My files are hosted at http://myproject.6te.net/.
After account creation it sends the activation link on the email. But the link that is sent to email will not be able to activate the account.
There is need to activate the account from the database server etc. or what other problem.
I am following the tutorial at http://youhack.me/2010/04/01/building-a-registration-system-with-email-verification-in-php/
Be aware that the code in that tutorial is vulnerable to SQL Injection attacks. The golden rule is to never let any user submitted data anywhere near to the database until it has been sanitized and escaped (preferably using prepared statements).
My Dear,
Kindly suggest the solution in the above scenario how to avoid SQL injection attacks .Please suggest a feasible solution.
thanks
best regards
adnan shahid
please now check the code as well as database that i already provided to you.
what is/are the problems now and what suggestions.
also i added the user database file in the hosting directory.
the is need of that file or not .
forgot.php
<?php session_start();
include "connect.php"; //connects to the database
if (isset($_POST['email'])){
$email = $_POST['email'];
$query="select * from user where email='$email'";
$result = mysql_query($query);
$count=mysql_num_rows($result);
// If the count is equal to one, we will send message other wise display an error message.
if($count==1)
{
$rows=mysql_fetch_array($result);
$pass = $rows['password'];//FETCHING PASS
//echo "your pass is ::".($pass)."";
$to = $rows['email'];
//echo "your email is ::".$email;
//Details for sending E-mail
$from = "Map My Way";
$url = "http://myproject.6te.net";
$body = "Map My Way password recovery Script
-----------------------------------------------
Url : $url;
email Details is : $to;
Here is your password : $pass;
Sincerely,
Coding Cyber";
$from = "adnansh89ahi@gmail.com";
$subject = "Map My Way Password recovered";
$headers1 = "From: $from\
";
$headers1 .= "Content-type: text/html;charset=iso-8859-1\\r\
";
$headers1 .= "X-Priority: 1\\r\
";
$headers1 .= "X-MSMail-Priority: High\\r\
";
$headers1 .= "X-Mailer: Just My Server\\r\
";
$sentmail = mail ( $to, $subject, $body, $headers1 );
} else
{
echo "<span style='color: #ff0000;'> Not found your email in our database</span>";
}
}
//If the message is sent successfully, display sucess message otherwise display an error message.
if($sentmail==1)
{
echo "<span style='color: #ff0000;'> Your Password Has Been Sent To Your Email Address.</span>";
}
else
{
if($_POST['email']!="")
echo "<span style='color: #ff0000;'> Cannot send password to your e-mail address.Problem with sending mail...</span>";
}
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="style.css" />
<title>CodingCyber - Simple Script to send Forgotten password</title>
</head>
<body>
<div class="register-form">
<?php
if(isset($msg) & !empty($msg)){
echo $msg;
}
?>
<h1>Forgot Password</h1>
<form action="" method="POST">
<p><label>User Name : </label>
<input id="email" type="text" name="email" placeholder="email" /></p>
<input class="btn register" type="submit" name="submit" value="Submit" />
</form>
</div>
</body>
</html>
connect.php
<?php
$connection = mysql_connect('localhost', '*****', '*****','*****');
if (!$connection){
die("Database Connection Failed" . mysql_error());
}
$select_db = mysql_select_db('*****');
if (!$select_db){
die("Database Selection Failed" . mysql_error());
}
user.sql
-- phpMyAdmin SQL Dump
-- version 4.0.4
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Dec 15, 2013 at 05:45 PM
-- Server version: 5.6.12-log
-- PHP Version: 5.4.16
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
--
-- Database: `test`
--
-- --------------------------------------------------------
--
-- Table structure for table `user`
--
CREATE TABLE IF NOT EXISTS `user` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(255) NOT NULL,
`email` varchar(255) NOT NULL,
`password` varchar(255) NOT NULL,
`active` tinyint(1) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `username` (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=5 ;
--
-- Dumping data for table `user`
--
INSERT INTO `user` (`id`, `email`, `email`, `password`, `active`) VALUES
(2, '819903', '', 'password', 0),
(3, 'info', '', '819903', 0),
(4, 'test1', 'adnanshahid89@gmail.com', '819903', 0);
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
thanks
good morning
Ok so, first of all, never keep your passwords in clear text.
