Jump to content
Larry Ullman's Book Forums

buckeye

Members
  • Posts

    17
  • Joined

  • Last visited

Everything posted by buckeye

  1. Hello, I am a regularly reader of your books, which have been very helpful and self-explanatory. However, I've ran into an issue I can't seem to figure out: I am trying to use the pagination from Chapter 10 and been successful in the past. Now, I need to use it a modularized site with mod_rewrite (adapted from your technique in PHP Advanced, Chapter 10). There are 52 records, which are consistent with my $display = 10; and $subcategoryShort = 'beds'; The links display as 1 2 3 4 5 Next (/our-furniture-test/beds/20/5/) My links appear to be correct, however, I get the following error: Not Found The requested URL /our-furniture-test/beds/20/5/ was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. I believe my queries are correct based on the number of records returned and the number of pages the links will show. However, I suspect my issue is with the coding of the links and/or the .htaccess file. I believe we need a different variable for each scenario, which is where the $one, $two and $three come from. The coding of the links is: <?php // Make the links to other pages, if necessary. if ($pages > 1) { // Add some spacing and start a paragraph: echo '<br><p>'; // Determine what page the script is on: $current_page = ($start/$display) + 1; // If it's not the first page, make a Previous link: $one = $start - $display; if ($current_page != 1) { echo '<a href="/our-furniture-test/' . $subcategoryShort . '/' . $one . '/">Previous</a> '; } // Make all the numbered pages: for ($i = 1; $i <= $pages; $i++) { if ($i != $current_page && ($two = ($display * ($i - 1)))) { echo '<a href="/our-furniture-test/' . $subcategoryShort . '/' . $two . '/' . $pages . '/">' . $i . '</a> '; } else { echo $i . ' '; } } // End of FOR loop. // If it's not the last page, make a Next button: $three = $start + $display; if ($current_page != $pages) { echo '<a href="/our-furniture-test/' . $subcategoryShort . '/' . $three . '/' . $pages . '/">Next</a>'; } echo '</p>'; // Close the paragraph. } // End of links section. ?> And the .htaccess (assuming I needed a version for the three scenarios): RewriteRule (our-furniture-test)/([^/]*)/$ /index.php?p=$1&subcategoryShort=$2&one=$3 [L] RewriteRule (our-furniture-test)/([^/]*)/$ /index.php?p=$1&subcategoryShort=$2&two=$3&pages=$4 [L] RewriteRule (our-furniture-test)/([^/]*)/$ /index.php?p=$1&subcategoryShort=$2&three=$3&pages=$4 [L] Not sure where I am going wrong here. Any assistance would be appreciated!
  2. This is an adaptation of the view_cart.php script in ch 19. It had worked previously until I changed servers/web hosting. It may be coincidental, however, when changing cart quantity to zero, it will either throw an error (undefined total variable) or add additional products to cart which were previously deleted in the same session. All other functions work propertly, including "add to cart" and "checkout" when quantities are not changed to zero. Any suggestions would be greatly appreciated. <div class="generalarticle"> <?php // add_cart.php $cart = $_SESSION['cart']; // Check if the form has been submitted (to update the cart): if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Change any quantities: foreach ($_POST['qty'] as $k => $v) { // Must be integers! $pid = (int) $k; $qty = (int) $v; if ( $qty == 0 ) { // Delete. unset ($_SESSION['cart'][$pid]); } elseif ( $qty > 0 ) { // Change quantity. $_SESSION['cart'][$pid]['quantity'] = $qty; } } // End of FOREACH. } // End of SUBMITTED IF. // Display the cart if it's not empty... if (!empty($_SESSION['cart'])) { // Retrieve all of the information for the prints in the cart: require ('../mysqli_connect.php'); // Connect to the database. $q = "SELECT * FROM products WHERE productID IN ("; foreach ($_SESSION['cart'] as $pid => $value) { $q .