Mysql database and php

randyrr · 08-20-2009, 04:25 PM

Hey guys, i'm trying to set up a mysql database where an account status automatically default to inactive or '0'. When a user registers, it sends them an email for them to verify, after verification, the account become active or '1'.

nb.
1. I don't how to create it is inactive
2. Make active by user's when click 'link' in their email....

HELP PLEASEEEEEEEEE!!!!!

thanks alot guys!!!

**Redcore** · 08-21-2009, 08:47 PM

Do you have an account/login system already in place?

randyrr · 08-22-2009, 08:50 AM

Yeah, I do, I can log in and log out of the system, but how do i ensure that the account is still inactive after registration?

**Redcore** · 08-22-2009, 09:58 PM

Add a column to the database (user table) called "Active" or whatever you want as well as a column called "ActiveKey". When they first register, set the Active column to 0 and generate a random number to put in ActiveKey. Then send an email to them with a page to your site (verify.php or whatever) that has a form with an email box and a activation key box. Have that verify that the key matches the one in the database for that user. Alternatively you can include the key in the link in the email (ie: verify.php?key=023980823b093bjlkasdj388&email=joe@schmoe.com). Pretty simple system ;)

randyrr · 08-23-2009, 06:13 PM

thank you RedCore, cool, i understand the database part (moreless), but i'm not so good with the scripting part....what's the script to generate the random number and how do u out it in the "activationKey" column?

This is my php code that registers a user to the database, but how and where do i incorporate the code to generate the random key so they can verify?

Hey btw, that a million for even looking at this!!

PHP Code:


			
<?php

//session_start();

// Connect to the server            

        $db = mysql_connect("localhost", "username", "password") 

        or die("testing connection");

        echo ("connected");        



    



// connect to the db

        mysql_select_db("dbname", $db) or

        die("cannot connect to the database");

        echo(" <br />Connection  successful<br/>");



    $formstudent_fname = $_POST['student_fname'];

    echo "</br>"; 

    $formstudent_lname = $_POST['student_lname'];

    echo "</br>"; 

    $formstudent_address_no = $_POST['student_address_no'];

    echo "</br>"; 

    $formstudent_street_name = $_POST['student_street_name'];

    echo "</br>"; 

    $formstudent_phone = $_POST['student_phone'];

    echo "</br>"; 

    $formstudent_email = $_POST['student_email'];

    echo "</br>"; 

    $formstudent_username = $_POST['student_username'];

    echo "</br>"; 

    $formstudent_password = $_POST['student_password'];

    echo "</br>"; 

    $formstudent_password2 = $_POST['student_password2'];

    echo "</br>";



            



//check to see if the name exists in the current event table

$query = "SELECT student_username FROM student WHERE student_username = '$formstudent_username' ";

$results = mysql_query($query);



// this makes sure both passwords entered match

//if ($_POST['student_password'] != $_POST['student_password2']); {

//die('Your passwords did not match. ');

//}



// here we encrypt the password and add slashes if needed

$_POST['password'] = (md5($_POST['password']));

if (!get_magic_quotes_gpc()) {

$_POST['password'] = addslashes($_POST['password']);

$_POST['username'] = addslashes($_POST['username']);

}    





if (!mysql_num_rows($results) == 0) {     //exists within the table

echo "We're sorry, but this username is already taken, please try another username <a href=register.html> Click this link to register again</a>";

//*** output the list of names within the database

mysql_close();



//possible return FALSE?

//pop up box asking if user wishes to update the information

//yes update

//no cancel



} else { //does not exist within this table, continue & add to table

$results = "INSERT INTO student (student_fname,student_lname,student_address_no,student_street_name,student_phone,student_email,student_username,student_password,student_password2,active,activekey) VALUES ('$formstudent_fname','$formstudent_lname','$formstudent_address_no','$formstudent_street_name','$formstudent_phone','$formstudent_email','$formstudent_username','$formstudent_password','$formstudent_password2',0,'RAND(0)')";





echo "<h2>Thank you, $formstudent_fname, for registering with us, you may <a href=../login.html>login</a>now.<br /></h2>";





if (!mysql_query($results)) {

echo "<h1>We were unable to insert this record.<br />The error was: </h1>" .



mysql_error();

mysql_close();

}

}

?>

FredT · 08-23-2009, 09:32 PM

First, I don't think you need the ! on this line:

PHP Code:


			
if (!mysql_num_rows($results) == 0) {     //exists within the table

For your original problem...