You must hash all your passwords (sha1 + add salt) and, for the forget password script you have to:
- generate a new password
- keep into a variable the old hashed password
- update the users table with the new hashed password
- try to send an email with the new generated (clean, not hashed) password
- if the email fails, update the users table with the old password and trigger an error
In your last post I cannot see any activation page/script so, I don’t understand what’s the issue.
Do you get any error, did you try to make a debug.
First, you say that you have an activation problem and the last post is with the recover password script.
So, what is the issue?
I think you should consider scrapping the whole lot and finding better.
The code is using deprecated mysql functions and doesn’t appear to be taking security measures.
The email code is open to header injection and could be used to send SPAM from your server.
my dear,
now i made the following changes in the code and following changes are observed as problems.
<?php
ob_start();
session_start();
if(!isset($_SESSION['Username'])){
header("Location: login.php");
}
?>
<?php
session_start();
if(!($_SESSION['id']==session_id()))
header('location:index.html');
if(!(isset($_SESSION['id'])))
header("Location: login.php");
echo "<html>";
echo "<head><title>SUCCESSFULLY LOGGED IN TO MAP MY WAY</title></head>";
echo "<body>";
echo "<font color='maroon'><center><h1>BCA Board</h1></center><table border=1 bgcolor='lightgreen' height=600 width=900>";
echo "<th>Comment</th><th>Author</th><th>DisplayPic</th>";
$con=odbc_connect('localhost','819903',' adnanno1');
if(!$con)
echo "not connected";
$qry="select * from members";
$rs=odbc_exec($con,$qry);
$uname=$_SESSION["unm"];
while(odbc_fetch_row($rs))
{
echo "<tr>";
$dis=odbc_result($rs,3);
if($dis=="")
$dis="displaypic/anonymous.jpg";
echo "<td width='500'>".odbc_result($rs,2)."</td><td>".odbc_result($rs,1)."</td><td><img src='$dis' width=100 height=100></td>";
if($uname==odbc_result($rs,1))
echo "<td><form action='deletepost.php' method='post'><input type='hidden' name='delpost' value='".odbc_result($rs,2)."'><input type='submit' value='Delete'></form></td>";
}
echo "</table>";
echo "<center><form name='myform' action='addpost.php' method='post'><textarea rows='5' cols='40' name='msg'></textarea><br><input type='submit' value='Discuss'></form></center>";
echo "<br>";
echo "<center>";
echo "</center>";
echo "</body>";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Member Area </title>
<style type="text/css">
.success {
border: 1px solid;
margin: 0 auto;
padding:10px 5px 10px 60px;
background-repeat: no-repeat;
background-position: 10px center;
font-weight:bold;
width:450px;
color: #4F8A10;
background-color: #DFF2BF;
background-image:url('images/success.png');
}
</style>
</head>
<body>
<div class="success">Welcome , <?php echo $_SESSION['Username'] ; ?></div>
</body>
</html>
this is addpost.php
<?php
session_start();
if(!($_SESSION['id']==session_id()))
header('location:index.html');
if(!(isset($_SESSION['id'])))
header('location:index.html');
$con=odbc_connect('localhost','819903','adnanno1');
$msg=$_POST["msg"];
if(!$con)
echo "not connected";
$email=$_SESSION["unm"];
$qry="select * from members where email='$email'";
$rs=odbc_exec($con,$qry);
if(!$rs)
echo "record addition failed";
$displ=odbc_result($rs,7);
$qry="insert into forum values('$email','$msg','$displ')";
$rs=odbc_exec($con,$qry);
if(!$rs)
echo "record addition failed";
?>
and this is deletepost.php
<?php
session_start();
if(!($_SESSION['id']==session_id()))
header('location:index.html');
if(!(isset($_SESSION['id'])))
header('location:index.html');
$msg=$_POST["delpost"];
$con=odbc_connect('localhost','819903','adnanno1');
$qry="delete from forum where comment='$msg'";
$rs=odbc_exec($con,$qry);
if(!$rs)
echo "no record deleted";
?>
my dear,
I want to add the home page to my existing system .