= $pid . ','; } $q = substr($q, 0, -1) . ') ORDER BY productName ASC'; $r = mysqli_query ($dbc, $q); // Create a form and a table: echo '<form action="https://www.mysite.net/view-cart/" method="post"> <fieldset class="checkout"> <legend class="checkout">My Shopping Cart</legend> <table border="0" width="90%" cellspacing="3" cellpadding="3" align="center"> <tr class="checkout" > <td class="checkout" align="left" width="30%"><b>Item Name</b></td> <td class="checkout" align="right" width="10%"><b>Price</b></td> <td class="checkout" align="right" width="10%"><b>Shipping</b></td> <td class="checkout" align="center" width="10%"><b>Qty</b></td> <td class="checkout" align="right" width="10%"><b>Total Price</b></td> </tr> '; // Print each item... $total = 0; // Total cost of the order. while ($row = mysqli_fetch_array ($r, MYSQLI_ASSOC)) { // Calculate the total and sub-totals. $subtotal = (($_SESSION['cart'][$row['productID']]['quantity'] * $_SESSION['cart'][$row['productID']]['price']) + ($_SESSION['cart'][$row['productID']]['quantity'] * $_SESSION['cart'][$row['productID']]['shipping'])); $total += $subtotal; // Print the row: echo "\t<tr class=\"checkout\"> <td class=\"checkout\" align=\"left\">{$row['productName']}</td> <td class=\"checkout\" align=\"right\">\${$_SESSION['cart'][$row['productID']]['price']}</td> <td class=\"checkout\" align=\"right\">\${$_SESSION['cart'][$row['productID']]['shipping']}</td> <td class=\"checkout\" align=\"center\"><input type=\"text\" size=\"3\" name=\"qty[{$row['productID']}]\" value=\"{$_SESSION['cart'][$row['productID']]['quantity']}\" /></td> <td class=\"checkout\" align=\"right\">$" . number_format ($subtotal, 2) . "</td> </tr>\n"; } // End of the WHILE loop. mysqli_close($dbc); // Close the database connection. // Print the total, close the table, and the form: echo '<tr> <td class="checkout" colspan="4" align="right"><b>Total:</b></td> <td class="checkout" align="right">$' . number_format ($total, 2) . '</td> </tr> </table> <div align="center"><input type="submit" name="submit" value="Update My Cart" /></div> </form> <p align="center">Enter a quantity of 0 to remove an item. <br /><br /><a href="https://www.mysite.net/checkout/">Checkout</a> or <a href="https://www.mysite.net/real-estate-advertisement-packages/">Continue Shopping</a>.</p></fieldset>'; } else { echo '<p>Your cart is currently empty.</p>'; } $_SESSION['total'] = $total; // carry total to checkout $_SESSION['cart'] = $cart; // carry total to checkout ?> </div> <div class="sidebar"></div> <div class="spacer"></div> </div></div>
  3. I have a modularized site in which all pages flow through the index.php. Login/logout works fine using sessions, in which a administrative level user must be logged for the "Admin" menu icon to appear in the menu. I have placed the 'admin' directory inside the 'module' directory. When a logged in user clicks "Admin," I am having difficulty preventing it from running the script (and thereby displaying the admin page) without first requiring a login. I have confirmed the directory is protected from direct access but not from running it. I know it must be a permissions setting, however, I cannot find what the correct permissions need to be. Is this possible? Below is the 'case' to load the admin panel over the index.php (again, the 'admin' directory is within the 'modules' directory): case 'admin-panel': $page = 'admin/admin-panel.inc.php'; $page_title = 'Admin Panel'; break; I can avoid this by simply having an admin_panel.php or index.php within a password protected 'admin' directory, however, I would like to keep the modular pattern and maintain the admin accessibility through the menu. Any suggestions would be appreciated.
  4. RewriteRule (product-detail)/([^/]*)/$ /index.php?p=$1&id=$2 [L] RewriteCond %{QUERY_STRING} id=([0-9]+) I believe I've solved this issue by including the above lines in the .htaccess file. It now redirects the indexed product id pages to the new, modularized pages.
