELECT * FROM users WHERE username='$username'"); $row=mysql_fetch_array($result); echo "Email: ".$row['email']."<br/>"; echo "Username: ".$row['username']; mysql_close ($con); ?> </p> </body> </html>
Login Successful <p><a href="index.php\">Click here to logout!</a></p> </body> </html> Do the following: - Remove ?> at the beginning of the code.
- Add "</head>" after <link rel="stylesheet" type="text/css" href="assets/css/style.css" />
- Add "</div>" after <?php echo $content; ?>
- Add "<p>" after the </div> you just added.
- Remove the first "</body></html>", located right after the </p>.
- Put back the "$con=mysql_connect('localhost', '', '');
if (!$con) { die('Could not connect: '.mysql_error()); } mysql_select_db("", $con);".
The code should look like this: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><?php echo $title; ?></title> <!--CSS Files--> <link rel="stylesheet" type="text/css" href="assets/css/style.css" /> </head>
<body> <div id="members" class="group"> <?php echo $content; ?> </div>
<p> <?php $con=mysql_connect('localhost', '', '') or die('Could not connect: '.mysql_error()); mysql_select_db("", $con); $username=$_POST['username']; $username=mysql_real_escape_string($username); $result=mysql_query("SELECT * FROM users WHERE username='$username'"); $row=mysql_fetch_array($result); echo "Email: ".$row['email']."<br/>"; echo "Username: ".$row['username']; mysql_close ($con); ?> </p>
Login Successful <p><a href="index.php\">Click here to logout!</a></p> </body> </html>
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: payb.tc on September 07, 2012, 01:41:05 AM
fixed all that payb.tc said with no avail lol, came from all the cuting and pasting trying to fix this dang thing
yeah, i didn't say to remove </head>, you thought of that all by yourself :P
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: BitcoinINV on September 07, 2012, 01:47:28 AM
Since We are getting no where I guess, I should let you guys see what is happening lol.
http://www.bitcoininvestorscreditunion.com/member.php Username is username2 password is password
watch as it switches you will see how it displays it then vanishes
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: dree12 on September 07, 2012, 01:49:34 AM
Since We are getting no where I guess, I should let you guys see what is happening lol.
http://www.bitcoininvestorscreditunion.com/member.php Username is username2 password is password
watch as it switches you will see how it displays it then vanishes
<meta http-equiv="refresh" content="2;url=" />
Get rid of this.
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: BitcoinINV on September 07, 2012, 01:52:01 AM
Don't even see that in the code lol
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: dree12 on September 07, 2012, 01:53:35 AM
Don't even see that in the code lol
Here is the browser-side code: <meta http-equiv="refresh" content="2;url=" /><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Login</title> <!--CSS Files--> <link rel="stylesheet" type="text/css" href="assets/css/style.css" /> </head>
<body> <div id="members" class="group"> <div class="notice success">Authentication Success</div><p class="options group"><a href="member.php?action=register">Register</a> • <a href="member.php?action=recover-password">Recover Password</a></p></div>
<p> Email: skiz22285@yahoo.com<br/>Username: username2</p>
Login Successful <p><a href="index.php\">Click here to logout!</a></p> </body> </html>
Right before the DOCTYPE, is a meta refresh tag. Remove that.
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: BitcoinINV on September 07, 2012, 01:59:32 AM
I promise you that tag is not in my code that I can see. Is there some way it would be hidden in there?
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: dree12 on September 07, 2012, 02:00:50 AM
I promise you that tag is not in my code that I can see. Is there some way it would be hidden in there?
Could you post "assets/member.inc.php"?
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: BitcoinINV on September 07, 2012, 02:03:32 AM
<?php /* ********** Member Page ********** */ /* Include Class */ require_once('config.inc.php'); require_once("database.class.php"); require_once("member.class.php"); /* Start an instance of the Database Class */ $database = new database(); /* Create an instance of the Member Class */ $member = new member(); ?> This is what is in there lol, I checked config, member and Im pretty sure its not in the db one
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: dree12 on September 07, 2012, 02:07:38 AM
<?php /* ********** Member Page ********** */ /* Include Class */ require_once('config.inc.php'); require_once("database.class.php"); require_once("member.class.php"); /* Start an instance of the Database Class */ $database = new database(); /* Create an instance of the Member Class */ $member = new member(); ?> This is what is in there lol, I checked config, member and Im pretty sure its not in the db one It's most likely in there somewhere, as it is before the doctype. It'd be helpful if you post the three included files.