The first file is login.php that works fine when the following code is not added into that and logg inn successfully.
but when the following code is added that uses other two files the lgg in stops working and nothing happen.
you can check at here.
www.myproject.6te.net
<?php
session_start();
if(!($_SESSION[‘id’]==session_id()))
header(‘location:index.html’);
if(!(isset($_SESSION[‘id’])))
header(“Location: login.php”);
echo “<html>”;
echo “<head><title>SUCCESSFULLY LOGGED IN TO MAP MY WAY</title></head>”;
echo “<body>”;
echo “<font color=‘maroon’><center><h1>BCA Board</h1></center><table border=1 bgcolor=‘lightgreen’ height=600 width=900>”;
echo “<th>Comment</th><th>Author</th><th>DisplayPic</th>”;
$con=odbc_connect(‘localhost’,‘819903’,’ adnanno1’);
if(!$con)
echo “not connected”;
$qry=“select * from members”;
$rs=odbc_exec($con,$qry);
$uname=$_SESSION[“unm”];
while(odbc_fetch_row($rs))
{
echo “<tr>”;
$dis=odbc_result($rs,3);
if($dis==“”)
$dis=“displaypic/anonymous.jpg”;
echo “<td width=‘500’>”.odbc_result($rs,2).“</td><td>”.odbc_result($rs,1).“</td><td><img src=‘$dis’ width=100 height=100></td>”;
if($uname==odbc_result($rs,1))
echo “<td><form action=‘deletepost.php’ method=‘post’><input type=‘hidden’ name=‘delpost’ value='”.odbc_result($rs,2).“'><input type=‘submit’ value=‘Delete’></form></td>”;
}
echo “</table>”;
echo “<center><form name=‘myform’ action=‘addpost.php’ method=‘post’><textarea rows=‘5’ cols=‘40’ name=‘msg’></textarea><br><input type=‘submit’ value=‘Discuss’></form></center>”;
echo “<br>”;
echo “<center>”;
echo “</center>”;
echo “</body>”;
?>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=“http://www.w3.org/1999/xhtml”>
<head>
<meta http-equiv=“Content-Type” content=“text/html; charset=utf-8” />
<title>Member Area </title>
<style type=“text/css”>
.success {
border: 1px solid;
margin: 0 auto;
padding:10px 5px 10px 60px;
background-repeat: no-repeat;
background-position: 10px center;
font-weight:bold;
width:450px;
color: #4F8A10;
background-color: #DFF2BF;
background-image:url(‘images/success.png’);
}
this is addpost.php
<?php
session_start();
if(!($_SESSION[‘id’]==session_id()))
header(‘location:index.html’);
if(!(isset($_SESSION[‘id’])))
header(‘location:index.html’);
$con=odbc_connect(‘localhost’,‘819903’,‘adnanno1’);
$msg=$_POST[“msg”];
if(!$con)
echo “not connected”;
$email=$_SESSION[“unm”];
$qry=“select * from members where email=‘$email’”;
$rs=odbc_exec($con,$qry);
if(!$rs)
echo “record addition failed”;
$displ=odbc_result($rs,7);
$qry=“insert into forum values(‘$email’,‘$msg’,‘$displ’)”;
$rs=odbc_exec($con,$qry);
if(!$rs)
echo “record addition failed”;
?>
and this is deletepost.php
<?php
session_start();
if(!($_SESSION[‘id’]==session_id()))
header(‘location:index.html’);
if(!(isset($_SESSION[‘id’])))
header(‘location:index.html’);
$msg=$_POST[“delpost”];
$con=odbc_connect(‘localhost’,‘819903’,‘adnanno1’);
$qry=“delete from forum where comment=‘$msg’”;
$rs=odbc_exec($con,$qry);
if(!$rs)
echo “no record deleted”;
?>
actually this is the added code and latter files that uses the code.
sorry the first full code is added by mistake.