  5. I am modularizing a existing site as discussed in Chapter 2. All is working fine but I cannot seem to find the correct rewrite script for my .htaccess relative to rewriting (or forwarding existing) links that have been indexed in search engines. An example: http://www.example/productdetail.php?id=100 (as indexed by Google) should display as http://www.example/product-detail/100/ but instead is displaying in address bar as http://www.example/product-detail/?id=100 (and obviously no page is found) My current .htaccess is: RewriteEngine On RewriteRule ^([^/]*)/$ /index.php?p=$1[L] RewriteRule (product-detail)/([^/]*)/$ /index.php?p=$1$id=$2 I also have a URL redirect for this page: Redirect 301 /productdetail.php http:www.example.com/product-detail/ Any assistance would be appreciated.
  6. Thank you for your response. The mod_rewrite is working for all other pages, except for the activation page/module. It definitely is set-up and available on the server.
  7. <?php // script 18.6 if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form. // Need the database connection: require (MYSQL); // Trim all the incoming data: $trimmed = array_map('trim', $_POST); // Assume invalid values: $fn = $ln = $e = $p = FALSE; // Check for a first name: if (preg_match ('/^[A-Z \'.-]{2,20}$/i', $trimmed['first_name'])) { $fn = mysqli_real_escape_string ($dbc, $trimmed['first_name']); } else { echo '<p class="error">Please enter your first name!</p>'; } // Check for a last name: if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $trimmed['last_name'])) { $ln = mysqli_real_escape_string ($dbc, $trimmed['last_name']); } else { echo '<p class="error">Please enter your last name!</p>'; } // Check for an email address: if (filter_var($trimmed['email'], FILTER_VALIDATE_EMAIL)) { $e = mysqli_real_escape_string ($dbc, $trimmed['email']); } else { echo '<p class="error">Please enter a valid email address!</p>'; } // Check for a password and match against the confirmed password: if (preg_match ('/^\w{4,20}$/', $trimmed['password1']) ) { if ($trimmed['password1'] == $trimmed['password2']) { $p = mysqli_real_escape_string ($dbc, $trimmed['password1']); } else { echo '<p class="error">Your password did not match the confirmed password!</p>'; } } else { echo '<p class="error">Please enter a valid password!</p>'; } if ($fn && $ln && $e && $p) { // If everything's OK... // Make sure the email address is available: $q = "SELECT user_id FROM users WHERE email='$e'"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); if (mysqli_num_rows($r) == 0) { // Available. // Create the activation code: $a = md5(uniqid(rand(), true)); // new line include('includes/lib/password.php'); // new line $hash=password_hash($p, PASSWORD_BCRYPT); // Add the user to the database: $q = "INSERT INTO users (email, pass, first_name, last_name, active, registration_date) VALUES ('$e', '" . password_hash($p, PASSWORD_BCRYPT) . "', '$fn', '$ln', '$a', NOW() )"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); if (mysqli_affected_rows($dbc) == 1) { // If it ran OK. // Send the email: $body = "Thank you for registering at <whatever site>. To activate your account, please click on this link:\n\n"; $body .= BASE_URL . 'activate/x=' . urlencode($e) . "&y=$a"; mail($trimmed['email'], 'Registration Confirmation', $body, 'From: mymail@sample.com'); // Finish the page: echo '<h3>Thank you for registering! A confirmation email has been sent to your address. Please click on the link in that email in order to activate your account.</h3>'; include ('includes/footer.html'); // Include the HTML footer. exit(); // Stop the page. } else { // If it did not run OK. echo '<p class="error">You could not be registered due to a system error. We apologize for any inconvenience.</p>'; } } else { // The email address is not available. echo '<p class="error">That email address has already been registered. If you have forgotten your password, use the link at right to have your password sent to you.