Virtual-Instructor

August 1, 2011

Basically, the salt is there to make the user's chosen password a bit more secure when stored within the database. You are concatenating the user's input ($input['pass']) with the salt ($config['salt']) and then doing the md5 encryption on the entire string, which then converts it to a 32 character string.

An example:

salt: 4jdJhdv?l

user's password: admin

so you are binding md5("admin4jdJhdv?l") into the MySQLi statement.

Ok that clears things up a bit more. Now I just two follow on questions and I should be good.

1. What does the actual encryption, the md5 or the salt. In this case it seems like it would be the md5.

2. Does the same salt work for all user passwords, or do I have to generate another salt for each password that is loaded to the dbase?

August 1, 2011

$stmt->bind_param("ss", $input['user'], md5($input['pass'] . $config['salt']));

How about a little clarification here. I've got a pretty firm grip on sql statments and binding the parameters. In this example the addition of the . $config['salt'] is making me take a double take. We set the md5 up in the temp folder then used that code in the config.php. If we are setting the string as an md5, why do we need to append the string with .$config['salt']?

md5($input['pass'] . $config['salt'])). I am assuming that the md5 is telling php that this is an encrypted input and for the input we will use the pass variable that we assigned; that makes sence. Adding the . $config['salt'] to the statement tells me that while we have 32 characters, our password is only 5, therefore we will fill in the remaining 27 with the remainder of the random string. This is the way that I am seeing this work in my mind, but I'm not sure if that is correct. Can someone help me out on this one?

August 1, 2011

Yeah that was it. I'll try walking away from time to time.

August 1, 2011

Ok this should be working, but for some reason I can't get it to work. I'm trying to work through video 4 of the login series. I've got a pretty good idea of what is going on, but when it comes to the log in errror in refrence to the username and password, I can't seem to get the page to display correctly. I've attached what I get when I enter in the wrong username and password. Below I have copied the code that I am using.

if (isset($_POST['submit']))

{

//Process the form

if($_POST['usernmae'] == '' || $_POST['password'] == '')

{

//both fields need to be filled in

if ($_POST['username'] == '') {$error['user'] = 'required!';}

if ($_POST['password'] == '') {$error['pass'] = 'required!';}

$error['alert'] = 'Please fill in the Required Fields';

$input['user'] = $_POST['username'];

$input['pass'] = $_POST['password'];

include('views/v_login.php');

}

else

{

$input['user'] = htmlentities($_POST['username'], ENT_QUOTES);

$input['pass'] = htmlentities($_POST['password'], ENT_QUOTES);

// create query

if ($stmt = $mysqli->prepare("SELECT * FROM members WHERE username=? AND password=?"))

{

$stmt->bind_param("ss", $input['user'], md5($input['pass'] . $config['salt']));

$stmt->execute();

$stmt->store_result();

if ($stmt->num_rows > 0)

{

// set session variable

$_SESSION['username'] = $input['user'];

header('Location: members.php');

}

else

{

// username/password incorrect

$error['alert'] = "Username or password incorrect!";

include('views/v_login.php');

}

else

{

echo "ERROR: Could not prepare MySQLI statement.";

}

else

{

include('views/v_login.php');

}

?>

I'm not seeing any coding errors so this should work.

July 31, 2011

Sounds like what you are doing is fine so far. I wouldn't separate out that information unless you have a lot of personal information to store. I believe in video 17/18 I talk about creating different member roles, so that should help you out.

I figured as much, and I will be looking forward to those videos when I get there. On to part 4!

July 31, 2011

That's just standard CSS -- You need a ":" between the "background" and the color:
.alert { background: #feff96; border: 1px solid yellow; padding: 8px; margin-bottom: 20px; }

Ok I've got it now, I found the error. Thanks yet again.

July 31, 2011

Ok so now that I am working with PHP Logins I have a simple question to ask. The table that I have attached to this post is my members table. In the examples in the PHP Login videos the table contains an ID and a password. Here again I built this table with a little forethoght in mind. Because my site will incorperate several different levels of user, I needed to make sure that I could distinguish between the various roles and then display the appropriate information based on the data returned. What I would like to know is should I continue to use this table for my log in's, or should I keep that seperate. The reason that I ask this is because I will eventually be working with emails and I figured that grabbing that infromation would be very simple if I already have it stored on the dbase for the members table? Anyone have any insight on this?

members table.PDF

July 31, 2011

.alert { background #feff96; border: 1px solid yellow; padding: 8px; margin-bottom: 20px; }

This is the alert code on the style.css page.

