Edward

You probably need two sets of pictures stored in your directory, i thumbnail size and the larger size. You would then display the thumbnail picture in the product page then you would load the original size picture when clicked on. Well i have seen some web frameworks use this method, or another way would be to do make the thumbnail pictures with the code when the page loads up. I have seen some code for making thumbnails in the PHP Solutions Dynamic Web Design Made Easy (David Powers), if you venture into this.

Well the file you have above there is email.php, so can you check in your scripts folder if you can find mail.php? You need to make sure the email.php and mail.php are both in the same folder.

Hey buddy, it would be wise getting a copy of Larry's other book PHP and MySQL for Dynamic Web Sites Fourth Edition, this actually has a lot of answers to these questions you are asking here. The book you are working through here did assume you has knowledge from the book i am mentioning now.

Tuesday, August 21, 2012 I have finished off my whole user registration system as of today, the whole password reset system was also completed. I have coded the password reset system in the way that once you click on the link in the email after requesting a reset you are redirected to a page of the site in which you have to enter your new password also confirming. Well everything works and i am quite impressed. I have not written up much on my diary recently as i have been building my own object orientated mvc framework, i am also building wrapper classes to handle most common tasks including form handling, sessions, page redirects, validation and authentication etc. I can see this code i have written is not exactly professional especially for the web site i want to build. There is one last part i would like to build with the normal procedural code, that is a user product listing page, so users can add products to the website associated to them. I will build this to gain the last practice experience. I have decided after i have built my own OOP mvc to see how this system works 100% i am going to start learning the Yii framework as then it will be something i appreciate to use. I personally don't see the point in using your own MVC as i am really not here to fix bugs and neither have the time to do it. So i am strong with going with the Yii framework and letting them deal with the framework development and bugs. Larry's Yii tutorials will be out end of Sept so i will be getting fired up now for these, i will also try to work through Agile Web Application Development with yii 1.1 and PHP5 just before these come out. But anyway before i do any yii, the best way is to make a small practice MVC oop framework to see how it works, would advise that to anyone before starting to use a framework such as Yii or Codeignitor. Okay will be back to let you know how i get on with the product listing page will be starting this one tomorrow.

I was looking more into this password reset token, either you could make a separate table to hold token values which would expire within a certain time. Or you could add a token for password reset into the users table. If you were going to create a token from the information of the user this would be unsafe and leave room for someone to try to figure out how the code was generated. So the safe way seems to be adding in another separate table for this and using md5 randomly generated tokens, or just adding an extra column to users. Anyone have any more idea's on this?

Finding a PHP framework might be a good idea so you can get on with building the functionality of your website rather than fixing known bugs. Codeignitor for starting and Yii for advanced users are two good php frameworks to take a look at.

By the i have decided to use your method, i agree on what you are saying, copying and pasting a password you don't like is just not nice. And then you have 2nd factor of having to log in and find the password change section on the site we takes more time. Yes i am going with this method, thanks for helping me clear up my thoughts on this one. Its very important we give the user vip service.

Yes i know its token but i just called it a hash. I was thinking of adding in a extra column in the users table for the password reset random token to go in. It would be good if we could use the activation code column but that part would already be set to NULL. I noticed on other sties that even when you requested your password you could still log in so they were definitely not using the activation code column. Antonio are using MVC framework for your site or building your own? I am going to work on a little more on my site then i will convert all over into my own mvc framework, which i am currently building.

Thanks for both your comments but what about the hash value what could that be generated from possibly the current password?

I am working on a forgot password page, there are two ways to go about this. 1. Send a new password to their email, so they can use it to sign back in and change password later. 2. Send a link to their email, in which the user can click to come back in be directed to the change password page. Which do you think is better and why? I saw some websites sending a link to your email like this to be sent back to the change password page: www.examplewebsite.com/reset_password/01b304a2-cb8d-4c4f-9468-8d3fbda3c0fe$username=exampleusername So what would that hash value be compared against, would we need a new column in our database user table for this? It seems to me that it would be a whole lot easier doing things the Larry way and just having a password sent directly to their account.

So does anyone know why a sha256 needs 64 characters to store in the database as VARBINARY? And 32 is not enough? How many Varbinary would we also need if we wanted to store a SHA512 so i can compare your reasoning, anyone have any insights on this one?

Larry told us in the book it was a developers trick to use varbinary as it saved space. That's why used it.

Okay I see your point next time I will make an open question, so everyone can answer.

Sorry are you trying to help me, really I wasn't aware if I was doing something wrong. I got stuck for 1 hour that's why I posted this up.

