Nak Mintak Tolong Pakar Semak Source Kod

[AmRyTeCh 1]

minta mana-mana pakar semak kos ni ada masalah sikit

masalahnya bila saya login,dia tak dapat cari memeber dalam database. bila login pun tetap berada page current tak mahu jump ke page lain

ni kod nye , kod ni kod security

[code]<?php


error_reporting (E_ALL ^ E_NOTICE);
//===============================
// Database Connection Definition
//-------------------------------
//Philmar Online Rent-a-Car Connection begin

include("./db_mysql.inc");

define("DATABASE_NAME","testing");
define("DATABASE_USER","root");
define("DATABASE_PASSWORD","");
define("DATABASE_HOST","localhost");

// Database Initialize
$db = new DB_Sql();
$db->Database = DATABASE_NAME;
$db->User = DATABASE_USER;
$db->Password = DATABASE_PASSWORD;
$db->Host = DATABASE_HOST;

// Philmar Online Rent-a-Car Connection end

//===============================
// Site Initialization
//-------------------------------
// Obtain the path where this site is located on the server
//-------------------------------
$app_path = ".";
//-------------------------------
// Create Header and Footer Path variables
//-------------------------------
$header_filename = "Header.html";
$footer_filename = "Footer.html";
//===============================

//===============================
// Common functions
//-------------------------------
// Convert non-standard characters to HTML
//-------------------------------
function tohtml($strValue)
{
return htmlspecialchars($strValue);
}

//-------------------------------
// Convert value to URL
//-------------------------------
function tourl($strValue)
{
return urlencode($strValue);
}

//-------------------------------
// Obtain specific URL Parameter from URL string
//-------------------------------
function get_param($param_name)
{
global $HTTP_POST_VARS;
global $HTTP_GET_VARS;

$param_value = "";
if(isset($HTTP_POST_VARS[$param_name]))
$param_value = $HTTP_POST_VARS[$param_name];
else if(isset($HTTP_GET_VARS[$param_name]))
$param_value = $HTTP_GET_VARS[$param_name];

return $param_value;
}

function get_session($param_name)
{
global $HTTP_POST_VARS;
global $HTTP_GET_VARS;
global ${$param_name};

$param_value = "";
if(!isset($HTTP_POST_VARS[$param_name]) && !isset($HTTP_GET_VARS[$param_name]) && session_is_registered($param_name))
$param_value = ${$param_name};

return $param_value;
}

function set_session($param_name, $param_value)
{
global ${$param_name};
if(session_is_registered($param_name))
session_unregister($param_name);
${$param_name} = $param_value;
session_register($param_name);
}

function is_number($string_value)
{
if(is_numeric($string_value) || !strlen($string_value))
return true;
else
return false;
}

//-------------------------------
// Convert value for use with SQL statament
//-------------------------------
function tosql($value, $type)
{
if(!strlen($value))
return "NULL";
else
if($type == "Number")
return str_replace (",", ".", doubleval($value));
else
{
if(get_magic_quotes_gpc() == 0)
{
$value = str_replace("'","''",$value);
$value = str_replace("\\","\\\\",$value);
}
else
{
$value = str_replace("\\'","''",$value);
$value = str_replace("\\\"","\"",$value);
}

return "'" . $value . "'";
}
}

function strip($value)
{
if(get_magic_quotes_gpc() == 0)
return $value;
else
return stripslashes($value);
}

function db_fill_array($sql_query)
{
global $db;
$db_fill = new DB_Sql();
$db_fill->Database = $db->Database;
$db_fill->User = $db->User;
$db_fill->Password = $db->Password;
$db_fill->Host = $db->Host;

$db_fill->query($sql_query);
if ($db_fill->next_record())
{
do
{
$ar_lookup[$db_fill->f(0)] = $db_fill->f(1);
} while ($db_fill->next_record());
return $ar_lookup;
}
else
return false;

}

//-------------------------------
// Deprecated function - use get_db_value($sql)
//-------------------------------
function dlookup($table_name, $field_name, $where_condition)
{
$sql = "SELECT " . $field_name . " FROM " . $table_name . " WHERE " . $where_condition;
return get_db_value($sql);
}


//-------------------------------
// Lookup field in the database based on SQL query
//-------------------------------
function get_db_value($sql)
{
global $db;
$db_look = new DB_Sql();
$db_look->Database = $db->Database;
$db_look->User = $db->User;
$db_look->Password = $db->Password;
$db_look->Host = $db->Host;