July 29, 2011

Thanks. Ben to the rescue again. But it still won't display in solid yellow background?

July 29, 2011

I've made yet another error. Ben showed me once how to get rid of that index error, but I don't remember how. The other problem that I have as you will see by the attached file is that my yellow Alert box doesn't show. The actual text shows up, but for some reason the yellow box is missing.

style.css code

body { font-family: Arial; margin:0; }

h1 { background: green; padding: 20px; font-size: 1.2m; color: white; margin: 0 0 20px 0; }

#content { padding: 0 20px; }

.required { color: red; font-size: .8m; clear:both; padding-top: 20px; }

.error { float: left; color: red; display: block; padding: 4px 0 0 10px; font-size: .8m }

.alert { background" #feff96; border: 1px solid yellow; padding: 8px; margin-bottom: 20px; }

form { overflow: auto; }

label { float: left; clear: both; width: 160px; display: block; }

input { width: 220px; padding: 2px; margin-bottom: 4px; float: left; }

input.submit { float: left; clear:both; width: 80px; margin-top: 20px; }

v_login.php

<head>

</head>

<body>

<div>

<?php if($error['alert'] !='')

{ echo "<div class='alert'>" .$error['alert']."</div>"; } ?>

<label for='username'>Username: *</label>

<label for='password'>Password: *</label>

<p class="required"> * Required Fields</p>

</div>

</form>

</div>

</body>

</html>

login.php

// form defaults

$error['alert'] = '';

$error['user'] = '';

$error['pass'] = '';

$input['user'] = '';

$input['pass'] = '';

if (isset($_POST['submit']))

{

//Process the form

if($_POST['usernmae'] == '' || $_POST['password'] == '')

{

//both fields need to be filled in

if ($_POST['username'] == '') {$error['user'] = 'required!';}

if ($_POST['password'] == '') {$error['pass'] = 'required!';}

$error['alert'] = 'Please fill in the Required Fields';

$input['user'] = $_POST['username'];

$input['pass'] = $_POST['password'];

include('views/v_login.php');

}

else

{

include('views/v_login.php');

}

?>

Now I'm pretty sure that the error is somewhere between the style.css and v_login.php. Of course I could be wrong here, but anyone that has any insight, I would appriciate it if someone could explain this one to me.

July 28, 2011

*facepalm* LOL. I can't believe I did that. It's always something simple. :lol:

I think that we need to make an emoticon for my "DOH" moments. Thanks Ben, I'll give that a try just as soon as I get back to the house.

July 28, 2011

To both of our new members allow me to extend a warm welcome to you both. Mr.Magoo made a statement about asking questions. I can tell you from experiance that this community is a wealth of knowledge and has the best support staff that I have ever seen. Don't feel embarased to ask something if you don't understand, and when you get a good responce that helps you, vote the post up in the lower right corner, the contributor will appriciate it.

July 27, 2011

:huh: Ok I think I may have missed something but I need a little help in determining where. I'm going through the PHP Login videos right now and I'm on Part 3. I have double and tripple checked everything and still cannont find where I went wrong. I've been following Ben trhough the examples, but for some reason when I check the code in IE, I get what you see on the attached document. The error reporting is directing me back to line 11 of my login.php code, but I don't see where I did anything different than what Ben did, asside from all the notes that I have been taking. Anyone with any insight is welcome to comment.

<?php

/*

* LOGIN.PHP

* Log In Members

*/

// Query the dbase and make sure that the userneame and password that //the user has entered matches what the dbase has. If so set the session variable and direct the member on to the members page.

// Sessions are a way to store data along multiple pages. They are temporary so that they will be destroyed when either the destroy function is called or when the browser is closed. They work by temporarily setting a cookie on the users browser that uniqely identifies the users machine and allows them to interact with the server, the server will automatically save variable associated with the user.

// start session / load configs. This needs to be the first thing that the server see's. Spaces at the top of the document will cause problems.

