R
E
S
O
U
R
C
E
S
       Home      Products & Services      Contact Us      Links


WebHatchers will design & develop your site for you.
_______________________

Website Menu Heaven: menus, buttons, etc.
_______________________

Send us your questions.
_______________________

site search by freefind
_______________________

HOME
SEO, Google, Privacy
   and Anonymity
Browser Insanity
JavaScript
Popups and Tooltips
Free Website Search
HTML Form Creator
Animation
Buttons and Menus
Counters
Captchas
Image Uploading
CSS and HTML
PHP
AJAX
XPATH
Website Poll
IM and Texting
Databases—MySQL
   or Not MySQL
Personal Status Boards
Content Management
   Systems
Article Content
   Management Systems
Website Directory
   CMS Systems
Photo Gallery CMS
Forum CMS
Blog CMS
Customer Records
   Management CMS
Address Book CMS
Private Messaging CMS
Chat Room CMS
JavaScript Charts
   and Graphs




Free Personal Status Boards (PSB™)

Free Standard Free PSB

Free PSB Pro Version

Free Social PSB

Free Social PSB Plus (with Email)

Free Business PSB

Free Business PSB Plus (with Email)

PSB demo

Social PSB demo

Business PSB demo

So what's all this PSB stuff about?

Chart comparing business status boards

PSB hosting diagram

PSB Licence Agreement



Copyright © 2002 -
MCS Investments, Inc. sitemap

PSBs, social networking, social evolution, microcommunities, personal status boards
PSBs, social networking, business personal status boards
website design, ecommerce solutions
website menus, buttons, image rotators
Ez-Architect, home design software
the magic carpet and the cement wall, children's adventure book
the squirrel valley railroad, model railroad videos, model train dvds
the deep rock railroad, model railroad videos, model train dvds

Login to MC Search and Match Questionnaire

This script is called questionnaire-login.php

The questionnaire login script is a link at the top of the regular login script at Login to MC Search and Match Profile and Account Management. It is accompanied by a link to the questionnaire info script at MC Questionnaire Info. The point of the former is to give the user a way to get to the questionnaire at MC Questionnaire. The only other way is during the registration process. After you fill in the user profile data and press submit, you are sent to the MC Questionnaire. But you may choose to fill it in later after you've had ample opportunity to consult your MC group about their preferences and group configuration. So that is why there is the link to this MC Questionnaire Login page on the login page. It's the "fill it in later". The point of the questionnaire info page link is to let you peruse and—if you wish—print out the questionnaire form to help you when you consult your MC group about their preferences and group configuration.

The first section is at the start of the script. First, we start a session and put the session id into a session variable sessionid. Then we define a named constant '_NODIRECTACCESS'. We include the config.php file (in the includes folder) which uses the PHP defined() function to check on this constant. If it is not set, we are thrown out of the config.php file like yesterday's trash.

Next we get to the JavaScript section. We use both JavaScript and PHP validation to filter input from the user since the cardinal rule for user input is: NEVER TRUST IT. If you want to trust it, simply ensure that it will be safe for putting into your MySQL tables as well as displaying on your web pages. By far the best method here is to use the JavaScript for the users' benefit and the PHP for security. If JavaScript is turned off (in which case our scripts won't even work), the PHP validation scripts are your last line of defense to keep things safe. On the other hand, the JavaScript allows the user to get a user-friendly response to unacceptable or wrong input in fields. Rather than making the user restart the form when he goofs, good JavaScript validation scripts use the focus() method to put the cursor back on the field where the goof occured as well as alerting the user to his error. PHP-only validation forces form restart, which is maddening to users.

We use /^[A-Za-z0-9!@#$%^&*()_]{6,20}$/ for the password regular expression filter to force the data to conform to the needs of the acceptable data for a password, with the first part showing the acceptable characters and the second part forcing the length—in this case—to be 6 to 20 characters. The user name validator uses /^[A-Za-z0-9_]{6,20}$/ for its regular expression pattern. In both cases, if the data input does not meet the standards of our filters, the JavaScript focus() method sends the focus (the cursor) back to the text input box where the unacceptable data was input.

We now turn to the PHP section. First we grab all POSTed data that gets sent to the page after the submit button is clicked. The username is put into a session variable. There is a captcha in the form and the user must give the correct answer to get the edits to work. The correct answer will be figured in a different PHP script (more on that later) and stuck into the a__________a session variable. When the form is submitted, we check the answer the user gives against this a__________a variable and if it is incorrect, the user sees "Wrong captcha answer. Please try again." and is made to restart the questionnaire login process. The captchas are all simple: adding or substracting a 1-digit number to/from a 2-digit number.

If the user gets the captcha right, the username and password they entered are, after input filtering, checked for in the db table. If such a username does not exist, the user sees "This User Name does not exist. Please try again." and is made to restart the questionnaire login process. If the password hash found in the MySQL db does not match the password hash created once the user enters the password in logging in, he sees "Sorry, username/password combination is wrong." and is made to restart the questionnaire login process. The hashing and salting scripts are in the config.php file Configure File for Database Connection. The salt script is run only during registration—the salt created then is put in the user's record. In logging in, the salt is gotten from the db then sent to the hash routine in config.php which uses the salt in hash creation.

The other filtration scripts use preg_replace and dump unacceptable characters, using our strict standards, and the substr() function to make sure that data is not too long by trimming off any excess. The regular expression pattern for the password is /[^A-Za-z0-9\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\_]/ and for the user name is /[^a-zA-Z0-9\\_]/.

We also filtered out tags someone may try to sneak in by use of the strip_tags function. And we use the strlen() function to see if the length is too short, in which case they have to try to login to the questionnaire again.

Both salt and hash go into the db. The password does not, so if anyone asks for theirs like in Forgot Password, we simply create a random string and email it to them and say "here's your new password." Few companies allow storing of passwords—it's dumb. We store their session variables for groupname and userid.

The }}}}} is because of all the }else{ conditionals used earlier in the script. If the $Entry variable is not 1 but still 0, they haven't submitted the form yet, so we show them the login form. On the other hand, if they have submitted it, we send them off to the MC Questionnaire, which you will find at the end of the script after the final else conditional. We even send their username in a form, but we needn't have bothered since usernames are grabbed from session variables, not POSTs or GETs. Admittedly, there's a tad bit of overkill here and there in our scripts—just trying to cover all the bases.

As you enter the form area, you will see "The data you will be entering will be added to your registration data." The form itself is pretty standard stuff. It has maxlength attributes to keep password and user name lengths limited to 20 characters and it uses an onsubmit event to run the JavaScript validator. But the form also uses a captcha. We used the official captcha method in our Personal Status Board (PSB™) scripts, but designed a less cumbersome method for our MC editing scripts.

Take a gander at the captcha code: <IMG SRC="captcha-with-sessions.php" alt='captcha'>. A pretty strange type of image, to be sure! Browsers do NOT mind PHP scripts sitting in for PNG, BMP, GIF, or JPG images, believe it or not. You will see "If you see no Captcha, disable your ad blocker." Ad blockers with strong settings may knock the captcha out of the form. But Pop-up Blockers do not molest our captcha since it is NOT a pop-up. So your users were informed about the ad blocker nastiness when they registered—we doubt they will forget. The captcha is a random PNG image created using functions from the GD library, which is in all recent PHP versions. (To use the recommended bundled version of the GD library, which was first bundled in PHP 4.3.0, get your server hosts to use the configure option "--with-gd". Most already do this.)

The captcha image uses the font Holisb__.ttf, which is the Holiday Springs BTN True Type Font (get at MyFonts.com), but you may use other types if you wish. If you find arial.ttf in your C:\WINDOWS\Fonts\ directory on your computer, make sure it is in your folder with your PHP scripts on your server. Holisb__.ttf does a much cooler job, and will be harder for any automatic spambot script to read (and get the right answer for the arithmetic problem). For the captcha script, go to: Captcha Script for Registration and Login.



The script below is called: questionnaire-login.php


<?php
session_start();
$_SESSION['sessionid'] = session_id();

define('_NODIRECTACCESS', TRUE);
include_once"includes/config.php";

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>Login to MC Search and Match Questionnaire</TITLE>
<meta name="description" content="Login to MC Search and Match Questionnaire">
<meta name="keywords" content="Login to MC Search and Match Questionnaire,match,search,login Script,login,php,javascript, dhtml, DHTML">
<style type="text/css">
BODY {margin-left:0; margin-right:0; margin-top:0;text-align:left}
p, li {font:13px Verdana; color:black;text-align:left}
h1 {font:bold 28px Verdana; color:black;text-align:center}
h2 {font:bold 24px Verdana;text-align:center}
h3 {font:bold 15px Verdana;}
.k {text-align:right}
.j {position:absolute;top:50px;left:50%;margin-left:-300px;width:600px}
#myform {position:absolute;top:120px;left:50%;margin-left:-225px;width:450px;border:2px solid black;background-color:#aaa;}
#t {width:410px;padding:9px;margin-top:-25px}
</style>

