Foros del Web » Creando para Internet » Sistemas de gestión de contenidos »

problema con archivo php

Estas en el tema de problema con archivo php en el foro de Sistemas de gestión de contenidos en Foros del Web. hola q tal, eh descargado una aplicacion pre-armada para registro y logeo de usuarios con php y mysql con activacion de cuenta mediante un link ...
  #1 (permalink)  
Antiguo 19/08/2007, 00:10
 
Fecha de Ingreso: abril-2005
Mensajes: 71
Antigüedad: 19 años, 6 meses
Puntos: 0
problema con archivo php

hola q tal, eh descargado una aplicacion pre-armada para registro y logeo de usuarios con php y mysql con activacion de cuenta mediante un link de numeracion aleatoria que se envia al correo del registrante, lo he instalado y creo una cuenta pero me dice que tengo un error en la linea 10 del documento add.php, eh abierto el archivo y en la linea 10 de ese archivo hay esto:

if ($actnum < 0){$actnum = $actnum + ($actnum*-2)}

no entiendo cual pueda ser el problema,aqui les dejo los archivos para saber si alguien sabe cual puede ser mi problema.

add.php

Cita:
<?PHP
//retrieve al the variables that had been submited by the from
$username1 = $HTTP_POST_VARS["username"];
$mailadres1 = $HTTP_POST_VARS["mailadres"];
$password1 = $HTTP_POST_VARS["password"];
$confirmpassword1 = $HTTP_POST_VARS["confirmpassword"];
//generate an random number for the user neede to activate there account
$actnum = rand( 1,999999999999);
//make sure that the activation number is positive (YES it can happen that the number is negatief.)
if ($actnum < 0){$actnum = $actnum + ($actnum*-2)}
//set the error variable to an empty string.
$error = "";

//check it the fields are not empty. if they are, append the error to the error variable ($error)
if ($username1 == ""){$error = "$error<li>No username given<BR>\n";}
if ($password1 == ""){$error = "$error<li>No password given<BR>\n";}
if ($mailadres1== ""){$error = "$error<li>No mailadres given<BR>\n";}
//check if the passwords match. if they don't append the error to the error variable ($errir)
if ($password1 <> $confirmpassword1) {$error = "$error<li>Passwords do not match<BR>\n";}

// let the config.php file make an database connection
include("config.php");
//make an query which checks if the username OR the emailadres ar in the database. if they are append an error.
$query = "Select * from signup where username='$username1' or mailadres='$mailadres1'";
$result = mysql_query($query);
if ($row = mysql_fetch_array($result)){
if ($row["username"] == $username1){$error = "$error<li>Your username is already used by another member<br>\n";}
if ($row["mailadres"] == $mailadres1){$error = "$error<li>Your e-mail adres is already registrated in our database<br>\n";}
}

//if ther error variable is still an empty string. The summission was oke and you can start proccesing the submission
if ($error == ""){
//first we check wat the date and time is for the signupdate field
$datetime = date("d-m-Y G:i ");
//then we submit al this to the database
$query = "INSERT INTO signup (username, password, mailadres, actnum, userlevel, signupdate ,lastlogin, lastloginfail, numloginfail) VALUES ('$username1','$password1','$mailadres1','$actnum' , '1', '$datetime','0','0','0')";
$result = mysql_query($query);
//and we make an (e-mail)message which contains the activation numer
//also possible is to put a link in that message like :
//http:// your url /activate.php?username=$username1&actnum=$actnum
//this would allow the user to direcly submit there activation without having to enter
//al the data again in the activation form
$message = "Activation number: $actnum";
// mail the message to the user
mail($mailadres1, "Sign up script user activationcode", $message, "From: Sign-up script");
// and redirect the user to the activation page
header("Location: activate.php");
}
else
//if $error is no longer a empty stirng there must have been error in the submision.
//here we echo an nice line which says there are a coulple of errors and we onpen an
//unorder list (just the <ul> tag) and we prinnt the error. also we include a link back to the
//sign-upform
{echo "You could not be added to the database because of the following reasons<ul>
$error
</ul>Please return to <a href=\"signup.php\">signup form</a> and try again.";
}
?>
signup.php

Cita:
<?PHP
// this page doesn't has any php code to explain.
?>
<html>
<head>
<title>Sign-up</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<form name="form1" method="post" action="add.php">
<h1> Sign-up</h1>
<p> Username:
<input name="username" type="text" id="Username">
<br>
Password:
<input name="password" type="password" id="password">
Password (confirm):
<input name="confirmpassword" type="password" id="confirmpassword">
<br>
E-mail adres
<input name="mailadres" type="text" id="mailadres">
<br>
<input type="submit" value="Sign-up">
<br>
If you already have an account you can login <a href="login.php">here</a>.</p>
</form>
</body>
</html>
login.php