PHP Code:


			
$random_key = uniqid();     //uniqid() generates a random string

Then put it in...

PHP Code:


			
$results = "INSERT INTO student (student_fname,student_lname,student_address_no,student_street_name,student_phone,student_email,student_username,student_password,student_password2,active,activekey) VALUES ('$formstudent_fname','$formstudent_lname','$formstudent_address_no','$formstudent_street_name','$formstudent_phone','$formstudent_email','$formstudent_username','$formstudent_password','$formstudent_password2',0,'$random_key')";

randyrr · 08-23-2009, 11:39 PM

It Works!!!! Thank you FredT!

i'm have to now use Argosoft Mail server together with MS Outlook for the purpose of this school project. I, however, need to send an email to the subscriber's address in so they could activate their's accounts.

I know it's beyond this thread, but do you know how to do that perhaps?

Thanks again buddy!!!
[[--merged from double-posting--]]
i have some sample php code i.e

PHP Code:


			
<?php

//define the receiver of the email

$to = 'name@server.com';

//define the subject of the email

$subject = 'Activation email'; 

//define the message to be sent. Each line should be separated with \n

$message = "Hello World!\n\nThis is my first mail."; 

//define the headers we want passed. Note that they are separated with \r\n

$headers = "From: name@server\r\nReply-To: [email]webmaster@example.com[/email]";

//send the email

$mail_sent = @mail( $to, $subject, $message, $headers );

//if the message is sent successfully print "Mail sent". Otherwise print "Mail failed" 

echo $mail_sent ? "Mail sent to $to" : "Mail failed";

?>

I'm a bit confused where 'localhost' comes in, because i think it's supposed to be done without actual internet access.....:(

[[Moderator's Note: please do not double-post. You may ask a member of staff to either edit your original post or merge consecutive posts. Thank you. —dm01]]

**Redcore** · 08-24-2009, 04:21 PM

The server needs mail enabled and Internet access in order to send out emails. It seems a little odd that they want you do it without Internet access but want authentication. Or maybe that's just your own feature. What you could do in that case is just make it look like it just sent an email but instead of doing that, it writes the verify URL to a text file (with the activation code, obviously) and you just copy that into your browser. You can explain that it's the same thing the email would have had, but you're doing this as a localized example.

PS: please use the PHP tags for your PHP code :)

randyrr · 08-24-2009, 09:44 PM

well, we're supposed to use Argosoft and MS Outlook together on localhost, does this make sense? (the localhost part?).. :-)

**Redcore** · 08-25-2009, 05:03 PM

Hmm...I've never done that sort of thing. Probably a question for the server guys in the Windows Server section...

randyrr · 08-26-2009, 04:24 PM

or...ohhk, thank buddy!!! I have some more questions but i need to do some more work first...

randyrr · 08-26-2009, 11:44 PM

hey, i wanna set up php sessions on a few pages, at the top of each page, i have

<?php
session_start();

if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
header ("Location: login.php");
}

?>

After a while i started getting a message saying, "This page has a redirect loop".

Now, i can logically assume that the sessions are not scripted properly,

PLZ HELP!!!

Let's say i have 6 pages (index.php being the home page)

1. Index.php
2. Courses.php
3. Personalize.php
4. Search.php
5. Upload.php
6. Welcome.php

I want to redirect anyone who is not logged in, back to the login.php page,

So what i did was put that piece of code at the top of each page...

Please correct me....

Randy

Gorge · 08-27-2009, 06:59 AM

a few hints:

security issue:
you should always escape user input, i.e.

