Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5

Thread: Pls help

  1. #1
    New to the CF scene
    Join Date
    Sep 2013
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Pls help

    Pls i need your help.i have a pxroject that am working on..i dont know if u can help me with the one time password.thus so that if a student tried to access his/her result,he needs to enter a pin and his/her id number...and he can only use the pin 5 times..here is my script..am not that mfamiliar with php..thank u..

    include('admin/connection.php');
    include('sanitise.php');
    $student_id = sanitise($_POST['student_id']);
    $password = sanitise($_POST['password']);

    $qry = mysql_query("SELECT * FROM register_staff WHERE student_id = '$student_id' AND password = '$password'");
    $count = mysql_num_rows($qry);
    if($count==1)

    $RemoveRS__query=sprintf("DELETE FROM register_staff WHERE username='%s' AND password='%s' LIMIT 1",
    get_magic_quotes_gpc()? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc()? $password : addslashes($password));

    mysql_query($RemoveRS__query, $rsLogin.php) or die(mysql_error());

    {
    session_start();
    $_SESSION['student_id'] = $student_id;
    header('Location: student/index.php');
    }
    else
    {
    echo "Invalid ID number or Username";
    }

    ?>

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,980
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Do you need 1 time or do you need 5 time password? The difference will include an additional property in a dbms table.
    For 5x you simply issue an UPDATE query and deduct 1 from the column. You can cleansweep at any time with a simple DELETE query that finds anything that has <= 0 as its number remaining. You would also use this property in any selections requiring that it be available.
    For 1 time, you simply verify and delete.

    Looks like you'll have some syntactical issues here too. The if block doesn't have an opening brace, so the else further down has no paired if. Without a brace the if only applys to the next line of code; this makes the else hang without a branch. Move the opening brace to after the if.
    This is also backwards: get_magic_quotes_gpc()? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc()? $password : addslashes($password));, although you should consider either mysqli or pdo libraries since the mysql will be removed in the near future. addslashes are *not* sufficient, you must use mysql_real_escape_string. The get_magic_quotes_gpc should be used to determine if a stripslashes is required. I would presume a custom sanitize function would be doing this. There is also no record for $loginUsername, so you'll never find a match except if username is empty.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #3
    Senior Coder
    Join Date
    Sep 2010
    Posts
    1,899
    Thanks
    15
    Thanked 226 Times in 226 Posts
    If you just need the five time test during a browser session, just set a $_SESSION variable and increment it when the condition applies.
    PHP Code:
    $_SESSION['inc']=0;
    if 
    failed attempt $_SESSION['inc']++;
    then block them when it reaches the desired number
    Welcome to http://www.myphotowizard.net

    where you can edit images, make a photo calendar, add text to images, and do much more.


    When you know what you're doing it's called Engineering, when you don't know, it's called Research and Development. And you can always charge more for Research and Development.

  • #4
    New to the CF scene
    Join Date
    Sep 2013
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Thank you so Much..GURU'S

    Thank you so Much..GURU'S..am kind off new in this php coding...pls can u help me embed the code on the above script and also the table am to create in my sql database..or u can also help by creating it and dumping the sql dump file for me.thank you so much.I will forever remain grateful to u all

  • #5
    New to the CF scene
    Join Date
    Sep 2013
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Here is the code one more...thanks

    include('admin/connection.php');
    include('sanitise.php');
    $student_id = sanitise($_POST['student_id']);
    $password = sanitise($_POST['password']);

    $qry = mysql_query("SELECT * FROM register_staff WHERE student_id = '$student_id' AND password = '$password'");
    $count = mysql_num_rows($qry);
    if($count==1)
    {

    session_start();
    $_SESSION['student_id'] = $student_id;
    header('Location: student/index.php');
    }
    else
    {
    echo "Invalid ID number or Username";
    }

    ?>


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •