Jump to content
Larry Ullman's Book Forums

Search the Community

Showing results for tags 'mysql.'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Single Editions
    • Modern Javascript: Develop and Design
    • The Yii Book
    • Effortless Flex 4 Development
    • Building a Web Site with Ajax: Visual QuickProject
    • Ruby: Visual QuickStart Guide
    • C++ Programming: Visual QuickStart Guide
    • C Programming: Visual QuickStart Guide
    • Adobe AIR: Visual QuickPro Guide
  • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (5th Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (4th Edition)
    • PHP 6 and MySQL 5 for Dynamic Web Sites: Visual QuickPro Guide (3rd Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (2nd Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (1st Edition)
  • PHP for the Web: Visual QuickStart Guide
    • PHP for the Web: Visual QuickStart Guide (5th Edition)
    • PHP for the Web: Visual QuickStart Guide (4th Edition)
    • PHP for the Web: Visual QuickStart Guide (3rd Edition)
    • PHP for the World Wide Web: Visual QuickStart Guide (2nd Edition)
    • PHP for the World Wide Web: Visual QuickStart Guide (1st Edition)
  • Effortless E-commerce with PHP and MySQL
    • Effortless E-Commerce with PHP and MySQL (2nd Edition)
    • Effortless E-Commerce with PHP and MySQL
  • PHP Advanced: Visual QuickPro Guide
    • PHP Advanced and Object-Oriented Programming: Visual QuickPro Guide (3rd Edition)
    • PHP 5 Advanced: Visual QuickPro Guide (2nd Edition)
    • PHP Advanced: Visual QuickPro Guide
  • MySQL: Visual QuickStart Guide
    • MySQL: Visual QuickStart Guide (2nd Edition)
    • MySQL: Visual QuickStart Guide (1st Edition)
  • Other
    • Announcements
    • Newsletter, Blog, and Other Topics
    • Forum Issues
    • Social

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Found 1 result

  1. I am currently developing an E-Commerce website for a client. At the moment, I am suffering two major headaches: 1. When users (non admin) log into the site their values are met based on the database values stored and everything is fine, except I can log in at the moment without any credentials. Therefore, this represents a huge and potentially dangerous security risk! 2. When an authorised user (member in database "user") logs out, when they are redirected to index.php, it states that someone is still logged in session. Here is the code for login.inc.php, logout.php, config.inc.php and mysql.inc.php Login - login.inc.php <?php $login_errors = array(); if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $e = mysqli_real_escape_string ($dbc, $_POST['email']); } else { $login_errors['email'] = 'Please enter a valid email address!'; } if (!empty($_POST['pass'])) { $p = mysqli_real_escape_string ($dbc, $_POST['pass']); } else { $login_errors['pass'] = 'Please enter your password!'; } if (empty($login_errors)) { $q = "SELECT userID, username, type, IF(date_expires >= NOW(), true, false) FROM user WHERE(email='$e' AND pass='" . get_password_hash($p) . "')"; $r = mysqli_query ($dbc, $q); if (mysqli_num_rows($r) == 1) { // Get the data: $row = mysqli_fetch_array ($r, MYSQLI_NUM); // If the user is an administrator, create a new session ID to be safe: if ($row[2] == 'admin') { session_regenerate_id(true); $_SESSION['user_admin'] = true; } $_SESSION['userID'] = $row[0]; $_SESSION['username'] = $row[1]; if ($row[2] == 'admin') $_SESSION['user_admin'] = true; if ($row[3] == 1) $_SESSION['user_not_expired'] = true; echo '<div id="right">'; echo "<h1>Hi : <span>$row[1]</span></h1>"; echo '</div>'; } else { $login_errors['login'] = 'The email address and password do not match those on file.'; } } // End of $login_errors IF. Logging out - logout.php <?php require ('includes/config.inc.php'); // If the user isn't logged in, redirect them: redirect_invalid_user(); // Destroy the session: $_SESSION = array(); // Destroy the variables. if (session_id() != " " || isset($_COOKIE[session_name()])) setcookie(session_name(), '', time() - 2592000, '/'); session_destroy(); // Destroy the session itself. setcookie (session_name(), '', time()-300); // Destroy the cookie. // Include the header file: $page_title = 'Logout'; include ('includes/header.html'); // Print a customized message: include ('includes/main.html'); echo '<div id="right">'; echo '<h1>Logged : Out</h1>'; echo '<p>Thank you for visiting. You are now logged out. Please come back soon!</p>'; echo '</div>'; // Footer file needs the database connection: require (MYSQL); // Include the HTML footer: include ('includes/footer.html'); ?> Configuration File <?php $live = false; $contact_email = 'davids_media@yahoo.co.uk'; define ('BASE_URI', '/includes/'); define ('BASE_URL', '127.0.0.1:8080/hair_extensions/'); define ('MYSQL', BASE_URI . 'mysql.inc.php'); session_start(); if(isset($_SESSION['views'])) $_SESSION['views']=$_SESSION['views']+1; else $_SESSION['views']=1; echo "Views=". $_SESSION['views']; function my_error_handler ($e_number, $e_message, $e_file, $e_line, $e_vars) { global $live, $contact_email; $message = "An error occurred in script '$e_file' on line $e_line:\n$e_message\n"; $message .= print_r(debug_backtrace(), 1); $message .= print_r ($e_vars, 1); if (!$live) { echo '<div class="error">' . nl2br($message) . '</div>'; } else { error_log ($message, 1, $contact_email, 'From:lil_dave_morgan@yahoo.co.uk'); if ($e_number != E_NOTICE) { echo '<div class="error">A system error occurred. We apologize for the inconvenience.</div>'; } } return true; } set_error_handler ('my_error_handler'); function redirect_invalid_user($check = 'userID', $destination = 'index.php', $protocol = 'http://') { if (!isset($_SESSION[$check])) { $url = $protocol . BASE_URL . $destination; header("Location: $url"); exit(); } } Database Connection <?php DEFINE ('DB_USER', 'LilDaveM'); DEFINE ('DB_PASSWORD', 'dave'); DEFINE ('DB_HOST', 'localhost'); DEFINE ('DB_NAME', 'hairext'); $dbc = mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); mysqli_set_charset($dbc, 'utf8'); function escape_data ($data) { global $dbc; if (get_magic_quotes_gpc()) $data = stripslashes($data); return mysqli_real_escape_string ($dbc, trim ($data)); } function get_password_hash($password) { global $dbc; return mysqli_real_escape_string ($dbc, hash_hmac('sha256', $password, 'c#haRl891', true)); } ?> I apologise if this is very long winded but I have been trying for days to get to the bottom of this issue, help would be really really appreciated please.
×
×
  • Create New...