Jump to content
Larry Ullman's Book Forums

Jacques

Members
  • Content Count

    67
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Jacques

  • Rank
    Advanced Member
  1. Hi Larry, Thank you very much for your answer. What you explained makes perfect sense so I will exclude the duplicate login for the project. Regards.
  2. Hi Larry, I want to manage logins to disallow duplicate logins so that one subscriber can't use another subscriber's login credentials to log in simultaneously. I was thinking of adding a "logged_in" ENUM column to the user table with values "Yes" and "No". The value is set to "Yes" when the user logs in and to "No" when the user logs out. But if the user just closes the browser window without logging out via the website, that would create an issue when the user tries to log in again. Your thoughts on this will be much appreciated. Regards.
  3. Thank you very much for your answer Larry. Of course it makes perfect sense to me now!
  4. Hi Larry, Thank you very much for your response. I changed the innodb_log_file_size and innodb_log_file_size in the my.ini text file as recommended in the StackOverflow article without any success. Changing the storage engine from InnoDB to MyISAM seems to have solve the issue so should I just continue with MyISAM? If I run into issues with MyISAm I will have to switch the columns and the rows as you suggested. Regards.
  5. Hi Larry, Thank you for your guidance. The query from the code above calls all the users, languages and time zones from their respective tables so no wonder the script didn't execute! The correct query is: $q = "SELECT a.user_id, u.type, u.email, LEFT(u.first_name,1) AS icon, CONCAT(u.first_name, ' ', u.last_name) AS name, u.lang_id, u.timezone_id FROM access_tokens AS a INNER JOIN users AS u ON u.id=u.id WHERE a.token=? AND a.user_id=u.id AND a.date_expires>NOW()"; The script now executes and stores the correct sessions. Just one last question if I may: Should I generate a session id for an admin user within the reset.php script or let the admin user first reset his or her password via the link and then sign out and sign in again through the signin.php page which will generate the admin session? My main concern is security.
  6. Hi Larry, I have incorporated the language part of the forum project into my e-commerce site. I have however ran into issues with MySQL/MariaDB regarding the number of word columns representing the translatable words for the site (over 250 so far). I get the following database error: "Warning: #139 Row size too large (> 8126). Changing some columns to TEXT or BLOB or using ROW_FORMAT=DYNAMIC or ROW_FORMAT=COMPRESSED may help. In current row format, BLOB prefix of 768 bytes is stored inline." Do you have any suggestions on a different approach maybe as having so many columns in a database table is probably not a good idea? Thank you.
  7. Hi Larry, Thank you very much for your response. I updated the query and it doesn't give the "ambiguous" error anymore, but it now gives the following user reset error: "Either the provided token does not match that on file or your time has expired. Please resubmit the "Forgot your password?" form." The script does insert a new token and the correct date/time into the "access_tokens" table. I also checked the query again and couldn't find any errors. My script is included below. Your thoughts would be much appreciated. Thank you. <?php // Require the configuration before any PHP code as the configuration controls error reporting: require('includes/config.inc.php'); // The config file also starts the session. // Redirect invalid user: if (isset($_SESSION['user_id'])) { $url = 'index.php'; // Define the URL. header("Location: $url"); exit(); // Quit the script. } // Require the database connection: require(MYSQL); // Include the page title: $page_title = $words['reset_page_title_1']; // Include the HTML header file: include('templates/header.html'); // For storing reset error only: $reset_error = ''; // For storing password errors: $pass_errors = array(); if (isset($_GET['t']) && (strlen($_GET['t']) === 64) ) { // First access $token = $_GET['t']; // Fetch the user ID: $q = "SELECT a.user_id, u.email, LEFT(u.first_name,1) AS icon, CONCAT(u.first_name, ' ', u.last_name) AS name, l.lang, t.timezone FROM access_tokens AS a INNER JOIN users AS u ON u.id=u.id INNER JOIN languages AS l ON l.id=l.id INNER JOIN timezones AS t ON t.id=t.id WHERE token=? AND a.date_expires>NOW()"; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 's', $token); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); if (mysqli_stmt_num_rows($stmt) === 1) { mysqli_stmt_bind_result($stmt, $user_id, $email, $icon, $name, $lang_id, $timezone_id); mysqli_stmt_fetch($stmt); // Create a new session ID: session_regenerate_id(true); $_SESSION['user_id'] = $user_id; // Store the data in a session: //$_SESSION['user_id'] = $user_id; $_SESSION['email'] = $email; $_SESSION['icon'] = $icon; $_SESSION['name'] = $name; $_SESSION['lid'] = $lang_id; $_SESSION['timezone'] = $timezone_id; // Clear the token: $q = 'DELETE FROM access_tokens WHERE token=?'