Marie

Okay thanks. I don't know what a cron is exactly but my question was answered. In other words I do not set up a script for this within the current structure of the website.

If I wanted to automatically send an email to one of my subscribers to let them know that their subscription had expired or was about to expire, would that be part of the IPN code?

I agree with the comments made above. If you are using a program like Dreamweaver you may have updated or created your css files but forgot to upload them. So it could be a problem as simple as not uploading ALL your files and not uploading them to the right place. Marie

Okay I actually DID find their Canadian offices in Toronto. Apparently, eBay Canada, PayPal Canada and Kijiji are all located in the same place and have a great front entrance with their logos displayed large and loud, however, one is not allowed to enter through their front door without the secret code. I am not giving up though and will attempt to speak to someone soon. Marie

I agree with what you say above. I was having trouble with the way it was set up previously. This is what I had in the top part of the page which was previously supplied by Margaux. // Check for an agreement: if (isset($_POST['agree']) && ($_POST['agree'] == TRUE)) { $agree = 'Agree'; } else { $reg_errors['agree'] = 'Please agree to the user Terms and Conditions.'; } This only worked once. So if a registrant filled in all the fields except a few of them - including the checkbox - they would get a prompt to fill in the checkbox as well as the other fields that were missed. However, IF they missed the checkbox again and maybe one of the other fields they would not be prompted again to fill out the checkbox. It would just be blank and if any of the other fields were not filled out, they would receive the prompt for those fields. So I decided to rework things slightly. This is what I previously had in the form. <label for="agree"></label> <p class="noticeType">I agree to the user Terms and Conditions. <?php create_form_input('agree', 'checkbox', $reg_errors); ?> </p> This was picking up the checkbox from the forms function file. I was thinking of changing this file to include preselected checkboxes but what if I don't want preselected checkboxes in any of my other pages? So what exactly will an ID value do for me at this point? Thanks for your help.

I have revisited this and decided that my users HAVE to agree to the Terms and Conditions on my Registration page so my check box is now preselected. The following is what I now have at the top of the page - // Check for a form submission: if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Check for an agreement: $agree = 'Agree'; Then where the form is located I have the following - <label for="agree"></label> <input type="checkbox" name=mybox value="1" checked> I agree to the user Terms and Conditions. A slight problem could present itself if someone decides to "uncheck" the box. The form still goes through and the word "Agree" goes into the database, however, the person may think that they have NOT agreed to the Terms and Conditions.

Yes it would be amazing if there was someone there that could actually help. The forum idea is good as well. I am going to get my list together and try approaching them when I am back in Toronto. Right now I am vacationing in Florida.

As far as I know it is Canadian. Paypal seems to reroute me that way no matter what. Also, as far as I know they are located not far from where I live so maybe I can drop in their office sometime and ask some questions. Marie

Just an update. I STILL have given up on the PayPal Sandbox and am doing my testing on the live PayPal. BUT I have discovered that if one sets up a bank account with PayPal you can use that over an over. At least so far I have not been blocked. As far as I know one can have one business account and one personal account. So I am using the personal account with my bank account info and I am able to test out my fake users. This is working fine. It is updating my users and orders table. So I really don't know what is going on with PayPal Sandbox. Live PayPal is working. Thanks for all the helpful suggestions and comments.

I am logged into the sandbox while I am testing it and using a live URL for the IPN script. So I really don't know what is going on there. I get fed up and then go back to it and try different things. At one point it was doing something with the orders table but never updated the users table.

I have attempted using PayPal sandbox at three different times and find it frustrating and difficult and it has not worked for me. I don't now what the problem is but have had a similar experience to yours. I have contacted PayPal and they say they do not offer support for the development part of their site. I don't know if it is because I am on a Mac but I have to login MANY times before it will take me to the area where I can choose the fake buyer or seller email and most of the time when I try to log in it takes me to a page saying that there is a server error. HOWEVER, things are working fine when I have moved my scripts to the LIVE mode. The ipn script is updating my users and orders table and then going to the Thanks page. The only problem is that one cannot do too much testing because PaylPal starts blocking the credit cards to avoid fraud.

Can this be corrected somehow? After the password is shortened, my users cannot login as their password is no longer correct.

Yes, the password has is changing when I edit the table directly from the phpMyAdmin and the password gets shorter. It is only doing this once though. So if I go in and change the username it changes, but if I go in and then change the person's email or name or whatever, it stays at the shorter version. It does not get any shorter than it does with the first edit. I tried copying and pasting the longer version back in but it won't accept it so the user has to log back in and click on the "Forgot Password" link. The password is always shortened the same way with every user. The following is the longer proper version I g@i~4J~v7 The following is the shorter version I g@ The following is how the table should be structured - this should be close to what it is in the book. CREATE TABLE `users` ( `id` INT UNSIGNED NOT NULL AUTO_INCREMENT, `type` ENUM('member','admin') NOT NULL, `username` VARCHAR(30) NOT NULL, `email` VARCHAR(80) NOT NULL, `pass` VARBINARY(32) DEFAULT NULL, `first_name` VARCHAR(80) NOT NULL, `mid_initial` VARCHAR(80) NOT NULL, `last_name` VARCHAR(80) NOT NULL, `active` TINYINT(3) NOT NULL, `agree` VARCHAR(10) NOT NULL, `date_expires` DATE NOT NULL, `date_created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, `date_modified` TIMESTAMP NOT NULL DEFAULT '0000-00-00 00:00:00', PRIMARY KEY (`id`), UNIQUE KEY `username` (`username`), UNIQUE KEY `email` (`email`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; As for data, anything entered would be what is entered in the Registration page. All of the fields have to be filled out or the user does not get registered. I looked over that code and I do not see anything in there that would seem to interfere. I am giving all my fake users the same password. This site is set up that way - everyone can have the same password. I guess it is the email that the code is checking. So would it have to do with the "date created"? I just tried it and changed the date created to the current date and time - if that is possible and the table still did the same thing - shortened the password. Don't know what else I can provide. The phpMyAdmin is provided by my Web Hosting company.

