Edward

Would of love to have gone, but London is so far away from me!

Ive spotted a small bug, there are two forum links in the navigation bar. Let me add to this, there is duplicate members appearing also.

Yes that is true the email will show already registered, so you need to do a check on whether it is the actual user changing this email and if so that allow change. The above code really needs to be completely rewritten.

What updates should we notice? I noticed you have a twitter link button in the header and some new options in the bottom right for high reputation posting etc.

We need to make it a rule of the thumb, when something doesn't work on MySQL check the "php.ini" file.

Well half was through the php script you have // Test for unique email address: $q = "SELECT id FROM users WHERE email='$e' AND id={$_SESSION['user_id']}"; $r = @mysqli_query($connect, $q); if (mysqli_num_rows($r) == 0) { therefore if the email address is found in the users TABLE the below script will not run, as mysql has to return zero rows to continue into while loop.

Hi fappong, you are quite correct this method is not secure but these were only some basic examples mentioned in chapter 10 if you just keep working through the book, once you get up to chapter 18, the User Registration Example most of your questions will be answered. Yes you are right sessions or even database stored sessions would be the most secure way of storing information. Keep reading, keep reading..

Well if you were uploading photo's to a server directory for a common website you would store the directory locations for each image in its own Image table with a image_id primary key, so they could be located. So rather than scanning the directory to find the actual image names, you could just run a SQL SELECT query on the image table itself to see if you can find matching rows.

Glad to hear you found the solution, and thanks for posting it up here for us.

You have good concentration, i can probably make it about 1 hour 15 minutes before my mind starts drifting off a book. Ive had hazelnut and strawberry mixed in with coffee before, vanilla sounds tasty.

My father smokes a pipe so i generally stay away from tobacco and related stuff, but thanks for the knowledge is nice to hear about it. That's awesome Norway, Sweden, Iceland, Denmark and the Netherlands are top of the chart for coffee consumption, i knew i had the Norwegian in me. Ha Where i am right now its the opposite to you we have whether between 30 - 40 degrees, and we drink Ice Latte Espressos, one day you gotta try one of these.

You could generate the salts from the email rather than the username, haha, before the '@' Semantic. You could also concatenate the username and email to create the salts. Some servers they can protect against brute force attacks on passwords, its pretty much impossible to get through with that.

Ive just been testing it now you can add the zero to it and it creates a string, but if you remove the (')s the object will be treated as a number. var todayMinutes = '0' + today.getMinutes(); Result of 029 var todayMinutes = 0 + today.getMinutes(); Result of 29

Its a similar thing with me i like to get some after waking up to pick myself up. My favorite brand is SegaFredo Espresso its an Arabica mix, its one of the strongest coffee's, ive also got the illy but don't like it too much. Arabica is good also as it can help to prevent cancer. I know some people here that drink the coffee up till going to sleep but me i just do one morning and midday. I don't smoke, hey i have never seen any Norwegian's chewing tabacco? That's cool Larry, i knew there must be something else behind finishing those 22 books that you done. Can you tell me Larry, what is the big think about Blue Bottle coffee over there, is it any good?

The last avatar i had up was Alone in the Dark 2 but i took it down because i thought it was a little too violent for this forum, Carnby holding the guns etc. The avatar i have up now is from Alone in the Dark 1 in the ballroom. Yes i really like Alone in the Dark 1 - 3, especially the 2nd, its just a plain and simple game, nothing so fast and complicated as they are today. A good website to register for old games is http://www.gog.com/, i got a few good oldies off there.

Actually i think i know the solution to this problem. Okay you need to access your User Model the ActiveRecord, then just modify the rules, i will show some sample code where i have done this before: public function rules() { // NOTE: you should only define rules for those attributes that // will receive user inputs. return array( array('email, username, password', 'required'), array('email, username, password', 'length', 'max'=>256), array('email, username', 'unique'), array('password', 'compare'), array('password_repeat', 'safe'), // The following rule is used by search(). // Please remove those attributes that should not be searched. array('id, email, username, password last_login_time, create_user_id, update_time, update_user_id', 'safe', 'on'=>'search'), ); } So you see the part in the code array('email, username', 'unique') email and username have been declared as unique therefore only one email and username can occur in the model.

If you have not done so already, it may worth posting here http://www.yiiframework.com/forum/. There are occasion bugs in frameworks, so it would be worth asking about this on the yii forum also to see if anyone can help you.

Yes, but these are open source solutions, so everyone can see their techniques and lessens the security. For our own web application's is that what we really want, to be like everyone else in the market, or or would it not better to take a few steps back and consider how we can customize our own security solution, leaving a few question marks floating above foreheads. I don't know if you saw my post the other day about what is the point of having 10 locks on the door if the keys are under the doormat, allow me to elaborate, its a bit like that, the hardest part for is where and how to hide the keys.

Well i can somewhat see your point, in some occasions like if we use jquery we should be able to trust the functions work correctly, but in other situations like in the Yii framework, things may not work correctly. I think its better we keep our eye's open at all times, just in the case that something isn't working the way we expect and we fall into the trap, i don't have as much faith as you AC.

I just looked this up in Larry's book, okay != (also <>) Both mean Not equal to, There you go Hartley San.

Ive used != quite a bit in the recent exercises i was doing, possibly this is because mysql could have different functions to other SQL software, there is also mssql for example!

I just run this query on my users database with the mysql phpmyadmin SELECT user_id FROM users WHERE user_id != 2 AND email = 'example@email.com' I got success with it Showing rows 0 - 0 ( 1 total, Query took 0.0006 sec)

I am a coffee drinker myself and i wondered if there were others here that like to have a coffee? If so what kind of brands do you like to drink?

It's actually worth taking a look at some of the well know eCommerce (virtue mart, magento, zen cart, os commerce, presta shop) and message boards (vbulletin, phpbb) setups, you can see in phpmyadmin how all their databases are setup and also the view the mysql datatype's they are using. That way you can can possibly get some tips from them on making your databases. Ive seen vbulletin have the salts inside the users table, the same as Larry is mentioning here.

Sorry your right unless i have a full explanation, i shouldn't of bothered saying anything at all, these guys are already better than me.