Antonio: Yes done is better than perfect, i don't think anyone would have their version 1 code later on, all would be changed i am definite. I like your idea of the TODO comments that was better than my idea on making a separate sheet, ill start to do that now. Here is a sample of my username code. // Create array of inappropriate words: $banned_words = array ('badword', 'badword2', 'badword3', 'badword4', 'badword5', 'badword6', 'badword7'); // Create string for using in Perl-Compatible Regular Expression $banned_words_str = implode ("|", $banned_words); // Check for a valid username: if (preg_match ('/^[A-Z0-9_]{4,20}$/i', $_POST['username'])) { if (preg_match ("/$banned_words_str/", $_POST['username'])) { $reg_errors['username'] = 'Your username must not contain inappropriate language!'; } else { if (preg_match ("/brandname/", $_POST['username'])) { $reg_errors['username'] = "The username must not contain the word 'brandname'!"; } else { $username = $mysqli->real_escape_string(trim($_POST['username'])); } } } else { $reg_errors['username'] = 'Please enter a valid username!'; } I am using regular expression Antonio for almost all my inputs apart from selects which already have preset values. Usernames can have lowercase letters uppercase letters and underscores. Passwords must have uppercase letters, lowercase letters and numbers. (Just realized I may have made a mistake here, username is supposed to be lowercase) Password is saved to the database with hashed SHA256. I do kind of agree with you with frameworks, i think its good to get your hands dirty with all the basics first, they do come with their fair share of problems even though things appear to look easy. I don't really want to make a blog or write about this stuff to gain fame or popularity, if i wanted i could make like youtube video's that would be better than a blog. I just like to make my diary here because its where i have learned my base from here, i know other people here are using similar coding and its easier to deal with the problems on this forum. Saturday, August 11, 2012 Completed the log in page, once user has signed in they will be automatically directed to the index.php, that is just for now. I had some problems with the password being typed into the log in forum not matching the password in the database, i was using a hashed SHA256. In the database i had the password column as VARBINARY(32), but this was only holding half of the encrypted value, it needed a full VARBINARY(64) to work. So i made the necessary updates and now all is working.

I found out the the VARBINARY(32) for the pass field is wrong and should be VARBINARY(64), i was just making my log in page and it was not working due to this small error. SHA256 needs 64, 32 is only half of its output.

You will need to be on a live host to receive an email but there is also chance that Yahoo could blacklist it if server is unknown.

It's funny I missed the { and Larry missed the $.

Ah you need to put a $ sign in front of body.

What is the error message now, can you confirm with us what you have on that line?

Thank you Larry.

I don't really want to bring up the past especially after i already made a formal apology which was accepted, i can't keep people on the forum they can leave at their own free will. I appreciate you spending the time to right this long lengthy response, you have your points but i also have mine. May be i didn't want to write openly because i didn't know who i was writing to and i wanted to get the opinion only from someone i knew here had more experience. There is that and there is your point about helping others and everyone benefits, well we are left with the point that this place is yours, so i must follow your rules, like if i was in your home i would probably have to take of my shoes before i came in? Larry I want to have a good weekend coding my project and i hope you will get some rest too, i will follow your rules. Please no more disagreements between us. Your Forum Friend Edward.

In the time i have been learning also or in any faculty did i ever get warned for discussing the topics I was learning to find one's expression in order to tailor my own view points. I only wrote PM's to be members here as they were reading your books also, so i wanted to know what they thought about these things. I don't know anyone locally or have any friends that do programming, so here is the only place i can ask them. I mean what else could i do make a form post saying "Hartley San - Your Views on MVC Please", i thought that would of been less appropriate, since most of the forums are only for asking questions about the books. I can see members here hanging around for a while then later disappearing, and others like Antonio, Hartley San and me that hang around, for me these are people of value and their opinions on coding counts for me. Who knows what happens to the others maybe they move on learn more, or maybe they just give up, who knows. With regards to people being strangers here, is that what we really are, how long do you call someone a stranger for before you can say you know them? Don't some of us have any value here? I understand we all need to make money, i also think to myself, what is the point of answering other people's questions, i don't even know who they are so why should i waste mine time with them? It all has to come down to having a good enough spirit to answer, so i do my part like you do but when the time is right, or i can get an answer in with Hartley San always beating me to it. I will abide by your rules, next time i will edit my first post if i have to write in an update, ill mark it in red. I really need you and need to be a part of this forum, i like to write my project diary, it helps me to keep focused, and i hope it may help others.

Friday, August 10, 2012 I have managed to get sessions working, so after a user completes their registration in the activate.php, they are automatically logged in. Here is a sample of the code up to the redirect, i am also using output buffers in my code to eliminate the header already sent error. // Set session and cookies $_SESSION['user_id'] = $user_id; $_SESSION['first_name'] = $first_name; // Delete the buffer. ob_end_clean(); // Redirect user to index.php header("Location: http://localhost/myprojectname/index.php"); exit(); // Quit the script. This code is okay for beginners but it starting to bother me a little due to the fact i have a lot of common code starting to repeat itself. I have decided to start my own Object-Orientated MVC framework which i will start tomorrow, i will also be working on classes for User, Session, Database etc to tidy up code. I am also aware that myself as individual eventually will not be able to deal with all the coding problems single handedly, therefore i will definitely need to pick a ready built framework to work into like Yii. With regards to the OOP MVC i would like to build my own model so i can understand how the model works which would give me more confidence for moving onto a professional framework like Yii. I am also planning to have two versions of my project build, one in my own code and one later built into Yii, the reason for this is because i can test what actually happens the normal way before it is run through any yii extended classes or methods. Okay apart from this my project plans for tomorrow are to work on the login.php page, if i am to get that done i still have the password reset page, password change page, log out page to work on.

I apologize about the other post, i was really trying my best to get my project done, i saw you answer more recent people's posts but saw you ignored mine. I have 10 warning points, are these really necessary, i have helped some of your people today and yesterday, what have i done to deserve that?