</p>'; } } else { // If one of the data tests failed. echo '<p class="error">Please try again.</p>'; } mysqli_close($dbc); } // End of the main Submit conditional. ?> <h1>Register</h1> <form action="http://www.sample.com/register/" method="post"> <fieldset> <p><b>First Name:</b> <input type="text" name="first_name" size="20" maxlength="20" value="<?php if (isset($trimmed['first_name'])) echo $trimmed['first_name']; ?>" /></p> <p><b>Last Name:</b> <input type="text" name="last_name" size="20" maxlength="40" value="<?php if (isset($trimmed['last_name'])) echo $trimmed['last_name']; ?>" /></p> <p><b>Email Address:</b> <input type="text" name="email" size="30" maxlength="60" value="<?php if (isset($trimmed['email'])) echo $trimmed['email']; ?>" /> </p> <p><b>Password:</b> <input type="password" name="password1" size="20" maxlength="20" value="<?php if (isset($trimmed['password1'])) echo $trimmed['password1']; ?>" /> <small>Use only letters, numbers, and the underscore. Must be between 4 and 20 characters long.</small></p> <p><b>Confirm Password:</b> <input type="password" name="password2" size="20" maxlength="20" value="<?php if (isset($trimmed['password2'])) echo $trimmed['password2']; ?>" /></p> </fieldset> <div align="center"><input type="submit" name="submit" value="Register" /></div> </form> <?php # Script 18.7 - activate.php // This page activates the user's account. require ('includes/config.inc.php'); $page_title = 'Activate Your Account'; include ('includes/header.html'); // If $x and $y don't exist or aren't of the proper format, redirect the user: if (isset($_GET['x'], $_GET['y']) && filter_var($_GET['x'], FILTER_VALIDATE_EMAIL) && (strlen($_GET['y']) == 32 ) ) { // Update the database... require (MYSQL); $q = "UPDATE users SET active=NULL WHERE (email='" . mysqli_real_escape_string($dbc, $_GET['x']) . "' AND active='" . mysqli_real_escape_string($dbc, $_GET['y']) . "') LIMIT 1"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); // Print a customized message: if (mysqli_affected_rows($dbc) == 1) { echo "<h3>Your account is now active. You may now log in.</h3>"; } else { echo '<p class="error">Your account could not be activated. Please re-check the link or contact the system administrator.</p>'; } mysqli_close($dbc); } else { // Redirect. $url = BASE_URL . 'index.php'; // Define the URL. ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } // End of main IF-ELSE. include ('includes/footer.html'); ?> I am modularizing a site that uses the registration (18.6) and activation (18.7) scripts from Chapter 18. All works fine until I try to rewrite activation.php to activation.inc.php and place it in the modules folder. When the activation e-mail comes and I click on the link, I receive a 404/Page Not Found. I am using the following in my .htaccess: RewriteEngine On RewriteRule ^(home|register)/?$ index.php?=$1 [L] RewriteRule ^(activate)/?$ index.php?p=$1&x=$2&y=$3 [L] As mentioned, registration works to the point of all data being inserted into database and the "Registration Confirmation" e-mail being received. It strongly appears to be a matter of my mod_rewrite syntax. Any suggestions as to where I am in error would be appreciated. Thank you.
  8. Thank you, HartleySan, for your response. Very helpful! This solved an issue I was having while modularizing a site.
  9. // Query the database: $q = "SELECT * FROM users WHERE email='$e' AND active IS NULL"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); } include('includes/lib/password.php'); $hash=password_hash($p, PASSWORD_BCRYPT); if (password_verify($pass, $hash)) { // Correct! Thought I had this figured out. The logic in the previous response (though it included the password_verify) was incorrect. This modified excerpt of the script allows login (by checking for e-mail) but is not checking password. Any suggestions would be appreciated.
