AmRyTeCh 1 Report post Posted August 21, 2010 minta mana-mana pakar semak kos ni ada masalah sikit masalahnya bila saya login,dia tak dapat cari memeber dalam database. bila login pun tetap berada page current tak mahu jump ke page lain ni kod nye , kod ni kod security [code]<?php error_reporting (E_ALL ^ E_NOTICE); //=============================== // Database Connection Definition //------------------------------- //Philmar Online Rent-a-Car Connection begin include("./db_mysql.inc"); define("DATABASE_NAME","testing"); define("DATABASE_USER","root"); define("DATABASE_PASSWORD",""); define("DATABASE_HOST","localhost"); // Database Initialize $db = new DB_Sql(); $db->Database = DATABASE_NAME; $db->User = DATABASE_USER; $db->Password = DATABASE_PASSWORD; $db->Host = DATABASE_HOST; // Philmar Online Rent-a-Car Connection end //=============================== // Site Initialization //------------------------------- // Obtain the path where this site is located on the server //------------------------------- $app_path = "."; //------------------------------- // Create Header and Footer Path variables //------------------------------- $header_filename = "Header.html"; $footer_filename = "Footer.html"; //=============================== //=============================== // Common functions //------------------------------- // Convert non-standard characters to HTML //------------------------------- function tohtml($strValue) { return htmlspecialchars($strValue); } //------------------------------- // Convert value to URL //------------------------------- function tourl($strValue) { return urlencode($strValue); } //------------------------------- // Obtain specific URL Parameter from URL string //------------------------------- function get_param($param_name) { global $HTTP_POST_VARS; global $HTTP_GET_VARS; $param_value = ""; if(isset($HTTP_POST_VARS[$param_name])) $param_value = $HTTP_POST_VARS[$param_name]; else if(isset($HTTP_GET_VARS[$param_name])) $param_value = $HTTP_GET_VARS[$param_name]; return $param_value; } function get_session($param_name) { global $HTTP_POST_VARS; global $HTTP_GET_VARS; global ${$param_name}; $param_value = ""; if(!isset($HTTP_POST_VARS[$param_name]) && !isset($HTTP_GET_VARS[$param_name]) && session_is_registered($param_name)) $param_value = ${$param_name}; return $param_value; } function set_session($param_name, $param_value) { global ${$param_name}; if(session_is_registered($param_name)) session_unregister($param_name); ${$param_name} = $param_value; session_register($param_name); } function is_number($string_value) { if(is_numeric($string_value) || !strlen($string_value)) return true; else return false; } //------------------------------- // Convert value for use with SQL statament //------------------------------- function tosql($value, $type) { if(!strlen($value)) return "NULL"; else if($type == "Number") return str_replace (",", ".", doubleval($value)); else { if(get_magic_quotes_gpc() == 0) { $value = str_replace("'","''",$value); $value = str_replace("\\","\\\\",$value); } else { $value = str_replace("\\'","''",$value); $value = str_replace("\\\"","\"",$value); } return "'" . $value . "'"; } } function strip($value) { if(get_magic_quotes_gpc() == 0) return $value; else return stripslashes($value); } function db_fill_array($sql_query) { global $db; $db_fill = new DB_Sql(); $db_fill->Database = $db->Database; $db_fill->User = $db->User; $db_fill->Password = $db->Password; $db_fill->Host = $db->Host; $db_fill->query($sql_query); if ($db_fill->next_record()) { do { $ar_lookup[$db_fill->f(0)] = $db_fill->f(1); } while ($db_fill->next_record()); return $ar_lookup; } else return false; } //------------------------------- // Deprecated function - use get_db_value($sql) //------------------------------- function dlookup($table_name, $field_name, $where_condition) { $sql = "SELECT " . $field_name . " FROM " . $table_name . " WHERE " . $where_condition; return get_db_value($sql); } //------------------------------- // Lookup field in the database based on SQL query //------------------------------- function get_db_value($sql) { global $db; $db_look = new DB_Sql(); $db_look->Database = $db->Database; $db_look->User = $db->User; $db_look->Password = $db->Password; $db_look->Host = $db->Host; $db_look->query($sql); if($db_look->next_record()) return $db_look->f(0); else return ""; } //------------------------------- // Obtain Checkbox value depending on field type //------------------------------- function get_checkbox_value($value, $checked_value, $unchecked_value, $type) { if(!strlen($value)) return tosql($unchecked_value, $type); else return tosql($checked_value, $type); } //------------------------------- // Obtain lookup value from array containing List Of Values //------------------------------- function get_lov_value($value, $array) { $return_result = ""; if(sizeof($array) % 2 != 0) $array_length = sizeof($array) - 1; else $array_length = sizeof($array); for($i = 0; $i < $array_length; $i = $i + 2) { if($value == $array[$i]) $return_result = $array[$i+1]; } return $return_result; } //------------------------------- // Verify user's security level and redirect to login page if needed //------------------------------- function check_security($security_level) { global $UserRights; if(!session_is_registered("UserID")) header ("Location: Login.php?querystring=" . urlencode(getenv("QUERY_STRING")) . "&ret_page=" . urlencode(getenv("REQUEST_URI"))); else if(!session_is_registered("UserRights") || $UserRights < $security_level) header ("Location: Login.php?querystring=" . urlencode(getenv("QUERY_STRING")) . "&ret_page=" . urlencode(getenv("REQUEST_URI"))); } //=============================== // GlobalFuncs begin // GlobalFuncs end //=============================== ?> ............. kod ni diguna pakai bersama-sama kod di bawah <?php class DB_Sql { /* public: connection parameters */ var $Host = ""; var $Database = ""; var $User = ""; var $Password = ""; /* public: configuration parameters */ var $Auto_Free = 0; ## Set to 1 for automatic mysql_free_result() var $Debug = 0; ## Set to 1 for debugging messages. var $Halt_On_Error = "yes"; ## "yes" (halt with message), "no" (ignore errors quietly), "report" (ignore errror, but spit a warning) var $Seq_Table = "db_sequence"; /* public: result array and current row number */ var $Record = array(); var $Row; /* public: current error number and error text */ var $Errno = 0; var $Error = ""; /* public: this is an api revision, not a CVS revision. */ var $type = "mysql"; var $revision = "1.2"; /* private: link and query handles */ var $Link_ID = 0; var $Query_ID = 0; /* public: constructor */ function DB_Sql($query = "") { $this->query($query); } /* public: some trivial reporting */ function link_id() { return $this->Link_ID; } function query_id() { return $this->Query_ID; } /* public: connection management */ function connect($Database = "", $Host = "", $User = "", $Password = "") { /* Handle defaults */ if ("" == $Database) $Database = $this->Database; if ("" == $Host) $Host = $this->Host; if ("" == $User) $User = $this->User; if ("" == $Password) $Password = $this->Password; /* establish connection, select database */ if ( 0 == $this->Link_ID ) { $this->Link_ID=mysql_pconnect($Host, $User, $Password); if (!$this->Link_ID) { $this->halt("connect($Host, $User, \$Password) failed."); return 0; } if (!@mysql_select_db($Database,$this->Link_ID)) { $this->halt("cannot use database ".$this->Database); return 0; } } return $this->Link_ID; } /* public: discard the query result */ function free() { @mysql_free_result($this->Query_ID); $this->Query_ID = 0; } /* public: perform a query */ function query($Query_String) { /* No empty queries, please, since PHP4 chokes on them. */ if ($Query_String == "") /* The empty query string is passed on from the constructor, * when calling the class without a query, e.g. in situations * like these: '$db = new DB_Sql_Subclass;' */ return 0; if (!$this->connect()) { return 0; /* we already complained in connect() about that. */ }; # New query, discard previous result. if ($this->Query_ID) { $this->free(); } if ($this->Debug) printf("Debug: query = %s<br>\n", $Query_String); $this->Query_ID = @mysql_query($Query_String,$this->Link_ID); $this->Row = 0; $this->Errno = mysql_errno(); $this->Error = mysql_error(); if (!$this->Query_ID) { $this->halt("Invalid SQL: ".$Query_String); } # Will return nada if it fails. That's fine. return $this->Query_ID; } /* public: walk result set */ function next_record() { if (!$this->Query_ID) { $this->halt("next_record called with no query pending."); return 0; } $this->Record = @mysql_fetch_array($this->Query_ID); $this->Row += 1; $this->Errno = mysql_errno(); $this->Error = mysql_error(); $stat = is_array($this->Record); if (!$stat && $this->Auto_Free) { $this->free(); } return $stat; } /* public: position in result set */ function seek($pos = 0) { $status = @mysql_data_seek($this->Query_ID, $pos); if ($status) $this->Row = $pos; else { $this->halt("seek($pos) failed: result has ".$this->num_rows()." rows"); /* half assed attempt to save the day, * but do not consider this documented or even * desireable behaviour. */ @mysql_data_seek($this->Query_ID, $this->num_rows()); $this->Row = $this->num_rows; return 0; } return 1; } /* public: table locking */ function lock($table, $mode="write") { $this->connect(); $query="lock tables "; if (is_array($table)) { while (list($key,$value)=each($table)) { if ($key=="read" && $key!=0) { $query.="$value read, "; } else { $query.="$value $mode, "; } } $query=substr($query,0,-2); } else { $query.="$table $mode"; } $res = @mysql_query($query, $this->Link_ID); if (!$res) { $this->halt("lock($table, $mode) failed."); return 0; } return $res; } function unlock() { $this->connect(); $res = @mysql_query("unlock tables"); if (!$res) { $this->halt("unlock() failed."); return 0; } return $res; } /* public: evaluate the result (size, width) */ function affected_rows() { return @mysql_affected_rows($this->Link_ID); } function num_rows() { return @mysql_num_rows($this->Query_ID); } function num_fields() { return @mysql_num_fields($this->Query_ID); } /* public: shorthand notation */ function nf() { return $this->num_rows(); } function np() { print $this->num_rows(); } function f($Name) { if(isset($this->Record[$Name])) return $this->Record[$Name]; else return ""; } function p($Name) { print $this->Record[$Name]; } /* public: sequence numbers */ function nextid($seq_name) { $this->connect(); if ($this->lock($this->Seq_Table)) { /* get sequence number (locked) and increment */ $q = sprintf("select nextid from %s where seq_name = '%s'", $this->Seq_Table, $seq_name); $id = @mysql_query($q, $this->Link_ID); $res = @mysql_fetch_array($id); /* No current value, make one */ if (!is_array($res)) { $currentid = 0; $q = sprintf("insert into %s values('%s', %s)", $this->Seq_Table, $seq_name, $currentid); $id = @mysql_query($q, $this->Link_ID); } else { $currentid = $res["nextid"]; } $nextid = $currentid + 1; $q = sprintf("update %s set nextid = '%s' where seq_name = '%s'", $this->Seq_Table, $nextid, $seq_name); $id = @mysql_query($q, $this->Link_ID); $this->unlock(); } else { $this->halt("cannot lock ".$this->Seq_Table." - has it been created?"); return 0; } return $nextid; } /* public: return table metadata */ function metadata($table='',$full=false) { $count = 0; $id = 0; $res = array(); /* * Due to compatibility problems with Table we changed the behavior * of metadata(); * depending on $full, metadata returns the following values: * * - full is false (default): * $result[]: * [0]["table"] table name * [0]["name"] field name * [0]["type"] field type * [0]["len"] field length * [0]["flags"] field flags * * - full is true * $result[]: * ["num_fields"] number of metadata records * [0]["table"] table name * [0]["name"] field name * [0]["type"] field type * [0]["len"] field length * [0]["flags"] field flags * ["meta"][field name] index of field named "field name" * The last one is used, if you have a field name, but no index. * Test: if (isset($result['meta']['myfield'])) { ... */ // if no $table specified, assume that we are working with a query // result if ($table) { $this->connect(); $id = @mysql_list_fields($this->Database, $table); if (!$id) $this->halt("Metadata query failed."); } else { $id = $this->Query_ID; if (!$id) $this->halt("No query specified."); } $count = @mysql_num_fields($id); // made this IF due to performance (one if is faster than $count if's) if (!$full) { for ($i=0; $i<$count; $i++) { $res[$i]["table"] = @mysql_field_table ($id, $i); $res[$i]["name"] = @mysql_field_name ($id, $i); $res[$i]["type"] = @mysql_field_type ($id, $i); $res[$i]["len"] = @mysql_field_len ($id, $i); $res[$i]["flags"] = @mysql_field_flags ($id, $i); } } else { // full $res["num_fields"]= $count; for ($i=0; $i<$count; $i++) { $res[$i]["table"] = @mysql_field_table ($id, $i); $res[$i]["name"] = @mysql_field_name ($id, $i); $res[$i]["type"] = @mysql_field_type ($id, $i); $res[$i]["len"] = @mysql_field_len ($id, $i); $res[$i]["flags"] = @mysql_field_flags ($id, $i); $res["meta"][$res[$i]["name"]] = $i; } } // free the result only if we were called on a table if ($table) @mysql_free_result($id); return $res; } /* private: error handling */ function halt($msg) { $this->Error = @mysql_error($this->Link_ID); $this->Errno = @mysql_errno($this->Link_ID); if ($this->Halt_On_Error == "no") return; $this->haltmsg($msg); if ($this->Halt_On_Error != "report") die("Session halted."); } function haltmsg($msg) { printf("</td></tr></table><b>Database error:</b> %s<br>\n", $msg); printf("<b>MySQL Error</b>: %s (%s)<br>\n", $this->Errno, $this->Error); } function table_names() { $this->query("SHOW TABLES"); $i=0; while ($info=mysql_fetch_row($this->Query_ID)) { $return[$i]["table_name"]= $info[0]; $return[$i]["tablespace_name"]=$this->Database; $return[$i]["database"]=$this->Database; $i++; } return $return; } } ?>[/code] Sekian, Quote Share this post Link to post Share on other sites
AmRyTeCh 1 Report post Posted August 22, 2010 Salam semua kalau ada yang sudi nak tolong cek kod-kod lengkap boleh email pada aqu di [email protected] kod lengkap ada tapi bila cuba upload dalam xampp macam bro onbak cakap tu. tak jadi-jadi. tak tahu kat mana tuan punya kod tu sorok kuncinye.. kata bagi free orang guna.huhuhu mungkin tuan punya keje nak bagi orang baru belajar cam aqu ni botak dulu baru nak jadi kot hahhah Quote Share this post Link to post Share on other sites
Sousuke Aizen 4 Report post Posted August 24, 2010 (edited) [quote name='AmRyTeCh' date='23 August 2010 - 03:47 AM' timestamp='1282506469' post='1045719'] Salam semua kalau ada yang sudi nak tolong cek kod-kod lengkap boleh email pada aqu di [email protected] kod lengkap ada tapi bila cuba upload dalam xampp macam bro onbak cakap tu. tak jadi-jadi. tak tahu kat mana tuan punya kod tu sorok kuncinye.. kata bagi free orang guna.huhuhu mungkin tuan punya keje nak bagi orang baru belajar cam aqu ni botak dulu baru nak jadi kot hahhah [/quote] Coding kat atas tu nko wat sendiri atau nko pakai wizard?? Kat sini aku bg contoh coding utk login... [code]<?php $dbc = @mysql_connect('localhost','root','','info_db') or die('ERROR CONNECTION' . mysql_error()); mysql_select_db('info_db') or die('ERROR SELECT DB' . mysql_error()); //Database connection $login_name = $_POST['login']; $password = $_POST['password']; //Retrieve login n password from textbox $query = "SELECT * FROM staff WHERE login_name = '$login_name' AND password = '$password'"; //sql query to compare login n password from database if($_POST['bLogin']) { //start login when login button clicked $result = @mysql_query($query); $num = mysql_num_rows($result); if ($num != 0) { //if login comparison success echo "<script>window.location('nextpage.php')</script>"; } } ?>[/code] Edited August 24, 2010 by akuccputsedut Quote Share this post Link to post Share on other sites
AmRyTeCh 1 Report post Posted August 26, 2010 tima kasih bro, code tu kawan bagi. sekarang cuba nak recycle kod tu. apasal kod saya tu ada yg warna hijau semua kat tengah tu. saya try cek menggunakan PHP editor, tak ada error lak. guna front page 2003 pun sama. tapi tak dapat login jer. Quote Share this post Link to post Share on other sites