$db_look->query($sql);
if($db_look->next_record())
return $db_look->f(0);
else
return "";
}

//-------------------------------
// Obtain Checkbox value depending on field type
//-------------------------------
function get_checkbox_value($value, $checked_value, $unchecked_value, $type)
{
if(!strlen($value))
return tosql($unchecked_value, $type);
else
return tosql($checked_value, $type);
}

//-------------------------------
// Obtain lookup value from array containing List Of Values
//-------------------------------
function get_lov_value($value, $array)
{
$return_result = "";

if(sizeof($array) % 2 != 0)
$array_length = sizeof($array) - 1;
else
$array_length = sizeof($array);

for($i = 0; $i < $array_length; $i = $i + 2)
{
if($value == $array[$i]) $return_result = $array[$i+1];
}

return $return_result;
}

//-------------------------------
// Verify user's security level and redirect to login page if needed
//-------------------------------

function check_security($security_level)
{
global $UserRights;
if(!session_is_registered("UserID"))
header ("Location: Login.php?querystring=" . urlencode(getenv("QUERY_STRING")) . "&ret_page=" . urlencode(getenv("REQUEST_URI")));
else
if(!session_is_registered("UserRights") || $UserRights < $security_level)
header ("Location: Login.php?querystring=" . urlencode(getenv("QUERY_STRING")) . "&ret_page=" . urlencode(getenv("REQUEST_URI")));
}

//===============================
// GlobalFuncs begin
// GlobalFuncs end
//===============================
?>

............. kod ni diguna pakai bersama-sama kod di bawah

<?php

class DB_Sql {

/* public: connection parameters */
var $Host = "";
var $Database = "";
var $User = "";
var $Password = "";

/* public: configuration parameters */
var $Auto_Free = 0; ## Set to 1 for automatic mysql_free_result()
var $Debug = 0; ## Set to 1 for debugging messages.
var $Halt_On_Error = "yes"; ## "yes" (halt with message), "no" (ignore errors quietly), "report" (ignore errror, but spit a warning)
var $Seq_Table = "db_sequence";

/* public: result array and current row number */
var $Record = array();
var $Row;

/* public: current error number and error text */
var $Errno = 0;
var $Error = "";

/* public: this is an api revision, not a CVS revision. */
var $type = "mysql";
var $revision = "1.2";

/* private: link and query handles */
var $Link_ID = 0;
var $Query_ID = 0;



/* public: constructor */
function DB_Sql($query = "") {
$this->query($query);
}

/* public: some trivial reporting */
function link_id() {
return $this->Link_ID;
}

function query_id() {
return $this->Query_ID;
}

/* public: connection management */
function connect($Database = "", $Host = "", $User = "", $Password = "") {
/* Handle defaults */
if ("" == $Database)
$Database = $this->Database;
if ("" == $Host)
$Host = $this->Host;
if ("" == $User)
$User = $this->User;
if ("" == $Password)
$Password = $this->Password;

/* establish connection, select database */
if ( 0 == $this->Link_ID ) {
$this->Link_ID=mysql_pconnect($Host, $User, $Password);
if (!$this->Link_ID) {
$this->halt("connect($Host, $User, \$Password) failed.");
return 0;
}

if (!@mysql_select_db($Database,$this->Link_ID)) {
$this->halt("cannot use database ".$this->Database);
return 0;
}
}

return $this->Link_ID;
}

/* public: discard the query result */
function free() {
@mysql_free_result($this->Query_ID);
$this->Query_ID = 0;
}

/* public: perform a query */
function query($Query_String) {
/* No empty queries, please, since PHP4 chokes on them. */
if ($Query_String == "")
/* The empty query string is passed on from the constructor,
* when calling the class without a query, e.g. in situations
* like these: '$db = new DB_Sql_Subclass;'
*/
return 0;

if (!$this->connect()) {
return 0; /* we already complained in connect() about that. */
};

# New query, discard previous result.
if ($this->Query_ID) {
$this->free();
}

if ($this->Debug)
printf("Debug: query = %s<br>\n", $Query_String);

$this->Query_ID = @mysql_query($Query_String,$this->Link_ID);
$this->Row = 0;
$this->Errno = mysql_errno();
$this->Error = mysql_error();
if (!$this->Query_ID) {
$this->halt("Invalid SQL: ".$Query_String);
}

