Jump to content
Larry Ullman's Book Forums

Jacques

Members
  • Posts

    70
  • Joined

  • Last visited

Jacques's Achievements

Newbie

Newbie (1/14)

  • Week One Done Rare
  • One Month Later Rare
  • One Year In Rare

Recent Badges

0

Reputation

  1. Hi Larry, Thank you very much for taking the time to explain the implementation details. Hopefully I can get my head around it! Kind regards.
  2. Thank you for your response Larry. If you could perhaps offer some guidance in terms of how you would approach such a subscription model, it would be much appreciated. Kind regards.
  3. Hi Larry, I want to offer different subscription plans on my virtual products site (free, basic, standard and premium) that would limit subscribers to a number of views. Should I use the virtual subscription model (Part 2) and adapt it, or use the shopping cart model (Part 3)? Regards.
  4. Hi Larry, Thank you very much for your answer. What you explained makes perfect sense so I will exclude the duplicate login for the project. Regards.
  5. Hi Larry, I want to manage logins to disallow duplicate logins so that one subscriber can't use another subscriber's login credentials to log in simultaneously. I was thinking of adding a "logged_in" ENUM column to the user table with values "Yes" and "No". The value is set to "Yes" when the user logs in and to "No" when the user logs out. But if the user just closes the browser window without logging out via the website, that would create an issue when the user tries to log in again. Your thoughts on this will be much appreciated. Regards.
  6. Thank you very much for your answer Larry. Of course it makes perfect sense to me now!
  7. Hi Larry, Thank you very much for your response. I changed the innodb_log_file_size and innodb_log_file_size in the my.ini text file as recommended in the StackOverflow article without any success. Changing the storage engine from InnoDB to MyISAM seems to have solve the issue so should I just continue with MyISAM? If I run into issues with MyISAm I will have to switch the columns and the rows as you suggested. Regards.
  8. Hi Larry, Thank you for your guidance. The query from the code above calls all the users, languages and time zones from their respective tables so no wonder the script didn't execute! The correct query is: $q = "SELECT a.user_id, u.type, u.email, LEFT(u.first_name,1) AS icon, CONCAT(u.first_name, ' ', u.last_name) AS name, u.lang_id, u.timezone_id FROM access_tokens AS a INNER JOIN users AS u ON u.id=u.id WHERE a.token=? AND a.user_id=u.id AND a.date_expires>NOW()"; The script now executes and stores the correct sessions. Just one last question if I may: Should I generate a session id for an admin user within the reset.php script or let the admin user first reset his or her password via the link and then sign out and sign in again through the signin.php page which will generate the admin session? My main concern is security.
  9. Hi Larry, I have incorporated the language part of the forum project into my e-commerce site. I have however ran into issues with MySQL/MariaDB regarding the number of word columns representing the translatable words for the site (over 250 so far). I get the following database error: "Warning: #139 Row size too large (> 8126). Changing some columns to TEXT or BLOB or using ROW_FORMAT=DYNAMIC or ROW_FORMAT=COMPRESSED may help. In current row format, BLOB prefix of 768 bytes is stored inline." Do you have any suggestions on a different approach maybe as having so many columns in a database table is probably not a good idea? Thank you.