$session_start();

//Include the needed files.

include('includes/config.php');

include('includes/db.php');

// form defaults

$error['alert'] = '';

$error['user'] = '';

$error['pass'] = '';

$input['user'] = '';

$input['pass'] = '';

include('views/v_login.php');

?>

session start line 11.PDF

July 25, 2011

:huh: I think I have throughly confussed myself :huh:

Ok so as of now I have established a page to view available training blocks. The table has a hyperlink to "Request Block", which then takes the user to the request schedule page (that code is below). What I am trying to do right now is pass some of the data from the actual record to the form itself which will display the infromation between the header tags. I spent a good deal of time trying to figure out how to get the information out, and I think that what I have right now should work if I have understood everything correctly. My problem is in setting the variables. (see the bolded code below) I'm having trouble trying to figure out how to grab the record id from the Available Training Blocks Page. I know that I am probably just dancing around the anwser, but I'm still so new at this I have a tendency to chase my tail as it were. Not all of the code is here because I'm not finished with it just yet, but if you want to see what I have, then please just let me know.

<?php

//Connect to the dbase.//

include('connection-db.php');

?>

<div>

<h1>

<?php if($id != '') { ?>

<?php }?>

<?php

//Set the Variables//

$mentorid = $my_sqli->query("SELECT mentor_id FROM schedule WHERE id = '?'");

$mentorname = $my_sqli->query("SELECT mentor_first_name FROM schedule WHERE id = '?'");

$date = $my_sqli->query("SELECT avail_date FROM schedule WHERE id = '?'");

$time = $my_sqli->query("SELECT start_time FROM schedule WHERE id = '?'");

if ($id != '')

{

echo "Request Training flight with" . $mentorid . " - " . $mentorname . "on" . $date . "beginning at" . $time .".";

}

else

{

echo "";

} ?>

</h1>

<label for='pilotid'>Pilot BVA ID:</label>

<label for='pilotname'>Pilot First Name:</label>

<label for='program'>Please Select Your Program:</label>

<label for='type'>Please Select a Flight Type:</label>

<label for='description'>Describe Flight Objective</label>

<label for='ac'>Please Select AC Type</label>

</div>

</form>

July 24, 2011

Then you have to manually modify the user's input after you have retrieved the $_POST data to ensure it's in the correct format. It could be as simple as doing this:

$time = $_POST['time']; // this assumes the user enters in "xx:xx";

$time = $time . ':00';

though it would probably be slightly more difficult than that since you can't necessarily assume the user will enter in both hours and minutes. If they just enter "14", it will be interpreted as 14 minutes, not 14 hours.

As I said earlier, your best bet on this is probably to use a select rather than a text input, and have the user select from a predefined list of options:

<select name="time">

...

<option value="12:00:00">12:00</option>

<option value="13:00:00">13:00</option>

<option value="14:00:00">14:00</option>

...

</select>

This has some more info on PHP's time functionality: http://www.tizag.com/mysqlTutorial/mysql-time.php

:bash: Ok this is getting complicated and now I feel like I'm getting nowhere. Try this one on for size.

I've been doing some reading, and it looks as though I can't do anything to alter the format in the dbase table. It is set that way it is and its not going to change. Rather than typing out dozens of lines of code to handle this issue for this single form, what if I started a new file and created the functions to handle these issues in that file, then called the function from the file for the form that I am working on. This way, I should be able to keep my code relatively clean and still accomplish my goal.

July 24, 2011

Corrected link (sorry, I forget that if I have a parenthesis right after the link, the forum includes the parenthesis within the link): http://php.net/manual/en/mysqli-stmt.bind-param.php

Sounds like the correct way forward is to use "i" -- it's just a matter of formatting that input into something that the database will be able to understand. I'll get back to you on this.

Thanks for the updated link, that time it worked. I tried using the integer method and that seemed to work, but when it loaded to the dbase it was in the way wrong format. Inputting 14:00 into the form, returned 00:00:14 in the dbase.

July 24, 2011

Can you give me an example of what sort of text the user might enter into that field? To be honest, I'd suggest converting those time inputs into dropdown selects if at all possible, so you can be sure of what sort of data the user will be entering.

If you look up the bind_param() function on php.net (http://php.net/manual/en/mysqli-stmt.bind-param.php) you'll notice you only have a couple options -- "i", "d", "s", "b". If you are expecting numbers, you'd probably want "i" for integer. If you are expecting a string (for example "2:00") this might be a bit trickier. I've always had a little bit of trouble dealing with dates in PHP, and knowing how to handle conversion between the different date formats.

