just been going through the code u sent for changing the password. What exactly in that do I need to change? I obviously changed the connection info in changepass.php and then it goes to this link:

www.dark-skys.com/join

Basically I am not sure what to change there, and how to make the form so that I can change the password info?

Thanks, and sorry for all the questions!

Andy

The.. http://www.dark-skys.com/join needs to be changed to the page that the user will be taken to if they are not logged in and the session is not registered.

PHP Code:

if (!session_is_registered("userid")) 
{ 
header("Location: http://www.dark-skys.com/join"); 
exit; 


Also the form for changing the password is in the password.php file..

Although Im going to change this so that you have to enter the pasword twice and it checks it..So ill probally work on this tommorrow and i'll keep you upto date

Also..actually change the changepass.php to..

PHP Code:

<? 
session_start(); 

include 'db.php';

switch($_POST['change']){ 
    default: include 'password.php'; 
    break; 
      
    case "change": 
    ($_POST['userid']); 
    break; 
} 
    if(!$pass){ 
        echo "<strong><font color=red>Please enter a Password</font></strong><br />"; 
        include 'password.php'; 
        exit(); 
} 

     $password = $pass; 

    $db_password = md5($password); 
      
    $sql = mysql_query("UPDATE users SET PASSWORD='$db_password' 
                WHERE userid='$userid'"); 
      
    $subject = "Password Changed"; 
    $message = "<font face='Verdana' size='3'>Hi $first_name, Your password has now been changed</br></br> 
New Password: <b>$pass</b></br> 
Use this password to login in future</br></br> 
Thanks!</br> 
</br></br></font>"; 
      
    mail($email_address, $subject, $message, "From: \" Name \" <you@site.com>\nContent-Type: text/html; charset=iso-8859-1 X-Mailer: chfeedback.php 2.01"); 
    echo "Your Password has now been changed to <b>$pass</b></br></br>Auto-Logout : Please login using your new password</br>"; 
    include 'login.htm'; 
session_destroy(); 

?>

-James

You said that I have to put this:

PHP Code:

$_SESSION['email_address'] = $email_address; 
        session_register('userid'); 
        $_SESSION['userid'] = $userid; 
        session_register('username'); 


into the login.php script is this correct. Just because at the moment there is nothing in that file, I have just noticed, so is that all that goes in it, or does it go in another file. Sorry am just a bit confused, was too tired to do it last night!

Andy

You need to add them to the list of the other session variables in the login.php file..

If you prefer you can post the code for login.php and I will add them for you

-James

Well thats what I dont get...my login.php file is absolutely empty. There is no letters, numbers or code in the file. I use the login_form to login, and I cant actually see which script it calls it in. Should there be something in there?

Everything works fine though at present, but I cant seem to get the password changing thing to run...this is probably why.

Andy

I think its because I renamed all mine Sorry

You got a file called checkuser.php??

If you have you need to add the session variables in there or post the code and i can do it for you

-James

Yes Iv posted it here:

PHP Code:

<?
/* Check User Script */
session_start();  // Start Session

include 'db.php';
// Conver to simple variables
$username = $_POST['username'];
$password = $_POST['password'];

if((!$username) || (!$password)){
    echo "Please enter ALL of the information! <br />";
    include 'login_form.html';
    exit();
}

// Convert password to md5 hash
$password = md5($password);

// check if the user info validates the db
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'");
$login_check = mysql_num_rows($sql);

if($login_check > 0){
    while($row = mysql_fetch_array($sql)){
    foreach( $row AS $key => $val ){
        $$key = stripslashes( $val );
    }
        // Register some session variables!
        session_register('first_name');
        $_SESSION['first_name'] = $first_name;
        session_register('last_name');
        $_SESSION['last_name'] = $last_name;
        session_register('email_address');
        $_SESSION['email_address'] = $email_address;
        session_register('special_user');
        $_SESSION['user_level'] = $user_level;
        
        mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");
        
        header("Location: login_success.php");
    }
} else {
    echo "You could not be logged in! Either the username and password do not match or you have not validated your membership!<br />
    Please try again!<br />";
    include 'login_form.html';
}
?>

So where exactly on this one would I put in the code?

Andy

It needs to be added to the list just after where it says..

// Register some session variables!


So I've aded them and it should work

PHP Code:

<? 
/* Check User Script */ 
session_start();  // Start Session 

include 'db.php'; 
// Conver to simple variables 
$username = $_POST['username']; 
$password = $_POST['password']; 

if((!$username) || (!$password)){ 
    echo "Please enter ALL of the information! <br />"; 
    include 'login_form.html'; 
    exit(); 
} 

// Convert password to md5 hash 
$password = md5($password); 

// check if the user info validates the db 
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'"); 
$login_check = mysql_num_rows($sql); 

if($login_check > 0){ 
    while($row = mysql_fetch_array($sql)){ 
    foreach( $row AS $key => $val ){ 
        $$key = stripslashes( $val ); 
    } 
        // Register some session variables! 
        session_register('first_name'); 
        $_SESSION['first_name'] = $first_name; 
        session_register('last_name'); 
        $_SESSION['last_name'] = $last_name; 
        session_register('email_address'); 
        $_SESSION['email_address'] = $email_address; 
        session_register('special_user'); 
        $_SESSION['user_level'] = $user_level;
  session_register('userid'); 
        $_SESSION['userid'] = $userid; 
         
        mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'"); 
         
        header("Location: login_success.php"); 
    } 
} else { 
    echo "You could not be logged in! Either the username and password do not match or you have not validated your membership!<br /> 
    Please try again!<br />"; 
    include 'login_form.html'; 
} 
?>

Hope this helps

-James

Finally all done! lol

Thanks for all your help

Andy

Quote:

Originally Posted by Dark-Skys99

PHP allows you to so much more...

I have an Ebook on PHP & MySQL i can mail it you if you want?

-James

Actually, I could use a copy. I'm trying to rewrite a registration script to look at a file for its password list instead of in a database. These are for ebooks with 1,000 passwords in each ebook -- wouldn't it be faster to parse through a file with the passwords for that ebook instead of a database that would require 1,000+ fields per ebook listing? Not to mention the extra overhead you're talking about.... Yes, I know, that password.user # data still has to be saved to the database, but that's a simple read/write function (I think.)

I've used Linux for a few years, and PHP/MySQL for about a year. I am new to PHP programming, but I used to program in dBase III+ "back in the day." I just need some decent primers on PHP programming. Can you open more than one database at a time from a PHP script? dBase let you, so I see no reason in the universe why you couldn't here too. (This is so the registration program can verify user information from the ecommerce program, without having to write 400 lines of code to integrate the two -- just need to be able to lookup the data conditionally; it doesn't have to modify a thing in the ecommerce database - could limit the registration program user to read-only in the ecommerce database, for that matter.)