Jump to content
Larry Ullman's Book Forums

Marie

Members
  • Content Count

    143
  • Joined

  • Last visited

Everything posted by Marie

  1. Just want to re-word what I have said above - Also, every ONE of my user's can enter the same password as all other users so I suppose the coding would allow this to happen but in reality it would not matter if someone else has the same password. Also,there are many sites that force people to reset their password with one that they have not used before. Does it really matter if a user wants to enter the same password?
  2. If my user types in passwords that don't match, the error message pops up that says they don't match. They ALSO get a message saying that the email has already been registered. I know that the email has not been used before. Also, every ones of my user's technically can have the same password as all other user so I suppose that it something that would be allowed under normal circumstances but not likely to happen. Does it really matter if someone has used the same password before? // Check for an email address: if (filter_var($trimmed['email'], FILTER_VALIDATE_EMAIL)) { $e = mysqli_real_escape_string($db, $trimmed['email']); } else { echo '<p class="error">Please enter a valid email address!</p>'; } // Check for a password and match against the confirmed password: if (strlen($trimmed['password1']) >= 6) { if ($trimmed['password1'] == $trimmed['password2']) { $p = password_hash($trimmed['password1'], PASSWORD_DEFAULT); } else { echo '<p class="error">Your password did not match the confirmed password!'; } } else { echo '<div align="center"><p class="error">Please enter a valid password!</p>'; }
  3. Yes, that was the problem. I tried several different variations and it was continually entering the user's password in an unencrypted manner SO I left it out. I also took out $a = $_POST['active']; The information is now going into the database and the password is hashed. I am now wondering about the significance of the last part of the prepared statement where one assigns the values to the variables if one can simply remove some of them? $q = "INSERT INTO users (username, email, pass, first_name, middle_name, last_name, active, agree, date_expires) VALUES (?, ?, ?, ?, ?, ?, ?, 'Agree', DATE_ADD(NOW(), INTERVAL 2 YEAR) )"; // Prepare the statement: $stmt = mysqli_prepare($db, $q); // Bind the variables: mysqli_stmt_bind_param($stmt, 'sssssss', $u, $e, $p, $fn, $mi, $ln, $a); // Assign the values to variables: $u = $_POST['username']; $e = $_POST['email']; $fn = $_POST['first_name']; $mi = $_POST['middle_name']; $ln = $_POST['last_name']; //$a = $_POST['active'];
  4. I am trying to adapt code on my registration page to Script 13.6, however am getting and undefined index error for "pass" which represents the password. Otherwise, the remainder of the code follows the Registration code that is in the book. if ($u && $e && $p && $fn && $mi && $ln) { // If everything's OK... // Make sure the email address is available: $q = "SELECT id FROM users WHERE email='$e'"; $r = mysqli_query($db, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($db)); if (mysqli_num_rows($r) == 0) { // Available. // Create the activation code: $a = md5(uniqid(rand(), true)); // Add the user to the database: // Make the query: $q = "INSERT INTO users (username, email, pass, first_name, middle_name, last_name, active, agree, date_expires) VALUES (?, ?, ?, ?, ?, ?, ?, 'Agree', DATE_ADD(NOW(), INTERVAL 2 YEAR) )"; // Prepare the statement: $stmt = mysqli_prepare($db, $q); // Bind the variables: mysqli_stmt_bind_param($stmt, 'sssssss', $u, $e, $p, $fn, $mi, $ln, $a); // Assign the values to variables: $u = $_POST['username']; $e = $_POST['email']; $p = $_POST['pass']; $fn = $_POST['first_name']; $mi = $_POST['middle_name']; $ln = $_POST['last_name']; $a = $_POST['active']; // Execute the query: mysqli_stmt_execute($stmt);
  5. I believe it is working now. It was a database problem. I changed the way the website handled passwords but forgot to change the structure of the database column. So it was truncating the password. Thanks for your help.
  6. Where does the code sit that actually prevents someone from logging in if they are not set to accept cookies? I would like to remove that and see if that is the differece? I have been using your code for years and have older sites with the login.inc.php coding in the includes folder. They always worked. i guess I could go back to that but I would like to use the most updated coding available.
