Jump to content
Larry Ullman's Book Forums

Marie

Members
  • Posts

    148
  • Joined

  • Last visited

Marie's Achievements

Newbie

Newbie (1/14)

  • First Post Rare
  • Collaborator Rare
  • Conversation Starter Rare
  • Week One Done Rare
  • One Month Later Rare

Recent Badges

3

Reputation

  1. Okay, thanks for letting me know. I get what you mean as far as receiving the error message for the wrong reason goes.
  2. Somehow I got this to work but only after I removed my original coding where I had used the coding to prevent SQL attacks. SO I reverted back to the Register.php code that was in the book. THEN I kept receiving the "Please Try Again" error prompt. So I kept ongoing and then the code proceeded to enter users into the database. I don't know what was happening but part of this could have been a server problem. I am not using a local host but working on a live site. I was also wondering if this book is using, a form functions file, as in previous versions of the book? I do not seem to see it anywhere.
  3. I emptied the user table in a test database and when I attempted to register the same user again it said that the email address is already registered. THEN I completely erased the users table and it still said that the email address has already been registered. This was several hours. The only table that would have been queried would have been the users table.
  4. How do we easily get rid of people who register but do not activate their account? I just found out that I cannot schedule an event in the database because I am on a shared web hosting plan. I am seemingly getting a lot of "fake" registrants that are taking up space.
  5. Figured out what was going on with my Login problem. I took out a few pieces of code that didn't need to be there and I believe I had an extra session call in there. Anyway, just sloppy work on my part.
  6. Just want to re-word what I have said above - Also, every ONE of my user's can enter the same password as all other users so I suppose the coding would allow this to happen but in reality it would not matter if someone else has the same password. Also,there are many sites that force people to reset their password with one that they have not used before. Does it really matter if a user wants to enter the same password?
  7. If my user types in passwords that don't match, the error message pops up that says they don't match. They ALSO get a message saying that the email has already been registered. I know that the email has not been used before. Also, every ones of my user's technically can have the same password as all other user so I suppose that it something that would be allowed under normal circumstances but not likely to happen. Does it really matter if someone has used the same password before? // Check for an email address: if (filter_var($trimmed['email'], FILTER_VALIDATE_EMAIL)) { $e = mysqli_real_escape_string($db, $trimmed['email']); } else { echo '<p class="error">Please enter a valid email address!</p>'; } // Check for a password and match against the confirmed password: if (strlen($trimmed['password1']) >= 6) { if ($trimmed['password1'] == $trimmed['password2']) { $p = password_hash($trimmed['password1'], PASSWORD_DEFAULT); } else { echo '<p class="error">Your password did not match the confirmed password!'; } } else { echo '<div align="center"><p class="error">Please enter a valid password!</p>'; }
  8. Yes, that was the problem. I tried several different variations and it was continually entering the user's password in an unencrypted manner SO I left it out. I also took out $a = $_POST['active']; The information is now going into the database and the password is hashed. I am now wondering about the significance of the last part of the prepared statement where one assigns the values to the variables if one can simply remove some of them? $q = "INSERT INTO users (username, email, pass, first_name, middle_name, last_name, active, agree, date_expires) VALUES (?, ?, ?, ?, ?, ?, ?, 'Agree', DATE_ADD(NOW(), INTERVAL 2 YEAR) )"; // Prepare the statement: $stmt = mysqli_prepare($db, $q); // Bind the variables: mysqli_stmt_bind_param($stmt, 'sssssss', $u, $e, $p, $fn, $mi, $ln, $a); // Assign the values to variables: $u = $_POST['username']; $e = $_POST['email']; $fn = $_POST['first_name']; $mi = $_POST['middle_name']; $ln = $_POST['last_name']; //$a = $_POST['active'];
  9. I am trying to adapt code on my registration page to Script 13.6, however am getting and undefined index error for "pass" which represents the password. Otherwise, the remainder of the code follows the Registration code that is in the book. if ($u && $e && $p && $fn && $mi && $ln) { // If everything's OK... // Make sure the email address is available: $q = "SELECT id FROM users WHERE email='$e'"; $r = mysqli_query($db, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($db)); if (mysqli_num_rows($r) == 0) { // Available. // Create the activation code: $a = md5(uniqid(rand(), true)); // Add the user to the database: // Make the query: $q = "INSERT INTO users (username, email, pass, first_name, middle_name, last_name, active, agree, date_expires) VALUES (?, ?, ?, ?, ?, ?, ?, 'Agree', DATE_ADD(NOW(), INTERVAL 2 YEAR) )"; // Prepare the statement: $stmt = mysqli_prepare($db, $q); // Bind the variables: mysqli_stmt_bind_param($stmt, 'sssssss', $u, $e, $p, $fn, $mi, $ln, $a); // Assign the values to variables: $u = $_POST['username']; $e = $_POST['email']; $p = $_POST['pass']; $fn = $_POST['first_name']; $mi = $_POST['middle_name']; $ln = $_POST['last_name']; $a = $_POST['active']; // Execute the query: mysqli_stmt_execute($stmt);
  10. I believe it is working now. It was a database problem. I changed the way the website handled passwords but forgot to change the structure of the database column. So it was truncating the password. Thanks for your help.
  11. Where does the code sit that actually prevents someone from logging in if they are not set to accept cookies? I would like to remove that and see if that is the differece? I have been using your code for years and have older sites with the login.inc.php coding in the includes folder. They always worked. i guess I could go back to that but I would like to use the most updated coding available.
  12. This part of the login code does not seem to be working. I know the information is in the database and the activation field says NULL. I believe that the browser - Firefox on a Mac - is accepting cookies. I have tried this with several users and they all have the same password. I am getting the error message that indicates that the Email and Password does not match those on file. I am set up to use PHP 7. // Query the database: $q = "SELECT user_id, first_name, user_level, pass FROM users WHERE email='$e' AND active IS NULL"; $r = mysqli_query($dbc, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($dbc)); if (@mysqli_num_rows($r) == 1) { // A match was made. // Fetch the values: list($user_id, $first_name, $user_level, $pass) = mysqli_fetch_array($r, MYSQLI_NUM); mysqli_free_result($r);
  13. I believe that I have followed the code to create a "Forget Password" link. However, I am getting an error that seems to indicate that I am asking for a password hash twice - Fatal error: Cannot redeclare get_password_hash() (previously declared in /hermes/bosnacweb04/bosnacweb04aj/b717/nf.xxxxxxxxxxxx/public_html/xxxxxxxxxxxx/TBRMobile/mysqli.inc.php:28) in /hermes/bosnacweb04/bosnacweb04aj/b717/nf.xxxxxxxxxx/public_html/xxxxxxx/TBRMobile/mysqli.inc.php on line 33 ---- I have x'd out certain areas of this error on purpose. My config file and mysqli file are almost exact. I do not use a header file.
  14. I am also having a similar type of problem but not in all instances. I am testing on a live site. MOST of the time the email will get the activation link but when I click the link I get the message saying that the account could not be activated. BUT the information is in the database and the column says, "NULL".
×
×
  • Create New...