<?php
session_start();
if(!($_SESSION['id']==session_id()))
header('location:index.html');
if(!(isset($_SESSION['id'])))
header("Location: login.php");
echo "<html>";
echo "<head><title>SUCCESSFULLY LOGGED IN TO MAP MY WAY</title></head>";
echo "<body>";
echo "<font color='maroon'><center><h1>BCA Board</h1></center><table border=1 bgcolor='lightgreen' height=600 width=900>";
echo "<th>Comment</th><th>Author</th><th>DisplayPic</th>";
$con=odbc_connect('localhost','819903',' adnanno1');
if(!$con)
echo "not connected";
$qry="select * from members";
$rs=odbc_exec($con,$qry);
$uname=$_SESSION["unm"];
while(odbc_fetch_row($rs))
{
echo "<tr>";
$dis=odbc_result($rs,3);
if($dis=="")
$dis="displaypic/anonymous.jpg";
echo "<td width='500'>".odbc_result($rs,2)."</td><td>".odbc_result($rs,1)."</td><td><img src='$dis' width=100 height=100></td>";
if($uname==odbc_result($rs,1))
echo "<td><form action='deletepost.php' method='post'><input type='hidden' name='delpost' value='".odbc_result($rs,2)."'><input type='submit' value='Delete'></form></td>";
}
echo "</table>";
echo "<center><form name='myform' action='addpost.php' method='post'><textarea rows='5' cols='40' name='msg'></textarea><br><input type='submit' value='Discuss'></form></center>";
echo "<br>";
echo "<center>";
echo "</center>";
echo "</body>";
?>
this is index.php
<?php
include ('database_connection.php');
if (isset($_POST['formsubmitted'])) {
$error = array();//Declare An Array to store any error message
if (empty($_POST['name'])) {//if no name has been supplied
$error[] = 'Please Enter a name ';//add to array "error"
} else {
$name = $_POST['name'];//else assign it a variable
}
if (empty($_POST['e-mail'])) {
$error[] = 'Please Enter your Email ';
} else {
if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\\._-]+)+$/", $_POST['e-mail'])) {
//regular expression for email validation
$Email = $_POST['e-mail'];
} else {
$error[] = 'Your EMail Address is invalid ';
}
}
if (empty($_POST['Password'])) {
$error[] = 'Please Enter Your Password ';
} else {
$Password = $_POST['Password'];
}
if (empty($error)) //send to Database if there's no error '
{ // If everything's OK...
// Make sure the email address is available:
$query_verify_email = "SELECT * FROM members WHERE Email ='$Email'";
$result_verify_email = mysqli_query($dbc, $query_verify_email);
if (!$result_verify_email) {//if the Query Failed ,similar to if($result_verify_email==false)
echo ' Database Error Occured ';
}
if (mysqli_num_rows($result_verify_email) == 0) { // IF no previous user is using this email .
// Create a unique activation code:
$activation = md5(uniqid(rand(), true));
$query_insert_user = "INSERT INTO `members` ( `Username`, `Email`, `Password`, `Activation`) VALUES ( '$name', '$Email', '$Password', '$activation')";
$result_insert_user = mysqli_query($dbc, $query_insert_user);
if (!$result_insert_user) {
echo 'Query Failed ';
}
if (mysqli_affected_rows($dbc) == 1) { //If the Insert Query was successfull.