# Will return nada if it fails. That's fine.
return $this->Query_ID;
}

/* public: walk result set */
function next_record() {
if (!$this->Query_ID) {
$this->halt("next_record called with no query pending.");
return 0;
}

$this->Record = @mysql_fetch_array($this->Query_ID);
$this->Row += 1;
$this->Errno = mysql_errno();
$this->Error = mysql_error();

$stat = is_array($this->Record);
if (!$stat && $this->Auto_Free) {
$this->free();
}
return $stat;
}

/* public: position in result set */
function seek($pos = 0) {
$status = @mysql_data_seek($this->Query_ID, $pos);
if ($status)
$this->Row = $pos;
else {
$this->halt("seek($pos) failed: result has ".$this->num_rows()." rows");

/* half assed attempt to save the day,
* but do not consider this documented or even
* desireable behaviour.
*/
@mysql_data_seek($this->Query_ID, $this->num_rows());
$this->Row = $this->num_rows;
return 0;
}

return 1;
}

/* public: table locking */
function lock($table, $mode="write") {
$this->connect();

$query="lock tables ";
if (is_array($table)) {
while (list($key,$value)=each($table)) {
if ($key=="read" && $key!=0) {
$query.="$value read, ";
} else {
$query.="$value $mode, ";
}
}
$query=substr($query,0,-2);
} else {
$query.="$table $mode";
}
$res = @mysql_query($query, $this->Link_ID);
if (!$res) {
$this->halt("lock($table, $mode) failed.");
return 0;
}
return $res;
}

function unlock() {
$this->connect();

$res = @mysql_query("unlock tables");
if (!$res) {
$this->halt("unlock() failed.");
return 0;
}
return $res;
}


/* public: evaluate the result (size, width) */
function affected_rows() {
return @mysql_affected_rows($this->Link_ID);
}

function num_rows() {
return @mysql_num_rows($this->Query_ID);
}

function num_fields() {
return @mysql_num_fields($this->Query_ID);
}

/* public: shorthand notation */
function nf() {
return $this->num_rows();
}

function np() {
print $this->num_rows();
}

function f($Name) {
if(isset($this->Record[$Name]))
return $this->Record[$Name];
else
return "";
}

function p($Name) {
print $this->Record[$Name];
}

/* public: sequence numbers */
function nextid($seq_name) {
$this->connect();

if ($this->lock($this->Seq_Table)) {
/* get sequence number (locked) and increment */
$q = sprintf("select nextid from %s where seq_name = '%s'",
$this->Seq_Table,
$seq_name);
$id = @mysql_query($q, $this->Link_ID);
$res = @mysql_fetch_array($id);

/* No current value, make one */
if (!is_array($res)) {
$currentid = 0;
$q = sprintf("insert into %s values('%s', %s)",
$this->Seq_Table,
$seq_name,
$currentid);
$id = @mysql_query($q, $this->Link_ID);
} else {
$currentid = $res["nextid"];
}
$nextid = $currentid + 1;
$q = sprintf("update %s set nextid = '%s' where seq_name = '%s'",
$this->Seq_Table,
$nextid,
$seq_name);
$id = @mysql_query($q, $this->Link_ID);
$this->unlock();
} else {
$this->halt("cannot lock ".$this->Seq_Table." - has it been created?");
return 0;
}
return $nextid;
}

/* public: return table metadata */
function metadata($table='',$full=false) {
$count = 0;
$id = 0;
$res = array();

/*
* Due to compatibility problems with Table we changed the behavior
* of metadata();
* depending on $full, metadata returns the following values:
*
* - full is false (default):
* $result[]:
* [0]["table"] table name
* [0]["name"] field name
* [0]["type"] field type
* [0]["len"] field length
* [0]["flags"] field flags
*
* - full is true
* $result[]:
* ["num_fields"] number of metadata records
* [0]["table"] table name
* [0]["name"] field name
* [0]["type"] field type
* [0]["len"] field length
* [0]["flags"] field flags
* ["meta"][field name] index of field named "field name"
* The last one is used, if you have a field name, but no index.
* Test: if (isset($result['meta']['myfield'])) { ...
*/

// if no $table specified, assume that we are working with a query
// result
if ($table) {
$this->connect();
$id = @mysql_list_fields($this->Database, $table);
if (!$id)
$this->halt("Metadata query failed.");
} else {
$id = $this->Query_ID;
if (!$id)
$this->halt("No query specified.");
}

