Welcome! Log In Create A New Profile

Advanced

Question regarding the practical

Posted by 77695976gillon 
Announcements Last Post
Announcement SoC Curricula 09/30/2017 01:08PM
Announcement Demarcation or scoping of examinations and assessment 02/13/2017 07:59AM
Announcement School of Computing Short Learning Programmes 11/24/2014 08:37AM
Announcement Unisa contact information 07/28/2011 01:28PM
Forums Messages New
avatar
Mac
Re: Question regarding the practical
October 26, 2012 04:11PM
Oh I see..... I missed the purpose.

These two functions has more to do with storing HTML in the database and/or printing your form.

Best to use a class like this http://htmlpurifier.org/ to manage it for you, because it can get tricky (which is why there are classes that you can download as opposed to trying your hand yourself).

While we're at it: http://www.ibm.com/developerworks/opensource/library/os-php-secure-apps/index.html.It never stops, does it? Typically, you get hacked THEN you search for information like this....
Reply Quote
avatar
77726812Lancevjm
Re: Question regarding the practical
October 26, 2012 05:57PM
awesome! thanks Mac. Enjoy the weekend!thumbs up

Oh, just if anyone clicks that second link there was a small oopsy on it lol! heres the non oopsy'd one: http://www.ibm.com/developerworks/opensource/library/os-php-secure-apps/
Reply Quote
avatar
77726812Lancevjm
Re: Question regarding the practical
October 26, 2012 06:19PM
ok.. . so the html purifier just klapped me for a 6. Any read it and understand how to use it???confused smiley
Reply Quote
77686160
Re: Question regarding the practical
October 27, 2012 02:03PM
Thanks for the advice on deleting courses. It worked! I have another problem re: logging in. On top of each page except the first index page I have this script: 

Language: PHP
<?PHP
session_start();
if (!(isset($_SESSION[';login';]) && $_SESSION[';login';] != ';';)) {
	header ("Location: index.php");
}
?>

On the index page I have this to log in:
But even when I log in with passwords and username that I put into the database in the login table I can't log in, it throws me to index each time. What am I doing wrong? 

Language: PHP
<?php
 
$uname = "";
$pword = "";
$errorMessage = "";
$num_rows = 0;
 
function quote_smart($value, $handle) {
 
   if (get_magic_quotes_gpc()) {
       $value = stripslashes($value);
   }
 
   if (!is_numeric($value)) {
       $value = "';" . mysql_real_escape_string($value, $handle) . "';";
   }
   return $value;
}
 
if ($_SERVER[';REQUEST_METHOD';] == ';POST';){
	$uname = $_POST[';username';];
	$pword = $_POST[';password';];
 
	$uname = htmlspecialchars($uname);
	$pword = htmlspecialchars($pword);
 
 
	$user_name = "root";
	$pass_word = "";
	$database = "registration";
	$server = "localhost";
 
	$db_handle = mysql_connect($server, $user_name, $pass_word);
	$db_found = mysql_select_db($database, $db_handle);
 
	if ($db_found) {
 
		$uname = quote_smart($uname, $db_handle);
		$pword = quote_smart($pword, $db_handle);
 
		$SQL = "SELECT * FROM login WHERE uname = ';$uname'; AND pword = ';$pword';";
		$result = mysql_query($SQL);
		$num_rows = mysql_num_rows($result);
 
 
		if ($result) {
			if ($num_rows > 0) {
				session_start();
				$_SESSION[';login';] = "1";
				header ("Location: loggedin.php");
			}
			else {
 
				session_start();
				$_SESSION[';login';] = "";
				header ("Location: signup.php");
			}	
		}
		else {
			$errorMessage = "Error logging on";
		}
 
	mysql_close($db_handle);
	}
 
	else {
		$errorMessage = "Error logging on";
	}
}
 
?>
Reply Quote
Anonymous User
Re: Question regarding the practical
October 27, 2012 08:44PM
77686160 I wish I could help you here, have you tried joining a coding forum like http://forum.codecall.net these guys are experts, always someone willing to help, they surely will
Reply Quote
avatar
77726812Lancevjm
Re: Question regarding the practical
October 27, 2012 10:28PM
@77686160 use the double "==" in your second condition, i dont know if it would help to have the inverted comma's as well, like below 

Language: PHP
<?PHP
session_start();
if (!(isset($_SESSION[';login';]) && $_SESSION[';login';] !== "")) {
	header ("Location: index.php");
}
?>

hopefully that helps
Reply Quote
avatar
Mac
Re: Question regarding the practical
October 28, 2012 04:27PM
No need for both 

Language: PHP
if (!isset($_SESSION[';login';])) {
Reply Quote
avatar
77726812Lancevjm
Re: Question regarding the practical
October 28, 2012 10:54PM
I got my function sanitise($reg_data){ to work grinning smiley i didn't make the variable $reg_data global, so it didn't recognise the "new data" outside the function. works like a BOMB!hot smiley
Reply Quote
77686160
Re: Question regarding the practical
October 29, 2012 07:59AM
Thank you, that helped
Reply Quote
Page 2 of 2    Pages: Previous12
Newer Topic Older Topic
Sorry, only registered users may post in this forum.

Click here to login