Keep in mind -- ideally, you would want your PHP script to do some basic validation and ensure that the values that you are getting from the form are valid. For example, currently, if the user decided to enter in something invalid into the form (let's say text into a field where your script is expecting a number) it may cause errors when you try to run the database query. Ensuring that the user is providing valid values will help prevent errors and improve the user's experience.

Times will be handled in military time, or a 24 hour clock. 13:00, 15:00 and so on. I actually did try the integer method, but it displayed in the dbase all wrong, which leads me to believe that I would have a similar problem when extracting the information. I am of the opintioin that if I could find a way to format the infromation being inserted into the dbase then that would certainly help. But as a basic anwser to your question, the information will deffinately be integer in nature. What I would really like to do is to auto format the entry so that as they type it just naturally fills in. As I said before, right now, at this stage of my learning, I would just be happy making the functionality work, I can go back later and improve on it.

Oh and by the way, I tried clicking on the link that you sent me and it didn't work. Said that it wasn't available at this time.

July 24, 2011

Ben you are a Genius! :clap: Ok so then let me clarify so that I understand.

$my_sqli = new mysqli($server, $user, $pass, $db);

The bold text is a created variable and the italisized text is the actual command line to which we pass the previously established connection variables? If that is true could I then rename the $my_sqli variable to something like $dbconnection?

Moving on here. Ok so it would appear that I am getting closer. I have changed nothing in the dbase table but I am now getting a new error as you can see on the attached file. I'm pretty sure that I simply used the wrong data type here. But going off of your previous examples, I figured that the data type was simply the first letter of the data type. Both the start and stop variables are units of time as in hours of the day. Correcting one will probably lead to a correction of both and allow the data to be saved to the dbase.

time.PDF

July 24, 2011

what does your "connection-db.php" file look like? The error you are getting currently seems to indicate to me that you aren't connecting successfully to the database.

<?php

//Create the Variables for the db connection.

$server = 'localhost';

$user = 'root';

$pass = '';

$db = 'stc';

//Make the Connection.//

$my_sqli = new mysqli($server, $user, $pass, $db);

//Return any errors.//

mysqli_report(MYSQLI_REPORT_ERROR);

?>

This is the code that I use to connect to the db. It is based directly from the other connection that I established for another db that I built to work the examples in the videos.

July 24, 2011

what does your "connection-db.php" file look like? The error you are getting currently seems to indicate to me that you aren't connecting successfully to the database.

<?php

//Create the Variables for the db connection.

$server = 'localhost';

$user = 'root';

$pass = '';

$db = 'stc';

//Make the Connection.//

$my_sqli = new mysqli($server, $user, $pass, $db);

//Return any errors.//

mysqli_report(MYSQLI_REPORT_ERROR);

?>

This is the code that I use to connect to the db. It is based directly from the other connection that I established for another db that I built to work the examples in the videos.

July 23, 2011

I want to publicly thank Ben and Randy for all of their help so far. You guys have been invaluable, and I don't believe that I would understand this stuff as well as I do without both of your support. Thank you.

Ok so I think I'm getting close to making my first form work. I know I'm missing something but I'm not sure what. To make things easy, I have attached two files to this post, one is a snap shot of the table that I am working with, and the second one is the errors that I am getting.

Here is my code so far. :bash:

<?php

//Connect to the DBase

include('connection-db.php');

//Create the form after the php code, then handle the form with php.

?>

<div>

<label for="bvaid">Mentor BVA ID:</label>

<label for="first">First Name:</label>

<label for="date">Available Date:</label>

<label for="start">Start Time:</label>

</div>

</form>

<?php

//this is how I handle the form//..

if($_POST['submit'])

{

$id=$_POST['bva'];

$name=$_POST['name'];

$date=$_POST['date'];

$start=$_POST['start'];

$stop=$_POST['stop'];

echo "Name: " . $id . "<br />";

echo "First Name: " . $name . "<br />";

echo "Date Available: " . $date . "<br />";

echo "Start Time: " . $start . "<br />";

echo "Stop Time: " . $stop . "<br />";

if ($stmt = $mysqli->prepare("INSERT schedule (mentor_id, mentor_first_name, avail_date, start_time, stop_time) VALUES (?,?,?,?,?)"))

{

$stmt->bind_param("ssdtt", $id, $name, $date, $start, $stop);

$stmt->execute();

$stmt->close();

}

?>

dbase.PDF

dbase problem.PDF

July 18, 2011

Looks like a typo. It's "param" not "pararm."