This is what is in the mysql.inc.php script. return mysqli_real_escape_string ($connect, hash_hmac('sha256', $password, 'c#haRl891', true)); The passwords seem to be working fine when my user logs in, changes the password etc.

The following is how my table is structured. The collation is utf8_general_ci. Field id Type tinyint(3) Field type Type enum('member', 'admin') Field username Type varchar(30) Field email Type varchar(80) Field pass Type varbinary(32) Field first_name Type varchar(80) Field mid_initial Type varchar(20) Field last_name Type varchar(80) Field active Type tinyint(3) Field agree Type varchar(10) Field date_expires Type datetime Field date_created Type timestamp Field date_modified Type timestamp Thanks

I have discovered that when I go into the phpMyAdmin - version 2.8.0.1and manually edit ANY of the columns, the password hash is always shortened. I called my web host people and they say that it doesn't have anything to do with them. It is the original code. However, I have discovered that when I add a script that updates the expiry date, the password does not change, just the same as it does not change when I update any of the other user profile information which my user has the option to do on another page. So, I guess as long as I don't have to change anything manually then my user's password will be okay. Otherwise, I will have to ask them to go to the Login page and use the "Forgot Password" link to change their password back to the original. I don't think they should have to do this but I have looked at all the php code and don't know what could be wrong. Marie

Thank you for the above responses. I will get back to the post when I have done all the testing I can possibly do or think of at this point.

Yes, very weird. It has happened each time, on different days. When I look at the password hash I can see that it is almost cut in half. Something that I wouldn't expect. This is my original code from the Registration page which is almost the same as the book. $q = "INSERT INTO users (username, email, pass, first_name, mid_initial, last_name, agree, date_expires) VALUES ('" . stripslashes($u) . "', '$e', '" . get_password_hash($p) . "', '" . stripslashes($fn) . "', '" . stripslashes($mi) . "', '" . stripslashes($ln) . "', '$agree', SUBDATE(NOW(), INTERVAL 1 DAY) )";

The following code seems too easy but after several different combinations I decided to enter a code that only pulls the data that I really want in the first place. Everyone else is redirected. $q = "SELECT id, username, type FROM users WHERE (email='$e' AND pass='" . get_password_hash($p) . "') AND date_expires >= NOW() "; So as long as the listener script will update the database then the process should work. The phpMyAdmin is still changing the password if I go in and manually change the expiry date so I don't know what is up with that. Marie

There is a slight twist with my particular website. I do not want any of my users to enter without paying first. So I need something to keep them from attempting to enter right away as soon as they have registered. I want them to register and follow up with paying. They still may not do this or may not do this for days later for whatever reason. So the login page as I have set it up now could be realistic, well at least so far. So I think I would be making use of the above variable. As for the logic I may find out it doesn't work when I actually implement the listener script. I am not sure what is going to happen.

Thanks for your input. I think I did try something like that previously. I suppose what I need to do is redirect those registrants whose account has expired, to another page. I will experiment with that and get back to the post.

Okay, when I took off everything after the word users I got the kind of response that I should get although it gives me all the rows in the table. I tried many combinations and I could not get it to work when I was attempting to pull out one row. Also, still leaves the problem of all registrants being allowed through no matter what kind of expiry date is in the database and the problem of the password being truncated when the expiry date is changed although I am hoping that might not happen when the update is originated from a script. So I have to keep experimenting.

Yes, that is what I have been getting a 0 for false and a 1 for true. However, the site is allowing both types of registrant to enter the site. I didn't add any limit clause myself. This is what is returned when I queried the database directly. The following is what I have been entering except that I have been entering the specific email and password. – SELECT id, username, type, IF(date_expires >= NOW(), true, false) FROM users WHERE (email='$e' AND pass='" . get_password_hash($p) . "') Thanks, Marie

No I don't. The queries that I made above were directly from the database in the phyMyadmin and I receive a response but I get a LIMIT 0, 30;. I hope I am understanding what you mean. If the registrant is expired and not allowed into the site, what kind of response should I be getting? Or what should I be getting if the registrant has an expiry date in the future? Marie

Sorry forgot to mention that with the registrants who had an expiry date in the future, they were being let in as they should but I was getting a 1 which I am hoping means that the query was true. With the registrants who had an earlier expiry date the query was returning a 0 but still letting them into the site. Marie