// Send the email:
$message = " To activate your account, please click on this link:\
\
";
$message .= WEBSITE_URL . '/activate.php?email=' . urlencode($Email) . "&key=$activation";
mail($Email, 'Registration Confirmation', $message, 'From: [email]adnanshahid89@gmail.com[/email]');
// Flush the buffered output.
// Finish the page:
echo '<div class="success">Thank you for
registering! A confirmation email
has been sent to '.$Email.' Please click on the Activation Link to Activate your account </div>';
} else { // If it did not run OK.
echo '<div class="errormsgbox">You could not be registered due to a system
error. We apologize for any
inconvenience.</div>';
}
} else { // The email address is not available.
echo '<div class="errormsgbox" >That email
address has already been registered.
</div>';
}
} else {//If the "error" array contains error msg , display them
echo '<div class="errormsgbox"> <ol>';
foreach ($error as $key => $values) {
echo ' <li>'.$values.'</li>';
}
echo '</ol></div>';
}
mysqli_close($dbc);//Close the DB Connection
} // End of the main Submit conditional.
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<h1>WELCOME TO MAP MY WAY</h1>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Registration Form</title>
<style type="text/css">
body {
font-family:"Lucida Grande", "Lucida Sans Unicode", Verdana, Arial, Helvetica, sans-serif;
font-size:12px;
}
.registration_form {
margin:0 auto;
width:500px;
padding:14px;
}
label {
width: 10em;
float: left;
margin-right: 0.5em;
display: block
}
.submit {
float:right;
}
fieldset {
background:#EBF4FB none repeat scroll 0 0;
border:2px solid #B7DDF2;
width: 500px;
}
legend {
color: #fff;
background: #80D3E2;
border: 1px solid #781351;
padding: 2px 6px
}
.elements {
padding:10px;
}
p {
border-bottom:1px solid #B7DDF2;
color:#666666;
font-size:11px;
margin-bottom:20px;
padding-bottom:10px;
}
a{
color:#0099FF;
font-weight:bold;
}
/* Box Style */
.success, .warning, .errormsgbox, .validation {
border: 1px solid;
margin: 0 auto;
padding:10px 5px 10px 50px;
background-repeat: no-repeat;
background-position: 10px center;
font-weight:bold;
width:450px;
}
.success {
color: #4F8A10;
background-color: #DFF2BF;
background-image:url('images/success.png');
}
.warning {
color: #9F6000;
background-color: #FEEFB3;
background-image: url('images/warning.png');
}
.errormsgbox {
color: #D8000C;
background-color: #FFBABA;
background-image: url('images/error.png');
}
.validation {
color: #D63301;
background-color: #FFCCBA;
background-image: url('images/error.png');
}
</style>
</head>
<body>
<form action="index.php" method="post" class="registration_form">
<fieldset>
<legend>Registration Form </legend>
<p>Create A new Account <span style="background:#EAEAEA none repeat scroll 0 0;line-height:1;margin-center:210px;;padding:5px 7px;">
ALREADY HAVE AN ACCOUNT? <a href="login.php">Log in</a></span> </p>
<div class="elements">
<label for="name">First Name :</label>
<input type="text" id="name" name="name" size="25" />
</div>
<div class="elements">
<label for="name">Last Name :</label>
<input type="text" id="name" name="name" size="25" />
</div>
<div class="elements">
<label for="e-mail">E-mail :</label>
<input type="text" id="e-mail" name="e-mail" size="25" />
</div>
<div class="elements">
<label for="Password">Password:</label>
<input type="password" id="Password" name="Password" size="25" />
</div>
<div class="elements">
<label for="Password">Confirm Password:</label>
<input type="password" id="Password" name="Password" size="25" />