OMG! *facepalm* :blink: :raised: <_< Note to self, don't fat finger the keyboard! Thanks Ben, that was it.

July 18, 2011

Its not a big deal, it won't effect anything you are doing but if you look in the bar above where you type the code you should see "setup" or something like that. I think DW just needs to sync up with the webroot folder (www).

:rolleyes: I actually fixed this one almost alone. I realized that I had the wrong set up for the file location. Ah well live and learn.

Speaking of learing. I'm really starting to enjoy this. I'm making minor alterations to the code and it still seems to be working. That is up until I tried to add a new record. Now I am stuck! :bash: I've been over the code 6 times and I can't figure where I made the wrong turn, but I keep getting the same error.

Fatal error: Call to undefined method mysqli_stmt::bind_pararm() in C:\Program Files (x86)\wamp\www\STC\records.php on line 64

I have a sneaky suspicion that I just set the thing up wrong, (I tend to do that alot) but I can't figure out where. I'm including the code for this one below. The bolded out code is line 64. I know that it has something to do with my parameters, but I'm not sure what.

<?php

include("db-connection.php");

function renderForm($first = '', $last = '', $error = '', $id = '')

{ ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<head>

<title>

<?php if ($id != ''){echo "Edit Record"; } else {echo "New Record"; } ?>

</title>

</head>

<body>

<?php

if ($error != '')

{

echo "<div style='padding:4px; border:1px solid red; color:red'>" .$error . "</div>";

}

?>

<div>

<?php if($id != '') { ?>

<?php }?>

<strong>First Name: *</strong> <input type="text" name=first_name value="<?php echo $first; ?>"/><br/>

<p>* Required</p>

</div>

</form>

</body>

</html>

<?php }

if (isset($_GET['id']))

{

// Editing existing record

renderForm(NULL, NULL, NULL, $_GET['id']);

}

else

{

// Create new record

if (isset($_POST['submit']))

{

$first = htmlentities($_POST['first_name'], ENT_QUOTES);

$last = htmlentities ($_POST['last_name'], ENT_QUOTES);

if ($first == '' || $last == '')

{

$error = 'ERROR: Please fill in all required fiedlds!';

renderForm($first, $last, $error);

}

else

{

if ($stmt = $mysqli->prepare("INSERT members (first_name, last_name) VALUES (?,?)"))

{

$stmt->bind_pararm("ss", $first, $last);

$stmt->execute();

$stmt->close();

}

else

{

echo "ERROR: Could not prepare SQL statement.";

}

header("Location: view.php");

}

else

{

renderForm();

}

$mysqli->close();

?>

July 18, 2011

Thanks for all the help everyone, I am finally getting results.

So just to update everyone, this is where I am. I am working in Video 2 of the CRUD folder. This one may not be that difficult. So I am working with Dreamweaver and going through the examples in the videos one at a time. I am altering the code just slightly to work with my dbase that I have set up. In the view records video Ben covers how to extract data from the dbase and display it on the page in a table. I almost came out of my skin when it worked and actually returned the records that I called! :clap: What I did notice was a message from DW; "Dynamically-related files could not be resolved because the site definition is not correct for this server." My problem is that if the statement is true, then why did the records pop up? Addtionally how do I resolve this issue so that it does not appear?

Any insight into this would be helpful.

July 17, 2011

Very specific question here. I have installed dreamweaver and I am beginning to work with it throught the video series. I beleive that I have all the information that I need plugged into dreamweaver. I entered in the following code into the codes editor just to make sure that everything was working

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<head>

<title>db-connection</title>

</head>

<?php

phpinfo();

?>

<body>

</body>

</html>

When I clicked on the "Live View" button in dreamweaver, it gave the following message.

Sorry, we can't find "db-connection.php". We suggest that you check the spelling of the web address or search above

So now my question is where have I gone wrong. This works for WAMP using word pad, but for some reason DW won't display it. Not sure why. Now it should be worth mentioning that I had to make some code alterations to my local host files in WAMP in order to get this thing to work to begin with, but I'm not sure if the same thing will apply here. The only thing that I did was adjust my WAMP settings to port 81 instead of 80. Something tells me that this is going to be at the root of my problem but I'm not sure how to go about fixing it.

Any suggestions?

Sign In

Profiles

Forums

Events

Downloads

Gallery

Store

Posts posted by Virtual-Instructor