PHP Code:

$query = "SELECT student_username FROM student WHERE student_username = '$formstudent_username' ";

should become

PHP Code:

$query = "SELECT student_username FROM student WHERE student_username = '" . mysql_escape_string($formstudent_username). "'";

If you don´t, your site will be open to sql injections.
catching errors
query submissions should be checked for success, so after

PHP Code:

$results = mysql_query($query);

you should add

PHP Code:

if (!$results) die('db query failed');

(btw: mysql_num_rows($results) would return -1 in that case)
magic quotes (fortunately they will remove them in php version 6):
If you´re not sure about the server settings, you should always check them. So

PHP Code:

$formstudent_fname = $_POST['student_fname']; [...] $formstudent_password2 = $_POST['student_password2']; echo "";

etc. would be safe to move to any server with this:

PHP Code:

$fields = array ( 'student_fname', 'student_lname', 'student_address_no', 'student_street_name', 'student_phone', 'student_email', 'student_username', 'student_password', 'student_password2' ); $magic_quotes_gpc = str_cmp(php_version(), '6')<0 && ini_get('magic_quotes_gpc'); if ($magic_quotes_gpc) foreach ($fields as $key) ${'form'.$key} = strip_slashes($_POST[$key]); else foreach ($fields as $key) ${'form'.$key} = $_POST[$key];
I´m not sure what sense these "echo '';" make, but you should turn them into proper HTML (echo ' ';) or XHTML (echo ' ';) - or remove them altogether.
If you´re sure you want to keep them, just append

PHP Code:

echo str_repeat(' ', count($fields));

to the magic quote stuff.

**Redcore** · 08-27-2009, 05:31 PM

I've asked a few times - PLEASE use the PHP tags to make it easier to read.

As far as your code:

PHP Code:


			
<?php

session_start();



if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {

header ("Location: login.php");

}



?>

That logic seems a bit funky. It's basically saying if LOGIN is not set and LOGIN does not equal '' (nothing)...go to 'login.php'.

Should just be simple:

PHP Code:


			
<?php

session_start();



if(empty($_SESSION['login'])) {

header ("Location: login.php");

}



?>

randyrr · 08-28-2009, 12:01 AM

Ohhhhh.......

I'm sorry RedCore, you won't believe I didn't know how to do that....LOL..

I'm not accustom to 'forums' and their rules u know?.... :(

Randyrr

**Redcore** · 08-28-2009, 12:18 PM

Around your code you just put: [ PHP ] code [ / PHP ]

(without the spaces) :)

randyrr · 08-28-2009, 12:28 PM

okk, thanks so i correct to say that i simply put that code on top every page that i watn top protect?

**Redcore** · 08-28-2009, 05:40 PM

Yeah. It should provide basic authentication. It depends how important the data you're trying to protect is. You could do implement a session token system, authenticating that token on each page call. There are quite a few articles out there on this sort of stuff when you Google it.

randyrr · 08-29-2009, 12:09 AM

Hey Redcore,

Here's what happening now, whenever i log in and go to welcome page, if i click on a page with the session code on it, it's going back to the login.php (somehow....Therefore, i still cannot access protected pages.... :(

Can you advise me what can this problem?

PHP Code:


			
<?php

session_start(); 



    if(empty($_SESSION['login'])) { 

    header ("Location: login.php"); 

    } 

?>

**Redcore** · 08-29-2009, 01:06 PM

I didn't see where you set this session variable in your login code. Could you post that?

08-20-2009, 04:25 PM	#1 (permalink)
randyrr Registered User Join Date: May 2009 Posts: 30 OS: xp sp3	Mysql database and php Hey guys, i'm trying to set up a mysql database where an account status automatically default to inactive or '0'. When a user registers, it sends them an email for them to verify, after verification, the account become active or '1'. nb. 1. I don't how to create it is inactive 2. Make active by user's when click 'link' in their email.... HELP PLEASEEEEEEEEE!!!!! thanks alot guys!!!