</div>
<div class="submit">
<input type="hidden" name="formcancel" value="FALSE" />
<input type="submit" value="Cancel" />
</div>
<div class="submit">
<input type="hidden" name="formsubmitted" value="TRUE" />
<input type="submit" value="Register" />
</div>
<p> <span style="background:#EAEAEA none repeat scroll 0 0;line-height:1;margin-center:210px;;padding:5px 7px;">
Forgot Your Password? <a href="forgot.php">Recover Password</a></span> </p>
</fieldset>
</form>
Go Back to <a href="#">Account Verification on sign up</a>
</body>
</html>
this is login.php
<?php
include ('database_connection.php');
if (isset($_POST['formsubmitted'])) {
// Initialize a session:
session_start();
$error = array();//this aaray will store all error messages
if (empty($_POST['e-mail'])) {//if the email supplied is empty
$error[] = 'You forgot to enter your Email ';
} else {
if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\\._-]+)+$/", $_POST['e-mail'])) {
$Email = $_POST['e-mail'];
} else {
$error[] = 'Your EMail Address is invalid ';
}
}
if (empty($_POST['Password'])) {
$error[] = 'Please Enter Your Password ';
} else {
$Password = $_POST['Password'];
}
if (empty($error))//if the array is empty , it means no error found
{
$query_check_credentials = "SELECT * FROM members WHERE (Email='$Email' AND password='$Password') AND Activation IS NULL";
$result_check_credentials = mysqli_query($dbc, $query_check_credentials);
if(!$result_check_credentials){//If the QUery Failed
echo 'Query Failed ';
}
if (@mysqli_num_rows($result_check_credentials) == 1)//if Query is successfull
{ // A match was made.
$_SESSION = mysqli_fetch_array($result_check_credentials, MYSQLI_ASSOC);//Assign the result of this query to SESSION Global Variable
header("Location: page.php");
}else
{
$msg_error= 'Either Your Account is inactive or Email address /Password is Incorrect';
}
} else {
echo '<div class="errormsgbox"> <ol>';
foreach ($error as $key => $values) {
echo ' <li>'.$values.'</li>';
}
echo '</ol></div>';
}
if(isset($msg_error)){
echo '<div class="warning">'.$msg_error.' </div>';
}
/// var_dump($error);
mysqli_close($dbc);
} // End of the main Submit conditional.
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login Form</title>
<style type="text/css">
body {
font-family:"Lucida Grande", "Lucida Sans Unicode", Verdana, Arial, Helvetica, sans-serif;
font-size:12px;
}
.registration_form {
margin:0 auto;
width:500px;
padding:14px;
}
label {
width: 10em;
float: left;
margin-right: 0.5em;
display: block
}
.submit {
float:right;
}
fieldset {
background:#EBF4FB none repeat scroll 0 0;
border:2px solid #B7DDF2;
width: 500px;
}
legend {
color: #fff;
background: #80D3E2;
border: 1px solid #781351;
padding: 2px 6px
}
.elements {
padding:10px;
}
p {
border-bottom:1px solid #B7DDF2;
color:#666666;
font-size:11px;
margin-bottom:20px;
padding-bottom:10px;
}
a{
color:#0099FF;
font-weight:bold;
}
/* Box Style */
.success, .warning, .errormsgbox, .validation {
border: 1px solid;
margin: 0 auto;
padding:10px 5px 10px 60px;
background-repeat: no-repeat;
background-position: 10px center;
font-weight:bold;
width:450px;
}
.success {
color: #4F8A10;
background-color: #DFF2BF;
background-image:url('images/success.png');
}
.warning {
color: #9F6000;
background-color: #FEEFB3;
background-image: url('images/warning.png');
}
.errormsgbox {
color: #D8000C;
background-color: #FFBABA;
background-image: url('images/error.png');
}
.validation {
color: #D63301;
background-color: #FFCCBA;
background-image: url('images/error.png');
