Marie

Okay, thanks for letting me know. I get what you mean as far as receiving the error message for the wrong reason goes.

Somehow I got this to work but only after I removed my original coding where I had used the coding to prevent SQL attacks. SO I reverted back to the Register.php code that was in the book. THEN I kept receiving the "Please Try Again" error prompt. So I kept ongoing and then the code proceeded to enter users into the database. I don't know what was happening but part of this could have been a server problem. I am not using a local host but working on a live site. I was also wondering if this book is using, a form functions file, as in previous versions of the book? I do not seem to see it anywhere.

I emptied the user table in a test database and when I attempted to register the same user again it said that the email address is already registered. THEN I completely erased the users table and it still said that the email address has already been registered. This was several hours. The only table that would have been queried would have been the users table.

How do we easily get rid of people who register but do not activate their account? I just found out that I cannot schedule an event in the database because I am on a shared web hosting plan. I am seemingly getting a lot of "fake" registrants that are taking up space.

Figured out what was going on with my Login problem. I took out a few pieces of code that didn't need to be there and I believe I had an extra session call in there. Anyway, just sloppy work on my part.

Just want to re-word what I have said above - Also, every ONE of my user's can enter the same password as all other users so I suppose the coding would allow this to happen but in reality it would not matter if someone else has the same password. Also,there are many sites that force people to reset their password with one that they have not used before. Does it really matter if a user wants to enter the same password?

If my user types in passwords that don't match, the error message pops up that says they don't match. They ALSO get a message saying that the email has already been registered. I know that the email has not been used before. Also, every ones of my user's technically can have the same password as all other user so I suppose that it something that would be allowed under normal circumstances but not likely to happen. Does it really matter if someone has used the same password before? // Check for an email address: if (filter_var($trimmed['email'], FILTER_VALIDATE_EMAIL)) { $e = mysqli_real_escape_string($db, $trimmed['email']); } else { echo '<p class="error">Please enter a valid email address!</p>'; } // Check for a password and match against the confirmed password: if (strlen($trimmed['password1']) >= 6) { if ($trimmed['password1'] == $trimmed['password2']) { $p = password_hash($trimmed['password1'], PASSWORD_DEFAULT); } else { echo '<p class="error">Your password did not match the confirmed password!'; } } else { echo '<div align="center"><p class="error">Please enter a valid password!</p>'; }

Yes, that was the problem. I tried several different variations and it was continually entering the user's password in an unencrypted manner SO I left it out. I also took out $a = $_POST['active']; The information is now going into the database and the password is hashed. I am now wondering about the significance of the last part of the prepared statement where one assigns the values to the variables if one can simply remove some of them? $q = "INSERT INTO users (username, email, pass, first_name, middle_name, last_name, active, agree, date_expires) VALUES (?, ?, ?, ?, ?, ?, ?, 'Agree', DATE_ADD(NOW(), INTERVAL 2 YEAR) )"; // Prepare the statement: $stmt = mysqli_prepare($db, $q); // Bind the variables: mysqli_stmt_bind_param($stmt, 'sssssss', $u, $e, $p, $fn, $mi, $ln, $a); // Assign the values to variables: $u = $_POST['username']; $e = $_POST['email']; $fn = $_POST['first_name']; $mi = $_POST['middle_name']; $ln = $_POST['last_name']; //$a = $_POST['active'];

I am trying to adapt code on my registration page to Script 13.6, however am getting and undefined index error for "pass" which represents the password. Otherwise, the remainder of the code follows the Registration code that is in the book. if ($u && $e && $p && $fn && $mi && $ln) { // If everything's OK... // Make sure the email address is available: $q = "SELECT id FROM users WHERE email='$e'"; $r = mysqli_query($db, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($db)); if (mysqli_num_rows($r) == 0) { // Available. // Create the activation code: $a = md5(uniqid(rand(), true)); // Add the user to the database: // Make the query: $q = "INSERT INTO users (username, email, pass, first_name, middle_name, last_name, active, agree, date_expires) VALUES (?, ?, ?, ?, ?, ?, ?, 'Agree', DATE_ADD(NOW(), INTERVAL 2 YEAR) )"; // Prepare the statement: $stmt = mysqli_prepare($db, $q); // Bind the variables: mysqli_stmt_bind_param($stmt, 'sssssss', $u, $e, $p, $fn, $mi, $ln, $a); // Assign the values to variables: $u = $_POST['username']; $e = $_POST['email']; $p = $_POST['pass']; $fn = $_POST['first_name']; $mi = $_POST['middle_name']; $ln = $_POST['last_name']; $a = $_POST['active']; // Execute the query: mysqli_stmt_execute($stmt);

I believe it is working now. It was a database problem. I changed the way the website handled passwords but forgot to change the structure of the database column. So it was truncating the password. Thanks for your help.

Where does the code sit that actually prevents someone from logging in if they are not set to accept cookies? I would like to remove that and see if that is the differece? I have been using your code for years and have older sites with the login.inc.php coding in the includes folder. They always worked. i guess I could go back to that but I would like to use the most updated coding available.

This part of the login code does not seem to be working. I know the information is in the database and the activation field says NULL. I believe that the browser - Firefox on a Mac - is accepting cookies. I have tried this with several users and they all have the same password. I am getting the error message that indicates that the Email and Password does not match those on file. I am set up to use PHP 7. // Query the database: $q = "SELECT user_id, first_name, user_level, pass FROM users WHERE email='$e' AND active IS NULL"; $r = mysqli_query($dbc, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($dbc)); if (@mysqli_num_rows($r) == 1) { // A match was made. // Fetch the values: list($user_id, $first_name, $user_level, $pass) = mysqli_fetch_array($r, MYSQLI_NUM); mysqli_free_result($r);

Thank you for your reply. It WAS defined twice.