$count = @mysql_num_fields($id);

// made this IF due to performance (one if is faster than $count if's)
if (!$full) {
for ($i=0; $i<$count; $i++) {
$res[$i]["table"] = @mysql_field_table ($id, $i);
$res[$i]["name"] = @mysql_field_name ($id, $i);
$res[$i]["type"] = @mysql_field_type ($id, $i);
$res[$i]["len"] = @mysql_field_len ($id, $i);
$res[$i]["flags"] = @mysql_field_flags ($id, $i);
}
} else { // full
$res["num_fields"]= $count;

for ($i=0; $i<$count; $i++) {
$res[$i]["table"] = @mysql_field_table ($id, $i);
$res[$i]["name"] = @mysql_field_name ($id, $i);
$res[$i]["type"] = @mysql_field_type ($id, $i);
$res[$i]["len"] = @mysql_field_len ($id, $i);
$res[$i]["flags"] = @mysql_field_flags ($id, $i);
$res["meta"][$res[$i]["name"]] = $i;
}
}

// free the result only if we were called on a table
if ($table) @mysql_free_result($id);
return $res;
}

/* private: error handling */
function halt($msg) {
$this->Error = @mysql_error($this->Link_ID);
$this->Errno = @mysql_errno($this->Link_ID);
if ($this->Halt_On_Error == "no")
return;

$this->haltmsg($msg);

if ($this->Halt_On_Error != "report")
die("Session halted.");
}

function haltmsg($msg) {
printf("</td></tr></table><b>Database error:</b> %s<br>\n", $msg);
printf("<b>MySQL Error</b>: %s (%s)<br>\n",
$this->Errno,
$this->Error);
}

function table_names() {
$this->query("SHOW TABLES");
$i=0;
while ($info=mysql_fetch_row($this->Query_ID))
{
$return[$i]["table_name"]= $info[0];
$return[$i]["tablespace_name"]=$this->Database;
$return[$i]["database"]=$this->Database;
$i++;
}
return $return;
}
}
?>[/code]

Sekian,

[AmRyTeCh 1]

Salam semua

kalau ada yang sudi nak tolong cek kod-kod lengkap boleh email pada aqu di [email protected]

kod lengkap ada tapi bila cuba upload dalam xampp macam bro onbak cakap tu. tak jadi-jadi.

tak tahu kat mana tuan punya kod tu sorok kuncinye.. kata bagi free orang guna.huhuhu

mungkin tuan punya keje nak bagi orang baru belajar cam aqu ni botak dulu baru nak jadi kot
hahhah

[Sousuke Aizen 4]

[quote name='AmRyTeCh' date='23 August 2010 - 03:47 AM' timestamp='1282506469' post='1045719']
Salam semua

kalau ada yang sudi nak tolong cek kod-kod lengkap boleh email pada aqu di [email protected]

kod lengkap ada tapi bila cuba upload dalam xampp macam bro onbak cakap tu. tak jadi-jadi.

tak tahu kat mana tuan punya kod tu sorok kuncinye.. kata bagi free orang guna.huhuhu

mungkin tuan punya keje nak bagi orang baru belajar cam aqu ni botak dulu baru nak jadi kot
hahhah
[/quote]

Coding kat atas tu nko wat sendiri atau nko pakai wizard??

Kat sini aku bg contoh coding utk login...
[code]<?php

$dbc = @mysql_connect('localhost','root','','info_db') or die('ERROR CONNECTION' . mysql_error());
mysql_select_db('info_db') or die('ERROR SELECT DB' . mysql_error());
//Database connection

$login_name = $_POST['login'];
$password = $_POST['password'];
//Retrieve login n password from textbox

$query = "SELECT * FROM staff WHERE login_name = '$login_name' AND password = '$password'";
//sql query to compare login n password from database


if($_POST['bLogin'])
{
//start login when login button clicked

$result = @mysql_query($query);
$num = mysql_num_rows($result);

if ($num != 0)
{
//if login comparison success
echo "<script>window.location('nextpage.php')</script>";
}
}
?>[/code] Edited August 24, 2010 by akuccputsedut

[AmRyTeCh 1]

tima kasih bro,

code tu kawan bagi. sekarang cuba nak recycle kod tu. apasal kod saya tu ada yg warna hijau semua kat tengah tu. saya try cek menggunakan PHP editor, tak ada error lak. guna front page 2003 pun sama. tapi tak dapat login jer.