Show DevBest [PHP] Membership system.

TyleRJc

TyleRJc

Member
Jun 19, 2011
67
12
I See you're using
PHP: 
$username = $_POST['username'];
$password = $_POST['password'];
if(isset($_POST['submit']))
{

Use This instead, As the above gives errors.
PHP: 
if(isset($_POST['submit'])) {
  $username = mysql_real_escape_string($_POST['username']);
  $password = $_POST['password'];
 
Weasel

Weasel

👄 I'd intercept me
Nov 25, 2011
4,135
2,461
Christian Brown said:
database structure link is not working
Click to expand...
It's not even that hard...
You must be registered for see links


Code: 
CREATE TABLE IF NOT EXISTS `users` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `username` varchar(80) NOT NULL,
  `email` varchar(100) NOT NULL,
  `password` varchar(80) NOT NULL,
  `fullname` varchar(60) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=29 ;
 
Alam

Alam

shietttt
Jul 3, 2011
433
166
Sorry for the outdates, this script is really old. I am going to update it in a bit.
 
Kyle

Kyle

Member
Jul 4, 2010
61
8
You should really use:
PHP: 
htmlentities()
When getting things from database base:
PHP: 
echo htmlentities($_SESSION['user']);
Because if you don't you will get people trying to SQL inject, they could create a username: Hi<script>alert('Hi');</script>
If you don't htmlentities() then you would get javascript alerts.
 
Weasel

Weasel

👄 I'd intercept me
Nov 25, 2011
4,135
2,461
Kyle said:
You should really use:
PHP: 
htmlentities()
When getting things from database base:
PHP: 
echo htmlentities($_SESSION['user']);
Because if you don't you will get people trying to SQL inject, they could create a username: Hi<script>alert('Hi');</script>
If you don't htmlentities() then you would get javascript alerts.
Click to expand...
A $_SESSION hasn't anything to do with SQL...
 
Weasel

Weasel

👄 I'd intercept me
Nov 25, 2011
4,135
2,461
Kyle said:
I know, look through me.php code:
PHP: 
echo "<a href='me.php'>".$_SESSION['user'] ."</a> |";
echos username....
Click to expand...
Yes... the username in the SESSION. If I make this code:
PHP: 
$_SESSION['user'] = 'Holmes'
the code you gave would have echod Holmes. So your argument is quite invalid, sir.
 
Kyle

Kyle

Member
Jul 4, 2010
61
8
Holmes said:
Yes... the username in the SESSION. If I make this code:
PHP: 
$_SESSION['user'] = 'Holmes'
the code you gave would have echod Holmes. So your argument is quite invalid, sir.
Click to expand...


Yes but i'm saying if your username wasn't Holmes and was Homes<script> then that's where htmlentities() come in!
 
Weasel

Weasel

👄 I'd intercept me
Nov 25, 2011
4,135
2,461
Kyle said:
Yes but i'm saying if your username wasn't Holmes and was Homes<script> then that's where htmlentities() come in!
Click to expand...
Well, actually thats where strip_tags and mysql_real_escape_string come in. So please don't start to judge a code if you don't have your facts straight.
You must be registered for see links
(Alam) is a great coder, and he wouldn't release an un-safe script.
 
Derpec

Derpec

Retrosetups.com | Professional, Reliable, Setups
Feb 21, 2012
658
92
Dobby said:
nothing is working guys.... and changing the login/index page to that just gives me the errors


Notice: Undefined index: username in C:\xampp\htdocs\login.php on line 6

Notice: Undefined index: password in C:\xampp\htdocs\login.php on line 7

Notice: Undefined index: user in C:\xampp\htdocs\login.php on line 50
Click to expand...

It's not that hard to fix this. Simply install xampp 1.7.4 and then there you go :)
 

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
☀️  Switch to Light Theme

Latest posts

Top