08-21-2009, 08:47 PM	#2 (permalink)
Redcore Design Team Member Join Date: Aug 2007 Location: Jamestown, CA Posts: 718 OS: Linux Mint 7 My System	Re: Mysql database and php Do you have an account/login system already in place? __________________ Free Resources PC Protection - Comodo Firewall \| AVG Anti-Virus \| WinPatrol \| Ad-Aware \| Spybot S&D \| SpywareBlaster \| Web Design/Programming - KompoZer (Editor) \| Paint.NET (Graphic) \| GIMP+GIMPShop (Graphic) \| FileZilla (FTP Client) \| Free Hosting \|

08-22-2009, 08:50 AM	#3 (permalink)
randyrr Registered User Join Date: May 2009 Posts: 30 OS: xp sp3	Re: Mysql database and php Yeah, I do, I can log in and log out of the system, but how do i ensure that the account is still inactive after registration?

08-22-2009, 09:58 PM	#4 (permalink)
Redcore Design Team Member Join Date: Aug 2007 Location: Jamestown, CA Posts: 718 OS: Linux Mint 7 My System	Re: Mysql database and php Add a column to the database (user table) called "Active" or whatever you want as well as a column called "ActiveKey". When they first register, set the Active column to 0 and generate a random number to put in ActiveKey. Then send an email to them with a page to your site (verify.php or whatever) that has a form with an email box and a activation key box. Have that verify that the key matches the one in the database for that user. Alternatively you can include the key in the link in the email (ie: verify.php?key=023980823b093bjlkasdj388&email=joe@schmoe.com). Pretty simple system ;) __________________ Free Resources PC Protection - Comodo Firewall \| AVG Anti-Virus \| WinPatrol \| Ad-Aware \| Spybot S&D \| SpywareBlaster \| Web Design/Programming - KompoZer (Editor) \| Paint.NET (Graphic) \| GIMP+GIMPShop (Graphic) \| FileZilla (FTP Client) \| Free Hosting \|

08-23-2009, 06:13 PM	#5 (permalink)
randyrr Registered User Join Date: May 2009 Posts: 30 OS: xp sp3	thank you RedCore, cool, i understand the database part (moreless), but i'm not so good with the scripting part....what's the script to generate the random number and how do u out it in the "activationKey" column? This is my php code that registers a user to the database, but how and where do i incorporate the code to generate the random key so they can verify? Hey btw, that a million for even looking at this!! PHP Code: <?php //session_start(); // Connect to the server $db = mysql_connect("localhost", "username", "password") or die("testing connection"); echo ("connected"); // connect to the db mysql_select_db("dbname", $db) or die("cannot connect to the database"); echo(" <br />Connection successful<br/>"); $formstudent_fname = $_POST['student_fname']; echo "</br>"; $formstudent_lname = $_POST['student_lname']; echo "</br>"; $formstudent_address_no = $_POST['student_address_no']; echo "</br>"; $formstudent_street_name = $_POST['student_street_name']; echo "</br>"; $formstudent_phone = $_POST['student_phone']; echo "</br>"; $formstudent_email = $_POST['student_email']; echo "</br>"; $formstudent_username = $_POST['student_username']; echo "</br>"; $formstudent_password = $_POST['student_password']; echo "</br>"; $formstudent_password2 = $_POST['student_password2']; echo "</br>"; //check to see if the name exists in the current event table $query = "SELECT student_username FROM student WHERE student_username = '$formstudent_username' "; $results = mysql_query($query); // this makes sure both passwords entered match //if ($_POST['student_password'] != $_POST['student_password2']); { //die('Your passwords did not match. '); //} // here we encrypt the password and add slashes if needed $_POST['password'] = (md5($_POST['password'])); if (!get_magic_quotes_gpc()) { $_POST['password'] = addslashes($_POST['password']); $_POST['username'] = addslashes($_POST['username']); } if (!mysql_num_rows($results) == 0) { //exists within the table echo "We're sorry, but this username is already taken, please try another username <a href=register.html> Click this link to register again</a>"; //*** output the list of names within the database mysql_close(); //possible return FALSE? //pop up box asking if user wishes to update the information //yes update //no cancel } else { //does not exist within this table, continue & add to table $results = "INSERT INTO student (student_fname,student_lname,student_address_no,student_street_name,student_phone,student_email,student_username,student_password,student_password2,active,activekey) VALUES ('$formstudent_fname','$formstudent_lname','$formstudent_address_no','$formstudent_street_name','$formstudent_phone','$formstudent_email','$formstudent_username','$formstudent_password','$formstudent_password2',0,'RAND(0)')"; echo "<h2>Thank you, $formstudent_fname, for registering with us, you may <a href=../login.html>login</a>now.<br /></h2>"; if (!mysql_query($results)) { echo "<h1>We were unable to insert this record.<br />The error was: </h1>" . mysql_error(); mysql_close(); } } ?> Last edited by dm01; 11-21-2009 at 02:02 PM. Reason: Please do not double-post. Ask a member of staff (red or purple user titles) via Private Message to edit or merge your posts. Thank you for helping us keep TSF a nice place to visit.