<script type="text/javascript">

function validatepassword(){

var ck_password = /^[A-Za-z0-9!@#$%^&*()_]{6,20}$/;
if (document.formpw.password.value.search(ck_password)==-1)
{alert("Please enter 6 to 20 letters, numbers and these for password: !@#$%^&*()_");document.formpw.password.focus();return false;}

var ck_username = /^[A-Za-z0-9_]{6,20}$/;
if (document.formpw.username.value.search(ck_username)==-1)
{alert("Please only enter 6 to 20 letters, numbers and underline for user name.");document.formpw.username.focus();return false}

return true;}

</script>

</head>
<body>

<?php

$Entry=$_POST['entry'];
$U=$_POST['username'];
$P=$_POST['password'];
$A=$_POST['answer'];
$N=0;
$_SESSION['username'] = $U;

if($Entry==1 && $A<>$_SESSION['a__________a']){$N=1;unset($U);echo '<script language="javascript">alert("Wrong captcha answer. Please try again.");window.location="questionnaire-login.php";</script>;';
}else{

if($Entry==1){
$U=substr($U,0,20);
$P=substr($P,0,20);

if (strlen($U)<6) {$N=1;unset($U);echo '<script language="javascript">alert("Please enter 6 to 20 characters for user name."); window.location = "questionnaire-login.php"; </script>';
}else{
if (strlen($P)<6) {$N=1;unset($U);echo '<script language="javascript">alert("Please enter 6 to 20 characters for password."); window.location = "questionnaire-login.php"; </script>';
}else{
$pattern3 = '/[^a-zA-Z0-9\\_]/i';
$pattern4 = '/[^A-Za-z0-9\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\_]/i';
$replacement = '';
$U=strip_tags($U);
$P=strip_tags($P);;
$U=preg_replace($pattern3, $replacement, $U);
$P=preg_replace($pattern4, $replacement, $P);

if($A==$_SESSION['a__________a']){
$check_user_data = mysql_query("SELECT * FROM mc_members WHERE username = '$U' LIMIT 1") or die(mysql_error());

if(mysql_num_rows($check_user_data) == 0)
{$N=1;unset($U);echo '<script language="javascript">alert("This user name does not exist. Please try again.");window.location="questionnaire-login.php";</script>;';
}else{

$get_user_data = mysql_fetch_array($check_user_data);
$pw=$get_user_data['password'];
$G=$get_user_data['groupname'];
$_SESSION['groupname'] = $G;
$id=$get_user_data['id'];
$_SESSION['userid'] = $id;
$o=$get_user_data['salt'];$h=z_____z();

if($pw<>$h){
$N=1;unset($U);
echo '<script language="javascript">alert("Sorry, username/password combination is wrong."); window.location="questionnaire-login.php";</script>';}

}}}}}

if($N==1||$Entry==0){ ?>

<center><h1>Login to MC Search and Match Questionnaire</h1></center>

<center><div class='j'><b>The data you will be entering will be added to your registration data.</b></div></center>

<div id='myform'><BR><center><h3>Questionnaire Login</h3></center><table id='t' border='0' cellspacing=0 cellpadding=2>
<form id='formpw' name="formpw" method="post" action="questionnaire-login.php" onsubmit="return validatepassword()">
<tr><td class='k'><label for="User Name"><b>User Name: </b></td><td><input type="text" name="username" size="20" maxlength="20" value=""></label></td></tr>
<tr><td class='k'><label for="Password"><b>Password: </b></td><td><input type="password" name="password" size="20" maxlength="20" value=""></label></td></tr>
<br><br>
<tr><td class='k'><input type="hidden" name="entry" value="1">
&nbsp;</td><td><IMG SRC="captcha-with-sessions.php" alt='captcha'>
</td></tr>
<tr><td class='k'><label for="Captcha answer"><b>Captcha answer: </b></td><td><input type="text" name="answer" size="20" maxlength="20" value=""></label></td></tr>
<tr><td align=left colspan=2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;If you see no Captcha, disable your ad blocker.</td></tr>
<tr><td class='k'>&nbsp;</td><td><BR><input type="submit" value="Submit">
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<input type="reset" value="Reset">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<input type="button" value="Go back" onclick="window.location='login-to-mc.php'">
</td></tr></form></table><BR>
</div>

<?php
mysql_close();
}else{
?>

<form name="MyForm" method="POST" action="questionnaire.php">
<input type="hidden" name="username" value=" ">

</form>

<script language="javascript">
var u = <?php echo json_encode($U); ?>;
document.MyForm.username.value=u;
document.MyForm.submit();
</script>

<?php
}}
?>

</body>
</html>