  10. <?php # Script 18.8 - login.php // This is the login page for the site. require ('includes/config.inc.php'); $page_title = 'Login'; include ('includes/header.php'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { require (MYSQL); // Validate the email address: if (!empty($_POST['email'])) { $e = mysqli_real_escape_string ($dbc, $_POST['email']); } else { $e = FALSE; echo '<p class="error">You forgot to enter your email address!</p>'; } // Validate the password: if (!empty($_POST['pass'])) { $p = mysqli_real_escape_string ($dbc, $_POST['pass']); } else { $p = FALSE; echo '<p class="error">You forgot to enter your password!</p>'; } if ($e && $p) { // If everything's OK. include('includes/lib/password.php'); $hash=password_hash($p, PASSWORD_BCRYPT); if (password_verify($pass, $hash)) { // Correct! // Query the database: $q = "SELECT user_id, first_name, user_level FROM users WHERE (email='$e' AND pass='$p') AND active IS NULL"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); } if (@mysqli_num_rows($r) == 1) { // A match was made. // Register the values: $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); mysqli_free_result($r); mysqli_close($dbc); // Redirect the user: $url = BASE_URL . 'index2014.php'; // Define the URL. ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } else { // No match was made. echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>'; } } else { // If everything wasn't OK. echo '<p class="error">Please try again.</p>'; } mysqli_close($dbc); } // End of SUBMIT conditional. ?> <h1>Login</h1> <p>Your browser must allow cookies in order to log in.</p> <form action="login.php" method="post"> <fieldset> <p><b>Email Address:</b> <input type="text" name="email" size="20" maxlength="60" /></p> <p><b>Password:</b> <input type="password" name="pass" size="20" maxlength="20" /></p> <div align="center"><input type="submit" name="submit" value="Login" /></div> </fieldset> </form> <?php include ('includes/footer.php'); ?> Thank you for your response! I've read back through the applicable sections of both the Effortless E-Commerce 2nd and Php & MySQL 4th Edition, along with the php manual and believe I have the syntax for password_verify correct. However, I am still getting the response "E-mail or password do match what's on file..." Could it be a misplaced } ? Code is included. Thanks for your help.
  11. <?php # Script 18.8 - login.php // This is the login page for the site. require ('includes/config.inc.php'); $page_title = 'Login'; include ('includes/header.html'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { require (MYSQL); // Validate the email address: if (!empty($_POST['email'])) { $e = mysqli_real_escape_string ($dbc, $_POST['email']); } else { $e = FALSE; echo '<p class="error">You forgot to enter your email address!</p>'; } // Validate the password: if (!empty($_POST['pass'])) { $p = mysqli_real_escape_string ($dbc, $_POST['pass']); } else { $p = FALSE; echo '<p class="error">You forgot to enter your password!</p>'; } if ($e && $p) { // If everything's OK. include('includes/lib/password.php'); // Query the database: $q = "SELECT user_id, first_name, user_level FROM users WHERE (email='$e' AND pass='" . password_hash($p, PASSWORD_BCRYPT) . "') AND active IS NULL"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); if (@mysqli_num_rows($r) == 1) { // A match was made. // Register the values: $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); mysqli_free_result($r); mysqli_close($dbc); // Redirect the user: $url = BASE_URL . 'index1.php'; // Define the URL. ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } else { // No match was made. echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>'; } } else { // If everything wasn't OK. echo '<p class="error">Please try again.</p>'; } mysqli_close($dbc); } // End of SUBMIT conditional. ?> <h1>Login</h1> <p>Your browser must allow cookies in order to log in.</p> <form action="login.php" method="post"> <fieldset> <p><b>Email Address:</b> <input type="text" name="email" size="20" maxlength="60" /></p> <p><b>Password:</b> <input type="password" name="pass" size="20" maxlength="20" /></p> <div align="center"><input type="submit" name="submit" value="Login" /></div> </fieldset> </form> <?php include ('includes/footer.html'); ?> include('includes/lib/password.php'); // Add the user to the database: $q = "INSERT INTO users (email, pass, first_name, last_name, active, registration_date) VALUES ('$e', '" . password_hash($p, PASSWORD_BCRYPT) . "', '$fn', '$ln', '$a', NOW() )"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); I am trying to use the password_hash encryption technique for the Ch 18 example rather than SHA1. I was able to successfully register via changing the registration query (see second script, which includes 'lib/password.php' due to my version of Php). However, when I try to login (see top script), it indicates my password doesn't match what's on file. Is it possible something needs changed in the login's validation? Or have I possibly missed something else? Any help would be greatly appreciated.