Cita:
<?PHP
//retrieve the submitted values
$username1 = $HTTP_POST_VARS["username"];
$password1 = $HTTP_POST_VARS["password"];
//let the config.php file connect to the database
include("config.php");
//check it the username exist/
$query = "Select * from signup where username='$username1'";
$result = mysql_query($query);
if ($row = mysql_fetch_array($result)){
//check if his account is activated
if ($row[actnum] == 0){
//and check if his account is not loccked.
if ($row[numloginfail] <= 5){
//finally we check the database to see if the password is correct.
if ($row[password] == $password1){
//we determin the date for the lastlogin - field.
$datetime = date("d-m-Y G:i ");
//and we update that field
$query = "UPDATE signup Set lastlogin = '$datetime' where username='$username1'";
$result = mysql_query($query);
//now that the correct password is used to log-in, reset the numloginfail-field to 0
$query = "UPDATE signup Set numloginfail = '0' where username='$username1'";
$result = mysql_query($query);
//create an session
session_start();
//put the password in the session
$pass = $password1;
session_register("pass");
//put the username in the session
$id = $username1;
session_register("id");
//go to the secured page.
header("Location: members/index.php");
}
else{
//else the password is incorrect. Therofore we have to update the numloginfield and lastloginfail field
//first we set $datetime to the current time in a format that we can use to calculate with.
$datetime = date("d")*10000000000 + date("m")*100000000 + date("Y")*10000 + date("G")*100 + date("i");
//then we check if the last log-in fail was less than 5 minutes ago.
if ($row[lastloginfail] >= ($datetime-5)){
//if it is we update both the numloginfail & the lastloginfail fields.
$query = "UPDATE signup Set numloginfail = numloginfail + 1 where username='$username1'";
$result = mysql_query($query);
$query = "UPDATE signup Set lastloginfail = '$datetime' where username='$username1'";
$result = mysql_query($query);
}
else{
//if it is more than 5 minutes ago, just set the lastloginfail field.
$query = "UPDATE signup Set lastloginfail = '$datetime' where username='$username1'";
$result = mysql_query($query);
}
//and ofcourse we tell the user that his log-in failed.
makeform("Incorrect login");}
}
//if the numloginfail value is larger than 5 that means there someone tryed to break the password by brute force
//we will now check how long ago the lock was engaged. it is is more than half an hour ago is, then we will unlock the account
//and ask the user to login 1 more time to validate it is really him.
else {
$datetime = date("d")*10000000000 + date("m")*100000000 + date("Y")*10000 + date("G")*100 + date("i");
if ($row[lastloginfail] <= ($datetime-30)){
//set the numloginfail value to 5 so the user has 1 change to enter his password.
$query = "UPDATE signup Set numloginfail = '5' where username='$username1'";
$result = mysql_query($query);
//ask the user to enter his username/password once again.
makeform("This account was attackted. Therefore it was locked. To terminate the lock log-in with you correct loginname and password. After this log-in the lock will be terminated and you can you use our account as normal<BR> NOTE: make sure you do not make any type errors. This would activate the lock again.");
}
else{
//if it is less than 30 minutes ago ask the user to wait untill the lock is released again.
echo "This account is under attack. Please wait an until the account is released again.";
}
}
}
//if the actnum is other than 0 that means the account has not been activated yet.
//
else{
makeform("This account has not been activated yet.");
}
}
//if the username does not exist we check it is filled in.
else{
//if it isn't filled we assum that this is the page load and we show the form without an error.
if ($username1 == ""){
makeform("");
}
else {
//if the form is filled it that means that the username does not exist. Therefore we show the form
//with an error. We can not change the numloginfail or lastloginfail fields for the brute forece attack
//because the attack isn't pointed at a user.
makeform("Incorrect login");
}
}

//this function shows the form.
function makeform($errormessage){
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>LOG-IN</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<h1>log-in</h1>
<?PHP
//print the error message
echo "<font color=\"#FF0000\"><strong>$errormessage</strong></font><br>"; ?>
<form name="form1" method="post" action="login.php">
<p>username:
<input name="username" type="text" id="username">
<br>
password:
<input name="password" type="password" id="password">
<br>
<input type="submit" value="LOG IN">
</p>
</form>
<a href="forgot.php">forgot password</a> <br>
<a href="signup.php">get an account</a>
</body>
</html>
<?php } ?>
  #2 (permalink)  
Antiguo 19/08/2007, 03:03
Avatar de ronnyalfonzo  
Fecha de Ingreso: julio-2007
Ubicación: Maracaibo
Mensajes: 76
Antigüedad: 17 años, 3 meses
Puntos: 1
Re: problema con archivo php

pana yo no se mucho de php estoy empesando apenas pero te recomiendo que uses el phpdesigner 2007 profecional, el te ayudara a visualizar mejor los errores
suerte
  #3 (permalink)  
Antiguo 19/08/2007, 09:14
Avatar de GatorV
$this->role('moderador');
 
Fecha de Ingreso: mayo-2006
Ubicación: /home/ams/
Mensajes: 38.567
Antigüedad: 18 años, 5 meses
Puntos: 2135
Re: problema con archivo php

Tema trasladado al foro de aplicaciones prefabricadas.

Porfavor publica en los foros correctos.
Atención: Estás leyendo un tema que no tiene actividad desde hace más de 6 MESES, te recomendamos abrir un Nuevo tema en lugar de responder al actual.
Respuesta




La zona horaria es GMT -6. Ahora son las 17:05.