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 's', $token); mysqli_stmt_execute($stmt); } else { $reset_error = '<div class="reset my-5"> <div class="reset-header text-center"> <i class="fas fa-lock fa-4x"></i> <h2 class="display-5 my-2 font-weight-normal">' . $words['reset_message_1'] . '</h2> <p class="my-3 font-weight-normal text-center">' . $words['reset_message_2'] . '</p> </div> </div>'; } mysqli_stmt_close($stmt); } else { // No token! $reset_error = '<div class="reset my-5"> <div class="reset-header text-center"> <i class="fas fa-lock fa-4x"></i> <h2 class="display-5 my-2 font-weight-normal">' . $words['reset_error_1'] . '</h2> <p class="my-3 font-weight-normal text-center">' . $words['reset_error_2'] . '</p> </div> </div>'; } // If it's a POST request, handle the form submission: if (($_SERVER['REQUEST_METHOD'] === 'POST') && isset($_SESSION['user_id'])) { // Okay to change password: $reset_error = ''; // Check for a password and match against the confirmed password: if (preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!@#\$%\^&\*])(?=.{12,})^/', $_POST['pass1']) ) { if ($_POST['pass1'] == $_POST['pass2']) { $p = $_POST['pass1']; } else { $pass_errors['pass2'] = $words['reset_validation_1']; } } else { $pass_errors['pass1'] = $words['reset_validation_2']; } if (empty($pass_errors)) { // If everything's OK. // Define the query: $q = 'UPDATE users SET pass=? WHERE id=? LIMIT 1'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 'si', $pass, $_SESSION['user_id']); $pass = password_hash($p, PASSWORD_BCRYPT); mysqli_stmt_execute($stmt); if (mysqli_stmt_affected_rows($stmt) === 1) { // Send a confirmation email: $email = ($_SESSION['email']); $body = $words['reset_email_1']; $body = wordwrap ($body,70); mail($email, $words['reset_email_2'], $body, 'FROM: ' . SEND_EMAIL); // Let the user know the password has been changed: echo '<div class="reset my-5"> <div class="reset-header text-center"> <i class="fas fa-lock fa-4x"></i> <h2 class="display-5 my-2 font-weight-normal">' . $words['reset_message_3'] . '</h2> <p class="my-3 font-weight-normal text-center">' . $words['reset_message_4'] . '</p> </div> </div>'; include('templates/footer.html'); // Include the HTML footer file. exit(); } else { // If it did not run OK. trigger_error('<div class="reset my-5"> <div class="reset-header text-center"> <i class="fas fa-lock fa-4x"></i> <h2 class="display-5 my-2 font-weight-normal">' . $words['reset_error_3'] . '</h2> <p class="my-3 font-weight-normal text-center">' . $words['reset_error_4'] . '</p> </div> </div>'); } mysqli_stmt_close($stmt); } // End of empty($pass_errors) IF. } elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { $reset_error = '<div class="reset my-5"> <div class="reset-header text-center"> <i class="fas fa-lock fa-4x"></i> <h2 class="display-5 my-2 font-weight-normal">' . $words['reset_error_5'] . '</h2> <p class="my-3 font-weight-normal text-center">' . $words['reset_error_6'] . '</p> </div> </div>'; } // End of the form submission conditional. // If it's safe to change the password, show the form: if (empty($reset_error)) { // Requires the form functions script, which defines create_form_input(): require_once('includes/form_functions.inc.php'); echo '<form class="reset my-5" action="reset.php" method="post" accept-charset="utf-8"> <div class="reset-header text-center"> <i class="fas fa-lock fa-4x"></i> <h2 class="display-5 my-2 font-weight-normal">' . $words['reset_form_1'] . '</h2> <p class="my-3 font-weight-normal text-center">' . $words['reset_form_2'] . '</p> </div>'; create_form_input('pass1', 'password', '', $pass_errors, array('placeholder'=>$words['reset_form_3'])); echo '<small class="form-text text-muted">' . $words['reset_form_4'] . '</small>'; create_form_input('pass2', 'password', '', $pass_errors, array('placeholder'=>$words['reset_form_5'])); echo '<input type="submit" name="submit_button" value="' . $words['reset_form_6'] . '" id="submit_button" class="btn btn-lg btn-block btn-custom" /> </form>'; } else { echo '<div class="reset my-5"> <div class="reset-header text-center"> <i class="fas fa-lock fa-4x"></i> <h2 class="display-5 my-2 font-weight-normal">' . $reset_error . '</h2> <p class="my-3 font-weight-normal text-center">' . $reset_error . '</p> </div> </div>'; } // Include the HTML footer file. include('templates/footer.html'); ?>