  7. This part of the login code does not seem to be working. I know the information is in the database and the activation field says NULL. I believe that the browser - Firefox on a Mac - is accepting cookies. I have tried this with several users and they all have the same password. I am getting the error message that indicates that the Email and Password does not match those on file. I am set up to use PHP 7. // Query the database: $q = "SELECT user_id, first_name, user_level, pass FROM users WHERE email='$e' AND active IS NULL"; $r = mysqli_query($dbc, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($dbc)); if (@mysqli_num_rows($r) == 1) { // A match was made. // Fetch the values: list($user_id, $first_name, $user_level, $pass) = mysqli_fetch_array($r, MYSQLI_NUM); mysqli_free_result($r);
  8. I believe that I have followed the code to create a "Forget Password" link. However, I am getting an error that seems to indicate that I am asking for a password hash twice - Fatal error: Cannot redeclare get_password_hash() (previously declared in /hermes/bosnacweb04/bosnacweb04aj/b717/nf.xxxxxxxxxxxx/public_html/xxxxxxxxxxxx/TBRMobile/mysqli.inc.php:28) in /hermes/bosnacweb04/bosnacweb04aj/b717/nf.xxxxxxxxxx/public_html/xxxxxxx/TBRMobile/mysqli.inc.php on line 33 ---- I have x'd out certain areas of this error on purpose. My config file and mysqli file are almost exact. I do not use a header file.
  9. I am also having a similar type of problem but not in all instances. I am testing on a live site. MOST of the time the email will get the activation link but when I click the link I get the message saying that the account could not be activated. BUT the information is in the database and the column says, "NULL".
  10. Hello Larry, Thanks for replying so quickly. I know you are very busy. I went back through all the files and rechecked everything and then made sure that it matched up exactly to your coding. So NOW it is working but I really don't know what went wrong. I had VARCHAR256 in the password column but would that have made any difference? I had also gone to another source for some help and they continually tell me that my coding is old and is being depreciated. Also, I know my hosting company is using PHP 5.6. At this point I am not sure how PHP is handling password encryption. I have learned a tremendous amount over the years because of your books but just find it hard to keep up with the tour when things are changing all the time. Thanks again. Marie
  11. I am having the exact same problem or so it seems. So I have tried several different things and I think now I have done exactly what was suggested above. However, I am still getting the same error message - "The email address and password entered do not match those on file." My fake registrants all have the same password but I have truncated the table and started again. My website is based on the code in Chapter 18 but does not require a person to activate their account so this is the code. Thanks for your help. if ($e && $p) { // If everything's OK. // Query the database: $q = "SELECT id, username, pass FROM users WHERE email='$e' AND active = 1 "; $r = mysqli_query($db, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($db)); if (@mysqli_num_rows($r) == 1) { // A match was made.
  12. Sorry about the double posting above. I was hoping to delete my original post so I could correct it. The error message refers to line 137 not 37. Anyway, the original code I used came from the first edition of the eCommerce book which uses "rows". So the original code would have written <p><h2>Hello $row[1]!</p>.
  13. I have been updating a website with the scripting from this book. A piece of code I have is not working with the new php and I have reworked this several times. The following is the error message that I get in the server error log - PHP Fatal error: Can't use function return value in write context in /hermes/bosnacweb04/bosnacweb04aj/b717/nf.xxxxxxxxx/public_html/xxxxxxxx.com/Login.php on line 137 Line 37 would be the following - if (mysqli_num_rows($r) = $username) { <?php // Show the user info or the login form: if (isset($_SESSION['user_id'])) { // Show basic user options: $q = "SELECT user_id, username FROM users WHERE user_id={$_SESSION['user_id']}"; $r = mysqli_query ($db, $q); //if (mysqli_num_rows($r) > 0) { if (mysqli_num_rows($r) = $username) { //while ($row = mysqli_fetch_array($r, MYSQLI_NUM)) { while ($r = mysqli_fetch_array($r, MYSQLI_NUM)) { // Display the username and heading echo "<p><h2a>Hello $username!</p>"; } } Thanks
  14. I have reworked this page and code several times since posting and believe I have been able to correct that problem. I changed an area that said pass1 to password. NOW I am wondering how to format the error messages so that they are in the body of the form like they were in the eCommerce scripts OR how to format them so that they look good rather than just spreading across the top of the page. Can one use CSS in the PHP script?
  15. <p><label for="password"><strong>Password</strong></label> <?php create_form_input('password1', 'password', $reg_errors); ?></p> <?php if (isset($trimmed['password1'])) echo $trimmed['password1']; ?></p> <p class="noticeType"> Must be between 6 and 20 characters long, with at least one lowercase letter, one uppercase letter, and one number.</p>
  16. Sorry on my computer I don't seem to see my actual message, just the code. I get an "undefined index" error when I use this code on the first line - 'password1'. Thanks. Marie
  17. // Check for a password and match against the confirmed password: if (strlen($trimmed['password1']) >= 10) { if ($trimmed['password1'] == $trimmed['password2']) { $p = password_hash($trimmed['password1'], PASSWORD_DEFAULT); } else { echo '<p class="error">Your password did not match the confirmed password!</p>'; } } else { echo '<p class="error">Please enter a valid password!</p>'; }
  18. The following is code that I have used to get the username or whatever wording you desire from the database and then display it. I have used "Hello". The session is started in the config.inc.php file. The user's information is stored in the database once it has been sent there from a form that you have set up on your website. <?php $q = "SELECT id, username FROM users WHERE id={$_SESSION['user_id']}"; $r = mysqli_query($connect, $q); if (mysqli_num_rows($r) > 0) { while ($row = mysqli_fetch_array($r, MYSQLI_NUM)) { // Display the username and heading echo "<h2>Hello $row[1]! <br /></p> Your Notices should appear in alphabetical order below. <br /></p> Click on the notice that you wish to edit.</h2></p>"; } } ?>
  19. Okay thanks. I don't know what a cron is exactly but my question was answered. In other words I do not set up a script for this within the current structure of the website.
  20. If I wanted to automatically send an email to one of my subscribers to let them know that their subscription had expired or was about to expire, would that be part of the IPN code?
  21. I agree with the comments made above. If you are using a program like Dreamweaver you may have updated or created your css files but forgot to upload them. So it could be a problem as simple as not uploading ALL your files and not uploading them to the right place. Marie
  22. Okay I actually DID find their Canadian offices in Toronto. Apparently, eBay Canada, PayPal Canada and Kijiji are all located in the same place and have a great front entrance with their logos displayed large and loud, however, one is not allowed to enter through their front door without the secret code. I am not giving up though and will attempt to speak to someone soon. Marie
  23. I agree with what you say above. I was having trouble with the way it was set up previously. This is what I had in the top part of the page which was previously supplied by Margaux. // Check for an agreement: if (isset($_POST['agree']) && ($_POST['agree'] == TRUE)) { $agree = 'Agree'; } else { $reg_errors['agree'] = 'Please agree to the user Terms and Conditions.'; } This only worked once. So if a registrant filled in all the fields except a few of them - including the checkbox - they would get a prompt to fill in the checkbox as well as the other fields that were missed. However, IF they missed the checkbox again and maybe one of the other fields they would not be prompted again to fill out the checkbox. It would just be blank and if any of the other fields were not filled out, they would receive the prompt for those fields. So I decided to rework things slightly. This is what I previously had in the form. <label for="agree"></label> <p class="noticeType">I agree to the user Terms and Conditions. <?php create_form_input('agree', 'checkbox', $reg_errors); ?> </p> This was picking up the checkbox from the forms function file. I was thinking of changing this file to include preselected checkboxes but what if I don't want preselected checkboxes in any of my other pages? So what exactly will an ID value do for me at this point? Thanks for your help.
×
×
  • Create New...