08-23-2009, 09:32 PM	#6 (permalink)
FredT Registered User Join Date: Nov 2007 Posts: 388 OS: Mac OS X 10.5.7 and XP SP2	Re: Mysql database and php First, I don't think you need the ! on this line: PHP Code: `if (!mysql_num_rows($results) == 0) { //exists within the table` For your original problem... PHP Code: `$random_key = uniqid(); //uniqid() generates a random string` Then put it in... PHP Code: `$results = "INSERT INTO student (student_fname,student_lname,student_address_no,student_street_name,student_phone,student_email,student_username,student_password,student_password2,active,activekey) VALUES ('$formstudent_fname','$formstudent_lname','$formstudent_address_no','$formstudent_street_name','$formstudent_phone','$formstudent_email','$formstudent_username','$formstudent_password','$formstudent_password2',0,'$random_key')";` Last edited by FredT; 08-23-2009 at 09:34 PM.

08-23-2009, 11:39 PM	#7 (permalink)
randyrr Registered User Join Date: May 2009 Posts: 30 OS: xp sp3	It Works!!!! Thank you FredT! i'm have to now use Argosoft Mail server together with MS Outlook for the purpose of this school project. I, however, need to send an email to the subscriber's address in so they could activate their's accounts. I know it's beyond this thread, but do you know how to do that perhaps? Thanks again buddy!!! [[--merged from double-posting--]] i have some sample php code i.e PHP Code: <?php //define the receiver of the email $to = 'name@server.com'; //define the subject of the email $subject = 'Activation email'; //define the message to be sent. Each line should be separated with \n $message = "Hello World!\n\nThis is my first mail."; //define the headers we want passed. Note that they are separated with \r\n $headers = "From: name@server\r\nReply-To: [email]webmaster@example.com[/email]"; //send the email $mail_sent = @mail( $to, $subject, $message, $headers ); //if the message is sent successfully print "Mail sent". Otherwise print "Mail failed" echo $mail_sent ? "Mail sent to $to" : "Mail failed"; ?> I'm a bit confused where 'localhost' comes in, because i think it's supposed to be done without actual internet access.....:( [[Moderator's Note: please do not double-post. You may ask a member of staff to either edit your original post or merge consecutive posts. Thank you. —dm01]] Last edited by dm01; 11-21-2009 at 02:02 PM. Reason: merging dbl-post and adding [php]

08-24-2009, 04:21 PM	#8 (permalink)
Redcore Design Team Member Join Date: Aug 2007 Location: Jamestown, CA Posts: 718 OS: Linux Mint 7 My System	Re: Mysql database and php The server needs mail enabled and Internet access in order to send out emails. It seems a little odd that they want you do it without Internet access but want authentication. Or maybe that's just your own feature. What you could do in that case is just make it look like it just sent an email but instead of doing that, it writes the verify URL to a text file (with the activation code, obviously) and you just copy that into your browser. You can explain that it's the same thing the email would have had, but you're doing this as a localized example. PS: please use the PHP tags for your PHP code :) __________________ Free Resources PC Protection - Comodo Firewall \| AVG Anti-Virus \| WinPatrol \| Ad-Aware \| Spybot S&D \| SpywareBlaster \| Web Design/Programming - KompoZer (Editor) \| Paint.NET (Graphic) \| GIMP+GIMPShop (Graphic) \| FileZilla (FTP Client) \| Free Hosting \|

