Am hoping someone can point me in the right direction here. I have some basic code that I used to add staff members to my db with. Now I am wanting to secure the password using MD5 and am stuck terribly here,
I have a file called config.inc.php and the contents are:
Expand|Select|Wrap|Line Numbers
- <?php
- $salt="somegreatstuff";
- //captcha
- $publickey = "6LctuMgSAAAAADBvul3A-jipON8SydIBK3S67gdR";
- $privatekey = "6LctuMgSAAAAAHM54D2yt0HX1iaIpz1Yv6Inq2nG";
- ?>
This is my current code and hope someone can show me my error which I think is around lines 18&19. Those 2 lines are code I borrowed from another of my files that use keys in the insert. As my knowledge is still very basic in php I have come unstuck...I tried placing those two line around line 31 and then on "submit" my var_dump reports that the column called "password" was being submitted twice..
Expand|Select|Wrap|Line Numbers
- <?php
- include '../dbfunctions.php';
- include '../config.inc.php';
- session_start();
- $link = dbConnect();
- checkStaffLogin();
- $staffs = dbGetRows("staff", "id = '".$_SESSION['stid']."'");
- $staff = mysql_fetch_array($staffs, MYSQL_ASSOC);
- echo $stid;
- echo $staff['surname'];
- $coid = $staff['company_id'];
- if( isset($_POST['Submit']) ) {
- $keys = "";
- $values = "";
- if($k=="password")
- $v=md5($v.$salt);
- foreach($_POST as $k => $v) {
- if( $k != "Submit" ) {
- if( $keys == "" ) $keys = "`".$k."`"; else $keys .= ", `".$k."`";
- if( $values == "" ) $values = "'".$v."'"; else $values .= ", '".$v."'";
- }
- }
- $keys .= ", `dateadded`";
- $values .= ", '".date("Y-m-d")."'";
- $unamecheckresult = dbGetRows("staff", "username = '".$_POST['username']."'");
- $errorcode = "0";
- if( mysql_num_rows($unamecheckresult) > 0 ) $errorcode = "1";
- if( $_POST['username'] == "" ) $errorcode = "2";
- if( $_POST['password'] == "" ) $errorcode = "3";
- $query = "INSERT INTO staff (".$keys.") VALUES (".$values.");";
- if( mysql_num_rows($unamecheckresult) == 0 && $_POST['username'] != "" && $_POST['password'] != "") $result = mysql_query($query, $link) or die("Query failed : ". $query."<br>". mysql_error());
- var_dump ($query);
- }
- ?>
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
- <html>
- <head>
- <title>Add Staff Member</title>
- <link rel="shortcut icon" type="image/x-icon" href="../images/favicon.ico">
- <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
- <link href="../bb.css" rel="stylesheet" type="text/css">
- <script src="../usableforms1.js"></script>
- </head>
- <body onLoad="prepareForm()">
- <table width="80%" border="0" cellspacing="0" cellpadding="0" align="center">
- <tr>
- <td width="23"><img src="http://bytes.com/submit/images/brdr-tl.gif"></td>
- <td width="0*" background="../images/brdr-t2.gif" style="background-repeat: repeat-x;"></td>
- <td width="23"><img src="http://bytes.com/submit/images/brdr-tr.gif"></td>
- </tr>
- <tr>
- <td rowspan="2" valign="top" background="../images/brdr-l2-repeat.gif" style="background-repeat: repeat-y; background-position: left;"><img src="http://bytes.com/submit/images/brdr-l2.gif" width="23" <?php if(strpos($_SERVER['HTTP_USER_AGENT'], "MSIE") == 0) echo "style=\"height: 100%\""; ?>></td>
- <td valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td width="174" height="81" align="center"><img src="http://bytes.com/submit/images/zululogo.gif" width="159" height="61"></td>
- <td width="626" align="right" valign="bottom"><input type="button" name="Cancel2" value="Cancel" onClick="window.close(); opener.location.reload(true);"></td>
- </tr>
- </table>
- <a href="javascript:;" onClick="if( document.getElementById('advancedbox').style.display == 'block' ) document.getElementById('advancedbox').style.display = 'none'; else document.getElementById('advancedbox').style.display = 'block';"><font size="3"><b>
- </b></font></a> <table width="100%" border="0" cellspacing="0" cellpadding="3" style="border: 1px solid #BBBBBB;">
- <tr>