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: BitcoinINV on September 07, 2012, 02:11:33 AM
config ?php /* * Config Include * * Used to write config information into a static var to be * used anywhere */
/* * Get the Config class */ require_once('config.class.php');
/* * Write settings to the config */ Config::write('hostname', 'l') Config::write('database', ''); Config::write('username', ''); Config::write('password', ''); Config::write('drivers', array(PDO::ATTR_PERSISTENT => true));
Config::write('hash', 'sha512'); /* Once set DO NOT CHANGE (sha512/bcrypt) */
Config::write('bcryptRounds', '12');
Config::write('remember', true);
Config::write('captcha', true);
Config::write('email_template', 'Default'); Config::write('email_master', 'admin@bitcoininvestorscreditunion.com'); Config::write('email_welcome', false); Config::write('email_verification', true); ?> database <?php /* * Database Class * * Handles all the connections via PDO */ class database { /* * @var $pdo A reference to the PDO instance; * Also used for connecions via PDO. */ public $pdo = null; /* * @var $statement Used to contain query for prepared statments; * Also used for value binding & execution */ public $statement = null; /* * Database Constructor * * This method is used to create a new database object with a connection to a datbase */ public function __construct() { /* Try the connections */ try { /* Create a connections with the supplied values */ $this->pdo = new PDO("mysql:host=" . Config::read('hostname') . ";dbname=" . Config::read('database') . "", Config::read('username'), Config::read('password'), Config::read('drivers')); } catch(PDOException $e) { /* If any errors echo the out and kill the script */ print "<b>[DATABASE] Error - Connection Failed:</b> " . $e->getMessage() . "<br/>"; die(); } } /* * Database Query * * This method is used to create a new database prepared query * * @param string $query The prepared statement query to the database * @param array|string $bind All the variables to bind to the prepared statement * @return return the executed string */ public function query($query, $bind = null, $fetch = 'FETCH_ASSOC') { /* Prepare the query statement */ $this->statement = $this->pdo->prepare($query); /* Bind each value supplied from $bind */ if($bind != null) { foreach($bind as $select => $value) { /* For each type of value give the appropriate param */ if(is_int($value)) { $param = PDO::PARAM_INT; } elseif(is_bool($value)) { $param = PDO::PARAM_BOOL; } elseif(is_null($value)) { $param = PDO::PARAM_NULL; } elseif(is_string($value)) { $param = PDO::PARAM_STR; } else { $param = FALSE; } /* Bid value */ if($param) { $this->statement->bindValue($select, $value, $param); } } } /* Execute Query & check for any errors */ if(!$this->statement->execute()){ $result = array( 1 => 'false', 2 => '<b>[DATABASE] Error - Query:</b> There was an error in sql syntax', ); return $result; } /* Return all content */ if($fetch == 'FETCH_ASSOC') { $result = $this->statement->fetch(PDO::FETCH_ASSOC); } elseif($fetch == 'FETCH_BOTH') { $result = $this->statement->fetch(PDO::FETCH_BOTH); } elseif($fetch == 'FETCH_LAZY') { $result = $this->statement->fetch(PDO::FETCH_LAZY); } elseif($fetch == 'FETCH_OBJ') { $result = $this->statement->fetch(PDO::FETCH_OBJ); } elseif($fetch == 'fetchAll') { $result = $this->statement->fetchAll(); } return $result; } } ?> The member one is empty
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: dree12 on September 07, 2012, 02:22:54 AM
Okay, the hunt for the meta refresh is really going nowhere. Keep looking for it, and remove it when you find it. Meanwhile, a workaround is to keep the user logged in.