08-24-2009, 09:44 PM	#9 (permalink)
randyrr Registered User Join Date: May 2009 Posts: 30 OS: xp sp3	Re: Mysql database and php well, we're supposed to use Argosoft and MS Outlook together on localhost, does this make sense? (the localhost part?).. :-)

08-25-2009, 05:03 PM	#10 (permalink)
Redcore Design Team Member Join Date: Aug 2007 Location: Jamestown, CA Posts: 718 OS: Linux Mint 7 My System	Re: Mysql database and php Hmm...I've never done that sort of thing. Probably a question for the server guys in the Windows Server section... __________________ Free Resources PC Protection - Comodo Firewall \| AVG Anti-Virus \| WinPatrol \| Ad-Aware \| Spybot S&D \| SpywareBlaster \| Web Design/Programming - KompoZer (Editor) \| Paint.NET (Graphic) \| GIMP+GIMPShop (Graphic) \| FileZilla (FTP Client) \| Free Hosting \|

08-26-2009, 04:24 PM	#11 (permalink)
randyrr Registered User Join Date: May 2009 Posts: 30 OS: xp sp3	Re: Mysql database and php or...ohhk, thank buddy!!! I have some more questions but i need to do some more work first...

08-26-2009, 11:44 PM	#12 (permalink)
randyrr Registered User Join Date: May 2009 Posts: 30 OS: xp sp3	Re: Mysql database and php hey, i wanna set up php sessions on a few pages, at the top of each page, i have <?php session_start(); if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) { header ("Location: login.php"); } ?> After a while i started getting a message saying, "This page has a redirect loop". Now, i can logically assume that the sessions are not scripted properly, PLZ HELP!!! Let's say i have 6 pages (index.php being the home page) 1. Index.php 2. Courses.php 3. Personalize.php 4. Search.php 5. Upload.php 6. Welcome.php I want to redirect anyone who is not logged in, back to the login.php page, So what i did was put that piece of code at the top of each page... Please correct me.... Randy

08-27-2009, 06:59 AM	#13 (permalink)
Gorge Registered User Join Date: Nov 2008 Posts: 13 OS: Vista Ultimate / Suse10 / debian sarge	Re: Mysql database and php a few hints: security issue: you should always escape user input, i.e. PHP Code: `$query = "SELECT student_username FROM student WHERE student_username = '$formstudent_username' ";` should become PHP Code: `$query = "SELECT student_username FROM student WHERE student_username = '" . mysql_escape_string($formstudent_username). "'";` If you don´t, your site will be open to sql injections. catching errors query submissions should be checked for success, so after PHP Code: `$results = mysql_query($query);` you should add PHP Code: `if (!$results) die('db query failed');` (btw: mysql_num_rows($results) would return -1 in that case) magic quotes (fortunately they will remove them in php version 6): If you´re not sure about the server settings, you should always check them. So PHP Code: `$formstudent_fname = $_POST['student_fname']; [...] $formstudent_password2 = $_POST['student_password2']; echo "</br>";` etc. would be safe to move to any server with this: PHP Code: `$fields = array ( 'student_fname', 'student_lname', 'student_address_no', 'student_street_name', 'student_phone', 'student_email', 'student_username', 'student_password', 'student_password2' ); $magic_quotes_gpc = str_cmp(php_version(), '6')<0 && ini_get('magic_quotes_gpc'); if ($magic_quotes_gpc) foreach ($fields as $key) ${'form'.$key} = strip_slashes($_POST[$key]); else foreach ($fields as $key) ${'form'.$key} = $_POST[$key];` I´m not sure what sense these "echo '</br>';" make, but you should turn them into proper HTML (echo '<br>';) or XHTML (echo '<br />';) - or remove them altogether. If you´re sure you want to keep them, just append PHP Code: `echo str_repeat('<br />', count($fields));` to the magic quote stuff.