  12. Issue was resolved. Found error in config file related to definition of constants. Thanks.
  13. <?php // This is the registration page for the site. // This file both displays and processes the registration form. // This script is begun in Chapter 4. // Require the configuration before any PHP code as the configuration controls error reporting: require('includes/config.inc.php'); // The config file also starts the session. // Require the database connection: require(MYSQL); // Include the header file: $page_title = 'Register'; include('includes/header.html'); // For storing registration errors: $reg_errors = array(); // Check for a form submission: if ($_SERVER['REQUEST_METHOD'] === 'POST') { // Check for a first name: if (preg_match('/^[A-Z \'.-]{2,45}$/i', $_POST['first_name'])) { $fn = escape_data($_POST['first_name'], $dbc); } else { $reg_errors['first_name'] = 'Please enter your first name!'; } // Check for a last name: if (preg_match('/^[A-Z \'.-]{2,45}$/i', $_POST['last_name'])) { $ln = escape_data($_POST['last_name'], $dbc); } else { $reg_errors['last_name'] = 'Please enter your last name!'; } // Check for a username: if (preg_match('/^[A-Z0-9]{2,45}$/i', $_POST['username'])) { $u = escape_data($_POST['username'], $dbc); } else { $reg_errors['username'] = 'Please enter a desired name using only letters and numbers!'; } // Check for an email address: if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === $_POST['email']) { $e = escape_data($_POST['email'], $dbc); } else { $reg_errors['email'] = 'Please enter a valid email address!'; } // Check for a password and match against the confirmed password: if (preg_match('/^(\w*(?=\w*\d)(?=\w*[a-z])(?=\w*[A-Z])\w*){6,}$/', $_POST['pass1']) ) { if ($_POST['pass1'] === $_POST['pass2']) { $p = $_POST['pass1']; } else { $reg_errors['pass2'] = 'Your password did not match the confirmed password!'; } } else { $reg_errors['pass1'] = 'Please enter a valid password!'; } if (empty($reg_errors)) { // If everything's OK... // Make sure the email address and username are available: $q = "SELECT email, username FROM users WHERE email='$e' OR username='$u'"; $r = mysqli_query($dbc, $q); // Get the number of rows returned: $rows = mysqli_num_rows($r); if ($rows === 0) { // No problems! // Add the user to the database... // Include the password_compat library, if necessary: include('includes/lib/password.php'); // Temporary: set expiration to a month! // Change after adding PayPal! $q = "INSERT INTO users (username, email, pass, first_name, last_name, date_expires) VALUES ('$u', '$e', '" . password_hash($p, PASSWORD_BCRYPT) . "', '$fn', '$ln', ADDDATE(NOW(), INTERVAL 1 MONTH) )"; // New query, updated in Chapter 6 for PayPal integration: // Sets expiration to yesterday: //$q = "INSERT INTO users (username, email, pass, first_name, last_name, date_expires) VALUES ('$u', '$e', '" . password_hash($p, PASSWORD_BCRYPT) . "', '$fn', '$ln', SUBDATE(NOW(), INTERVAL 1 DAY) )"; $r = mysqli_query($dbc, $q); if (mysqli_affected_rows($dbc) === 1) { // If it ran OK. // Get the user ID: // Store the new user ID in the session: // Added in Chapter 6: //$uid = mysqli_insert_id($dbc); // $_SESSION['reg_user_id'] = $uid; // Display a thanks message... // Original message from Chapter 4: // echo '<div class="alert alert-success"><h3>Thanks!</h3><p>Thank you for registering! You may now log in and access the site\'s content.</p></div>'; // Updated message in Chapter 6: echo '<div class="alert alert-success"><h3>Thanks!</h3><p>Thank you for registering! To complete the process, please now click the button below so that you may pay for your site access via PayPal. The cost is $10 (US) per year. <strong>Note: When you complete your payment at PayPal, please click the button to return to this site.</strong></p></div>'; // Send a separate email? $body = "Thank you for registering at <whatever site>. Blah. Blah. Blah.