}
</style>
</head>
<body>
<form action="login.php" method="post" class="registration_form">
<fieldset>
<legend>Login Form </legend>
<p>Enter Your username and Password Below </p>
<div class="elements">
<label for="name">Email :</label>
<input type="text" id="e-mail" name="e-mail" size="25" />
</div>
<div class="elements">
<label for="Password">Password:</label>
<input type="password" id="Password" name="Password" size="25" />
</div>
<div class="submit">
<input type="hidden" name="formsubmitted" value="TRUE" />
<input type="submit" value="Login" />
</div>
</fieldset>
</form>
Go Back to <a href="#">Account Verification on sign up</a>
</body>
</html>
this is page.php
<?php
ob_start();
session_start();
if(!isset($_SESSION['Username'])){
header("Location: login.php");
}
?>
<?php
session_start();
if(!($_SESSION['id']==session_id()))
header('location:index.html');
if(!(isset($_SESSION['id'])))
header("Location: login.php");
echo "<html>";
echo "<head><title>SUCCESSFULLY LOGGED IN TO MAP MY WAY</title></head>";
echo "<body>";
echo "<font color='maroon'><center><h1>BCA Board</h1></center><table border=1 bgcolor='lightgreen' height=600 width=900>";
echo "<th>Comment</th><th>Author</th><th>DisplayPic</th>";
$con=odbc_connect('localhost','819903',' adnanno1');
if(!$con)
echo "not connected";
$qry="select * from members";
$rs=odbc_exec($con,$qry);
$uname=$_SESSION["unm"];
while(odbc_fetch_row($rs))
{
echo "<tr>";
$dis=odbc_result($rs,3);
if($dis=="")
$dis="displaypic/anonymous.jpg";
echo "<td width='500'>".odbc_result($rs,2)."</td><td>".odbc_result($rs,1)."</td><td><img src='$dis' width=100 height=100></td>";
if($uname==odbc_result($rs,1))
echo "<td><form action='deletepost.php' method='post'><input type='hidden' name='delpost' value='".odbc_result($rs,2)."'><input type='submit' value='Delete'></form></td>";
}
echo "</table>";
echo "<center><form name='myform' action='addpost.php' method='post'><textarea rows='5' cols='40' name='msg'></textarea><br><input type='submit' value='Discuss'></form></center>";
echo "<br>";
echo "<center>";
echo "</center>";
echo "</body>";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Member Area </title>
<style type="text/css">
.success {
border: 1px solid;
margin: 0 auto;
padding:10px 5px 10px 60px;
background-repeat: no-repeat;
background-position: 10px center;
font-weight:bold;
width:450px;
color: #4F8A10;
background-color: #DFF2BF;
background-image:url('images/success.png');
}
</style>
</head>
<body>
<div class="success">Welcome , <?php echo $_SESSION['Username'] ; ?></div>
</body>
</html>
this is addpost.php
<?php
session_start();
if(!($_SESSION['id']==session_id()))
header('location:index.html');
if(!(isset($_SESSION['id'])))
header('location:index.html');
$con=odbc_connect('localhost','819903','adnanno1');
$msg=$_POST["msg"];
if(!$con)
echo "not connected";
$email=$_SESSION["unm"];
$qry="select * from members where email='$email'";
$rs=odbc_exec($con,$qry);
if(!$rs)
echo "record addition failed";
$displ=odbc_result($rs,7);
$qry="insert into forum values('$email','$msg','$displ')";
$rs=odbc_exec($con,$qry);
if(!$rs)
echo "record addition failed";
?>
this is deletepost.php
<?php
session_start();
if(!($_SESSION['id']==session_id()))
header('location:index.html');
if(!(isset($_SESSION['id'])))
header('location:index.html');
$msg=$_POST["delpost"];
$con=odbc_connect('localhost','819903','adnanno1');
$qry="delete from forum where comment='$msg'";
$rs=odbc_exec($con,$qry);
if(!$rs)
echo "no record deleted";
?>