- <td bgcolor="#F5F5F5"><font size="3" color="#880000"><b><?php echo $company['coname']; ?>: Add Staff Member</b></font> </a></td>
- </tr>
- </table>
- <br>
- <?php
- if(isset($_POST['Submit'])) {
- switch( $errorcode ) {
- case "0":
- echo "Staff Member Succesfully Added.<br><br>
- <a href=\"javascript:;\" onClick=\"window.close(); opener.location.reload(true)\">[CLOSE WINDOW]</a><br> <br>
- <td valign=\"top\" background=\"../images/brdr-r2-repeat.gif\" style=\"background-repeat: repeat-y; background-position: right;\"><img src=\"../images/brdr-r2.gif\" width=\"23\" ".(strpos($_SERVER['HTTP_USER_AGENT'], "MSIE") == 0 ? "style=\"height: 100%\"" : "")."></td>
- </tr>
- <tr>
- <td><img src=\"../images/brdr-bl.gif\"></td>
- <td background=\"../images/brdr-b2.gif\" style=\"background-repeat: repeat-x;\"></td>
- <td><img src=\"../images/brdr-br.gif\"></td>
- </tr>
- </table>
- <br>
- </body>
- </html>
- ";
- die();
- break;
- case "1":
- echo "<font color=\"#FF0000\">The username you entered already exists, please enter an alternate username.</font><br><br>";
- break;
- case "2":
- echo "<font color=\"#FF0000\">Please enter a username!</font><br><br>";
- break;
- case "3":
- echo "<font color=\"#FF0000\">Please enter a password!</font><br><br>";
- break;
- }
- }
- ?>
- <br> <form name="form1" method="post" action="addstaff.php">
- <table bgcolor="#FAFAFA" border="0" cellspacing="5" cellpadding="2" style="border: 1px solid #BBBBBB;">
- <tr>
- <td><b>Login Details</b></td>
- <td width="213" colspan="-2"><input type="hidden" name="company_id" value="<?php echo $coid; ?>">
- <input type="hidden" name="status" value="1"></td>
- </tr>
- <tr>
- <td colspan="2" class="small">Allocated the staff member a username and password.</td>
- </tr>
- <tr>
- <td><b>Username:</b></td>
- <td width="213" colspan="-2"><input type="text" name="username"> </td>
- </tr>
- <tr>
- <td><b>Password:</b></td>
- <td width="213" colspan="-2"><input type="password" name="password"> </td>
- </tr>
- <tr>
- <td><b>Is an Administrator?</b></td>
- <td colspan="-2"> </td>
- </tr>
- <tr>
- <td colspan="2"><hr></td>
- </tr>
- <tr>
- <td><b>Title:</b></td>
- <td colspan="-2"><select name="title" size="1">
- <option>Mr.</option>
- <option>Mrs.</option>
- <option>Ms.</option>
- <option>Adv.</option>
- <option>Prof.</option>
- <option>Dr.</option>
- </select></td>
- </tr>
- <tr>
- <td><b>First Name:</b></td>
- <td width="213" colspan="-2"><input type="text" name="firstname" value="<?php echo $_POST['firstname']; ?>"></td>
- </tr>
- <tr>
- <td><b>Surname:</b></td>
- <td colspan="-2"><input type="text" name="surname" value="<?php echo $_POST['surname']; ?>"></td>
- </tr>
- <tr>
- <td><b>Telephone No:</b></td>
- <td colspan="-2"><input type="text" name="tel" value="<?php echo $_POST['tel']; ?>"></td>
- </tr>
- <tr>
- <td><b>Cell Number:</b></td>
- <td colspan="-2"><input type="text" name="cell" value="<?php echo $_POST['cell']; ?>"></td>
- </tr>
- <tr>
- <td><b>E-Mail Address:</b></td>
- <td colspan="-2"><input type="text" name="email" value="<?php echo $_POST['email']; ?>"></td>
- </tr>
- <tr>
- <td colspan="2"><hr></td>
- </tr>
- <tr>
- <td> </td>
- <td colspan="-2" align="right"><input type="submit" name="Submit" value="Submit">
- <input type="button" name="Cancel" value="Cancel" onClick="window.close(); opener.location.reload(true);"></td>
- </tr>
- </table>
- </form></td>
- <td rowspan="2" valign="top" background="../images/brdr-r2-repeat.gif" style="background-repeat: repeat-y; background-position: right;"><img src="http://bytes.com/submit/images/brdr-r2.gif" width="23" <?php if(strpos($_SERVER['HTTP_USER_AGENT'], "MSIE") == 0) echo "style=\"height: 100%\""; ?>></td>
- </tr>
- <tr>
- <td valign="top"> </td>
- </tr>
- <tr>
- <td><img src="http://bytes.com/submit/images/brdr-bl.gif"></td>
- <td background="../images/brdr-b2.gif" style="background-repeat: repeat-x;"></td>
- <td><img src="http://bytes.com/submit/images/brdr-br.gif"></td>
- </tr>
- </table>
- <table><tbody id="waitingRoom"
- style="display: none"></tbody></table>
- <br>
- </body>
- </html>