08-27-2009, 05:31 PM	#14 (permalink)
Redcore Design Team Member Join Date: Aug 2007 Location: Jamestown, CA Posts: 718 OS: Linux Mint 7 My System	Re: Mysql database and php I've asked a few times - PLEASE use the PHP tags to make it easier to read. As far as your code: PHP Code: `<?php session_start(); if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) { header ("Location: login.php"); } ?>` That logic seems a bit funky. It's basically saying if LOGIN is not set and LOGIN does not equal '' (nothing)...go to 'login.php'. Should just be simple: PHP Code: `<?php session_start(); if(empty($_SESSION['login'])) { header ("Location: login.php"); } ?>` __________________ Free Resources PC Protection - Comodo Firewall \| AVG Anti-Virus \| WinPatrol \| Ad-Aware \| Spybot S&D \| SpywareBlaster \| Web Design/Programming - KompoZer (Editor) \| Paint.NET (Graphic) \| GIMP+GIMPShop (Graphic) \| FileZilla (FTP Client) \| Free Hosting \| Last edited by Redcore; 08-27-2009 at 05:32 PM.

08-28-2009, 12:01 AM	#15 (permalink)
randyrr Registered User Join Date: May 2009 Posts: 30 OS: xp sp3	Re: Mysql database and php Ohhhhh....... I'm sorry RedCore, you won't believe I didn't know how to do that....LOL.. I'm not accustom to 'forums' and their rules u know?.... :( Randyrr

08-28-2009, 12:18 PM	#16 (permalink)
Redcore Design Team Member Join Date: Aug 2007 Location: Jamestown, CA Posts: 718 OS: Linux Mint 7 My System	Re: Mysql database and php Around your code you just put: [ PHP ] code [ / PHP ] (without the spaces) :) __________________ Free Resources PC Protection - Comodo Firewall \| AVG Anti-Virus \| WinPatrol \| Ad-Aware \| Spybot S&D \| SpywareBlaster \| Web Design/Programming - KompoZer (Editor) \| Paint.NET (Graphic) \| GIMP+GIMPShop (Graphic) \| FileZilla (FTP Client) \| Free Hosting \|

08-28-2009, 12:28 PM	#17 (permalink)
randyrr Registered User Join Date: May 2009 Posts: 30 OS: xp sp3	Re: Mysql database and php okk, thanks so i correct to say that i simply put that code on top every page that i watn top protect?

08-28-2009, 05:40 PM	#18 (permalink)
Redcore Design Team Member Join Date: Aug 2007 Location: Jamestown, CA Posts: 718 OS: Linux Mint 7 My System	Re: Mysql database and php Yeah. It should provide basic authentication. It depends how important the data you're trying to protect is. You could do implement a session token system, authenticating that token on each page call. There are quite a few articles out there on this sort of stuff when you Google it. __________________ Free Resources PC Protection - Comodo Firewall \| AVG Anti-Virus \| WinPatrol \| Ad-Aware \| Spybot S&D \| SpywareBlaster \| Web Design/Programming - KompoZer (Editor) \| Paint.NET (Graphic) \| GIMP+GIMPShop (Graphic) \| FileZilla (FTP Client) \| Free Hosting \|

08-29-2009, 12:09 AM	#19 (permalink)
randyrr Registered User Join Date: May 2009 Posts: 30 OS: xp sp3	Re: Mysql database and php Hey Redcore, Here's what happening now, whenever i log in and go to welcome page, if i click on a page with the session code on it, it's going back to the login.php (somehow....Therefore, i still cannot access protected pages.... :( Can you advise me what can this problem? PHP Code: `<?php session_start(); if(empty($_SESSION['login'])) { header ("Location: login.php"); } ?>`

08-29-2009, 01:06 PM	#20 (permalink)
Redcore Design Team Member Join Date: Aug 2007 Location: Jamestown, CA Posts: 718 OS: Linux Mint 7 My System	Re: Mysql database and php I didn't see where you set this session variable in your login code. Could you post that? __________________ Free Resources PC Protection - Comodo Firewall \| AVG Anti-Virus \| WinPatrol \| Ad-Aware \| Spybot S&D \| SpywareBlaster \| Web Design/Programming - KompoZer (Editor) \| Paint.NET (Graphic) \| GIMP+GIMPShop (Graphic) \| FileZilla (FTP Client) \| Free Hosting \|