\n\n"; mail($_POST['email'], 'Registration Confirmation', $body, 'From: admin@simplehomesales.net'); // Finish the page: include('includes/footer.html'); // Include the HTML footer. exit(); // Stop the page. } else { // If it did not run OK. trigger_error('You could not be registered due to a system error. We apologize for any inconvenience. We will correct the error ASAP.'); } } else { // The email address or username is not available. if ($rows === 2) { // Both are taken. $reg_errors['email'] = 'This email address has already been registered. If you have forgotten your password, use the link at left to have your password sent to you.'; $reg_errors['username'] = 'This username has already been registered. Please try another.'; } else { // One or both may be taken. // Get row: $row = mysqli_fetch_array($r, MYSQLI_NUM); if( ($row[0] === $_POST['email']) && ($row[1] === $_POST['username'])) { // Both match. $reg_errors['email'] = 'This email address has already been registered. If you have forgotten your password, use the link at left to have your password sent to you.'; $reg_errors['username'] = 'This username has already been registered with this email address. If you have forgotten your password, use the link at left to have your password sent to you.'; } elseif ($row[0] === $_POST['email']) { // Email match. $reg_errors['email'] = 'This email address has already been registered. If you have forgotten your password, use the link at left to have your password sent to you.'; } elseif ($row[1] === $_POST['username']) { // Username match. $reg_errors['username'] = 'This username has already been registered. Please try another.'; } } // End of $rows === 2 ELSE. } // End of $rows === 0 IF. } // End of empty($reg_errors) IF. } // End of the main form submission conditional. // Need the form functions script, which defines create_form_input(): // The file may already have been included by the header. require_once('includes/form_functions.inc.php'); ?><h1>Register</h1> <p>Access to the site's content is available to registered users at a cost of $10.00 (US) per year. Use the form below to begin the registration process. <strong>Note: All fields are required.</strong> After completing this form, you'll be presented with the opportunity to securely pay for your yearly subscription via <a href="http://www.paypal.com">PayPal</a>.</p> <form action="register.php" method="post" accept-charset="utf-8"> <?php create_form_input('first_name', 'text', 'First Name', $reg_errors); create_form_input('last_name', 'text', 'Last Name', $reg_errors); create_form_input('username', 'text', 'Desired Username', $reg_errors); echo '<span class="help-block">Only letters and numbers are allowed.</span>'; create_form_input('email', 'email', 'Email Address', $reg_errors); create_form_input('pass1', 'password', 'Password', $reg_errors); echo '<span class="help-block">Must be at least 6 characters long, with at least one lowercase letter, one uppercase letter, and one number.</span>'; create_form_input('pass2', 'password', 'Confirm Password', $reg_errors); ?> <input type="submit" name="submit_button" value="Next →" id="submit_button" class="btn btn-default" /> </form> <br> <?php // Include the HTML footer: include('includes/footer.html'); ?> It is the register.php script, working in Chapter 4 (and excluding any PayPay linkage.) Server runs PHP 5.3.13 but accepts the password_hash fix. The script as I am trying to run it:
  14. I was able to correct the issue in which an error message was reported. However, the problem remains that once I complete the registration form and click submit, I remain on the registration page and no "thank you" message is given. Likewise, I check the database and obviously a user hasn't been added.
  15. I am having a problem with the registration page in Chapter 4, Example 1. When I complete the registration form, a simply get a blank page below the header. It stays on register.php and does not advance to thankyou.php. Error checking indicates an undefined index for all the variables. Not sure why that is happening, as I am using the script from the book. Any suggestions would be appreciated.
  16. Is there a way to have the permanent files names in the "uploads" directory be the actual file names (with .jpg, etc.) rather than the associated ID number? Is there a security reason this shouldn't be done? Thank you.
  17. Trying to test the upload script ("add_other_products.php") and, after submitting, get blank screen other than header. When I "refresh" page and resend data, I see a reference to "undefined index: image" which refers to these two lines: // check for image if (is_uploaded_file($_FILES['image']['tmp_name']) && .... this is line 49 in sample download script switch ($_FILES['image']['error']) { this is line 104 in sample download script While trying to figure this out, I deleted all references in the file to the image and I successfully added the test record to the database. But when I added back the references for the image, the same problem came back. I'm probably an intermediate user of php/MySQL and can often figure these things out. This one doesn't make sense. Any suggestions would be appreciate.
×
×
  • Create New...