  8. Hi Larry, I changed the database query from the original in your reset_password.php script to the below query in order to get the values to assign to the user's sessions when the URL signs the user in. I get the following error (Column 'date_expires' in where clause is ambiguous) because the users table also has a 'date_expires' column. What alias should I use on 'date_expires'? I tried (a.date_expires>NOW() FROM access_tokens AS a) but it obviously didn't work and couldn't find anything useful on the net. Any suggestions would be much appreciated. $q = "SELECT a.user_id, u.email, LEFT(u.first_name,1) AS icon, CONCAT(u.first_name, ' ', u.last_name) AS name, l.lang, t.timezone FROM access_tokens AS a INNER JOIN users AS u ON u.id=u.id INNER JOIN languages AS l ON l.id=l.id INNER JOIN timezones AS t ON t.id=t.id WHERE token=? AND date_expires>NOW()";
  9. Hi Larry, Thank you for your response. I changed the $_POST to assign the value for each form field with: value="' . $row[0] . '", value="' . $row[1] . '" etc. All the input form fields display the correct data from the database as previously, except for the select fields. The select fields also now also gives the following error: (An error occurred in script 'C:\xampp\htdocs\...' on line 246: Trying to access array offset on value of type null). When I assign the select value to an input field, the correct data is displayed in the field. I couldn't find anything helpful on Stack Overflow.
  10. Hi Larry, Please accept my apology for wasting your time. I got the query for checking for the unique email wrong as I left out the "!" when checking the email against the user_id. I fixed that and the query and script executes perfectly now. Sorry again, and thanks for your prompt response and excellent forum!
  11. Hi Larry, I opted for option A and it works perfectly. Thank you for the great and continued support for your books through this forum! Regards.
  12. Hi Larry, I want to assign the value from $_POST['lang'] = $row[3]; to the below select form, but can't get it to work. Any recommendations? Thank you! // Language drop down menu: echo '<div class="form-group'; if (array_key_exists('lang', $profile_errors)) echo ' has-error'; echo '"><select name="lang" id="lang" class="form-control"> <option>' . $words['profile_form_6'] . '</option>'; // Retrieve all the languages and add to the pull-down menu: $q = "SELECT id, lang FROM languages WHERE status='Active' ORDER BY lang ASC"; $r = mysqli_query($dbc, $q); if (mysqli_num_rows($r) > 0) { while ($row = mysqli_fetch_array($r, MYSQLI_NUM)) { echo "<option value=\"$row[0]\""; // Check for stickyness: if (isset($_POST['lang']) && ($_POST['lang'] == $row[0]) ) echo ' selected="selected"'; echo ">$row[1]</option>\n"; } } mysqli_free_result($r); echo '</select>'; if (array_key_exists('lang', $profile_errors)) echo '<span class="help-block">' . $profile_errors['lang'] . '</span>'; echo '</div>';
  13. Hi Larry, My logout message "You are now logged out." from my logout.php script (below) reverts back to the default language (English) when the user logs out. How do I get the $_SESSION['lid'] = $row['lang_id'] to remain valid until just after the user logged out so that the logout message displays in the user's selected language? Thank you. <?php /* This script: - is the sign out page for the site. - calls the configuration script. - redirects invalid users. - opens the database connection. - destroys the variables, session and cookie. */ // Require the configuration before any PHP code as the configuration controls error reporting: require('includes/config.inc.php'); // The config file also starts the session. // Redirect invalid user: if (!isset($_SESSION['user_id'])) { $url = 'index.php'; // Define the URL. header("Location: $url"); exit(); // Quit the script. } // Destroy the session: $_SESSION = array(); // Destroy the variables. session_destroy(); // Destroy the session itself. setcookie (session_name(), '', time()-300); // Destroy the cookie. // Require the database connection: require(MYSQL); // Include the page title: $page_title = $words['signout_page_title_1']; // Include the HTML header file: include('templates/header.html'); // Print a message: echo '<h2 class="display-5 my-2 font-weight-normal">' . $words['log_out_message'] . '</h2>'; // Include the HTML footer file: include('templates/footer.html'); ?>
  14. Hi Larry, I want to update a user's data where the unique email will either be updated or not. Using the script as it stands, the email has to be updated for the script to execute successfully. Do you have any suggestions on how to approach this because I can't figure out for the life of me if it would be done with validation or a database query or a combination of both? Thank you.
×
×
  • Create New...