At the top of the page: <?php // Start or resume a session session_start(); ?>
In the "Login successful" area of the code: <?php $con=mysql_connect('localhost', '', '') or die('Could not connect: '.mysql_error()); mysql_select_db("", $con); // If we have a login active, assume authentication if (isset($_SESSION['username'])) $username = $_SESSION['username']; // Otherwise, we will authenticate the password else { $username=$_POST['username']; $username=mysql_real_escape_string($username); // PUT YOUR PASSWORD AUTHENTICATION HERE $_SESSION['username'] = $username; }
// Now, we display the email and username as requested $result=mysql_query("SELECT * FROM users WHERE username='$username'"); $row=mysql_fetch_array($result); echo "Email: ".$row['email']."<br/>"; echo "Username: ".$row['username'];
// Finally, close our connection mysql_close ($con); ?>
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: BitcoinINV on September 07, 2012, 02:35:31 AM
I figured it out on my own.... But dree for all your help I would like to pay you and also, ask if you would be willing to help me with code ass need of course you will be paid whats the address? The code that needed to be changed was..... drum roll $result=mysql_query("SELECT * FROM users WHERE username='$username'"); To $result=mysql_query("SELECT * FROM `users` LIMIT 0, 30 ");
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: dree12 on September 07, 2012, 02:39:23 AM
I figured it out on my own.... But dree for all your help I would like to pay you and also, ask if you would be willing to help me with code ass need of course you will be paid whats the address? The code that needed to be changed was..... drum roll $result=mysql_query("SELECT * FROM users WHERE username='$username'"); To $result=mysql_query("SELECT * FROM `users` LIMIT 0, 30 "); I don't think this does what you think it does. This happens to work with only one user, but if the number of users increase, then there will be a problem. My address is 16GF23SM6mprHQt55Acav2d2NhzrM5obYF. I will divide the amount up to the others who have helped appropriately.
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: Inaba on September 07, 2012, 02:41:35 AM
For the love of god, turn this off of a live server right now. It's like a poster child for an SQL injection exploit. Never. Ever. Ever. Ever. Ever. put raw, unsanitized data into your SQL query. mysql_real_escape_string() is not enough.
Also (and I'm guilty of this, I admit) do not die with the mysql_error. Give a generic message and log the error somewhere that is not open to the public.
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: BitcoinINV on September 07, 2012, 02:42:01 AM
Sent your right lol it just shows my login name and email... its got to be something in that line then
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: gweedo on September 07, 2012, 02:45:06 AM
For the love of god, turn this off of a live server right now. It's like a poster child for an SQL injection exploit. Never. Ever. Ever. Ever. Ever. put raw, unsanitized data into your SQL query. mysql_real_escape_string() is not enough.
Also (and I'm guilty of this, I admit) do not die with the mysql_error. Give a generic message and log the error somewhere that is not open to the public.
but PDO would be over his head obviously, so can't really help him
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: BitcoinINV on September 07, 2012, 02:45:27 AM
For the love of god, turn this off of a live server right now. It's like a poster child for an SQL injection exploit. Never. Ever. Ever. Ever. Ever. put raw, unsanitized data into your SQL query. mysql_real_escape_string() is not enough.
Figured double salt would stop that but I don't know much about coding this is my first shot lol. Have a friend how does site security going to get him to give it a go over when Im all done
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: payb.tc on September 07, 2012, 02:47:37 AM
For the love of god, turn this off of a live server right now. It's like a poster child for an SQL injection exploit. Never. Ever. Ever. Ever. Ever. put raw, unsanitized data into your SQL query. mysql_real_escape_string() is not enough.
Also (and I'm guilty of this, I admit) do not die with the mysql_error. Give a generic message and log the error somewhere that is not open to the public.
financial website + $5 dev budget + source posted on public forum what could possibly go wrong? :D
Title: Re: [Bounty] Fix this php code for me .5 btc
Post by: BitcoinINV on September 07, 2012, 02:48:34 AM
For the love of god, turn this off of a live server right now. It's like a poster child for an SQL injection exploit. Never. Ever. Ever. Ever. Ever. put raw, unsanitized data into your SQL query. mysql_real_escape_string() is not enough.
Also (and I'm guilty of this, I admit) do not die with the mysql_error. Give a generic message and log the error somewhere that is not open to the public.
but PDO would be over his head obviously, so can't really help him I don't want to here nothing after that horrible website you posted the other day and you call yourself a pro lol. I'm a straight noob at coding and my shit looks 10 times better then yours. Bet everyone wishes they could use one page email forms. This is going no where time to lock...
|