I believe that I have followed the code to create a "Forget Password" link. However, I am getting an error that seems to indicate that I am asking for a password hash twice - Fatal error: Cannot redeclare get_password_hash() (previously declared in /hermes/bosnacweb04/bosnacweb04aj/b717/nf.xxxxxxxxxxxx/public_html/xxxxxxxxxxxx/TBRMobile/mysqli.inc.php:28) in /hermes/bosnacweb04/bosnacweb04aj/b717/nf.xxxxxxxxxx/public_html/xxxxxxx/TBRMobile/mysqli.inc.php on line 33 ---- I have x'd out certain areas of this error on purpose. My config file and mysqli file are almost exact. I do not use a header file.

I am also having a similar type of problem but not in all instances. I am testing on a live site. MOST of the time the email will get the activation link but when I click the link I get the message saying that the account could not be activated. BUT the information is in the database and the column says, "NULL".

Hello Larry, Thanks for replying so quickly. I know you are very busy. I went back through all the files and rechecked everything and then made sure that it matched up exactly to your coding. So NOW it is working but I really don't know what went wrong. I had VARCHAR256 in the password column but would that have made any difference? I had also gone to another source for some help and they continually tell me that my coding is old and is being depreciated. Also, I know my hosting company is using PHP 5.6. At this point I am not sure how PHP is handling password encryption. I have learned a tremendous amount over the years because of your books but just find it hard to keep up with the tour when things are changing all the time. Thanks again. Marie

I am having the exact same problem or so it seems. So I have tried several different things and I think now I have done exactly what was suggested above. However, I am still getting the same error message - "The email address and password entered do not match those on file." My fake registrants all have the same password but I have truncated the table and started again. My website is based on the code in Chapter 18 but does not require a person to activate their account so this is the code. Thanks for your help. if ($e && $p) { // If everything's OK. // Query the database: $q = "SELECT id, username, pass FROM users WHERE email='$e' AND active = 1 "; $r = mysqli_query($db, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($db)); if (@mysqli_num_rows($r) == 1) { // A match was made.

Sorry about the double posting above. I was hoping to delete my original post so I could correct it. The error message refers to line 137 not 37. Anyway, the original code I used came from the first edition of the eCommerce book which uses "rows". So the original code would have written <p><h2>Hello $row[1]!</p>.

I have been updating a website with the scripting from this book. A piece of code I have is not working with the new php and I have reworked this several times. The following is the error message that I get in the server error log - PHP Fatal error: Can't use function return value in write context in /hermes/bosnacweb04/bosnacweb04aj/b717/nf.xxxxxxxxx/public_html/xxxxxxxx.com/Login.php on line 137 Line 37 would be the following - if (mysqli_num_rows($r) = $username) { <?php // Show the user info or the login form: if (isset($_SESSION['user_id'])) { // Show basic user options: $q = "SELECT user_id, username FROM users WHERE user_id={$_SESSION['user_id']}"; $r = mysqli_query ($db, $q); //if (mysqli_num_rows($r) > 0) { if (mysqli_num_rows($r) = $username) { //while ($row = mysqli_fetch_array($r, MYSQLI_NUM)) { while ($r = mysqli_fetch_array($r, MYSQLI_NUM)) { // Display the username and heading echo "<p><h2a>Hello $username!</p>"; } } Thanks

I have reworked this page and code several times since posting and believe I have been able to correct that problem. I changed an area that said pass1 to password. NOW I am wondering how to format the error messages so that they are in the body of the form like they were in the eCommerce scripts OR how to format them so that they look good rather than just spreading across the top of the page. Can one use CSS in the PHP script?

<p><label for="password"><strong>Password</strong></label> <?php create_form_input('password1', 'password', $reg_errors); ?></p> <?php if (isset($trimmed['password1'])) echo $trimmed['password1']; ?></p> <p class="noticeType"> Must be between 6 and 20 characters long, with at least one lowercase letter, one uppercase letter, and one number.</p>

Sorry on my computer I don't seem to see my actual message, just the code. I get an "undefined index" error when I use this code on the first line - 'password1'. Thanks. Marie

// Check for a password and match against the confirmed password: if (strlen($trimmed['password1']) >= 10) { if ($trimmed['password1'] == $trimmed['password2']) { $p = password_hash($trimmed['password1'], PASSWORD_DEFAULT); } else { echo '<p class="error">Your password did not match the confirmed password!</p>'; } } else { echo '<p class="error">Please enter a valid password!</p>'; }

The following is code that I have used to get the username or whatever wording you desire from the database and then display it. I have used "Hello". The session is started in the config.inc.php file. The user's information is stored in the database once it has been sent there from a form that you have set up on your website. <?php $q = "SELECT id, username FROM users WHERE id={$_SESSION['user_id']}"; $r = mysqli_query($connect, $q); if (mysqli_num_rows($r) > 0) { while ($row = mysqli_fetch_array($r, MYSQLI_NUM)) { // Display the username and heading echo "<h2>Hello $row[1]! <br /></p> Your Notices should appear in alphabetical order below. <br /></p> Click on the notice that you wish to edit.</h2></p>"; } } ?>