  10. Hi Larry, Thank you very much for your response. I updated the query and it doesn't give the "ambiguous" error anymore, but it now gives the following user reset error: "Either the provided token does not match that on file or your time has expired. Please resubmit the "Forgot your password?" form." The script does insert a new token and the correct date/time into the "access_tokens" table. I also checked the query again and couldn't find any errors. My script is included below. Your thoughts would be much appreciated. Thank you. <?php // Require the configuration before any PHP code as the configuration controls error reporting: require('includes/config.inc.php'); // The config file also starts the session. // Redirect invalid user: if (isset($_SESSION['user_id'])) { $url = 'index.php'; // Define the URL. header("Location: $url"); exit(); // Quit the script. } // Require the database connection: require(MYSQL); // Include the page title: $page_title = $words['reset_page_title_1']; // Include the HTML header file: include('templates/header.html'); // For storing reset error only: $reset_error = ''; // For storing password errors: $pass_errors = array(); if (isset($_GET['t']) && (strlen($_GET['t']) === 64) ) { // First access $token = $_GET['t']; // Fetch the user ID: $q = "SELECT a.user_id, u.email, LEFT(u.first_name,1) AS icon, CONCAT(u.first_name, ' ', u.last_name) AS name, l.lang, t.timezone FROM access_tokens AS a INNER JOIN users AS u ON u.id=u.id INNER JOIN languages AS l ON l.id=l.id INNER JOIN timezones AS t ON t.id=t.id WHERE token=? AND a.date_expires>NOW()"; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 's', $token); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); if (mysqli_stmt_num_rows($stmt) === 1) { mysqli_stmt_bind_result($stmt, $user_id, $email, $icon, $name, $lang_id, $timezone_id); mysqli_stmt_fetch($stmt); // Create a new session ID: session_regenerate_id(true); $_SESSION['user_id'] = $user_id; // Store the data in a session: //$_SESSION['user_id'] = $user_id; $_SESSION['email'] = $email; $_SESSION['icon'] = $icon; $_SESSION['name'] = $name; $_SESSION['lid'] = $lang_id; $_SESSION['timezone'] = $timezone_id; // Clear the token: $q = 'DELETE FROM access_tokens WHERE token=?'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 's', $token); mysqli_stmt_execute($stmt); } else { $reset_error = '<div class="reset my-5"> <div class="reset-header text-center"> <i class="fas fa-lock fa-4x"></i> <h2 class="display-5 my-2 font-weight-normal">' . $words['reset_message_1'] . '</h2> <p class="my-3 font-weight-normal text-center">' . $words['reset_message_2'] . '</p> </div> </div>'; } mysqli_stmt_close($stmt); } else { // No token! $reset_error = '<div class="reset my-5"> <div class="reset-header text-center"> <i class="fas fa-lock fa-4x"></i> <h2 class="display-5 my-2 font-weight-normal">' . $words['reset_error_1'] . '</h2> <p class="my-3 font-weight-normal text-center">' . $words['reset_error_2'] . '</p> </div> </div>'; } // If it's a POST request, handle the form submission: if (($_SERVER['REQUEST_METHOD'] === 'POST') && isset($_SESSION['user_id'])) { // Okay to change password: $reset_error = ''; // Check for a password and match against the confirmed password: if (preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!@#\$%\^&\*])(?=.{12,})^/', $_POST['pass1']) ) { if ($_POST['pass1'] == $_POST['pass2']) { $p = $_POST['pass1']; } else { $pass_errors['pass2'] = $words['reset_validation_1']; } } else { $pass_errors['pass1'] = $words['reset_validation_2']; } if (empty($pass_errors)) { // If everything's OK. // Define the query: $q = 'UPDATE users SET pass=? WHERE id=? LIMIT 1'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 'si', $pass, $_SESSION['user_id']); $pass = password_hash($p, PASSWORD_BCRYPT); mysqli_stmt_execute($stmt); if (mysqli_stmt_affected_rows($stmt) === 1) { // Send a confirmation email: $email = ($_SESSION['email']); $body = $words['reset_email_1']; $body = wordwrap ($body,70); mail($email, $words['reset_email_2'], $body, 'FROM: ' . SEND_EMAIL); // Let the user know the password has been changed: echo '<div class="reset my-5"> <div class="reset-header text-center"> <i class="fas fa-lock fa-4x"></i> <h2 class="display-5 my-2 font-weight-normal">' . $words['reset_message_3'] . '</h2> <p class="my-3 font-weight-normal text-center">' . $words['reset_message_4'] . '</p> </div> </div>'; include('templates/footer.html'); // Include the HTML footer file. exit(); } else { // If it did not run OK. trigger_error('<div class="reset my-5"> <div class="reset-header text-center"> <i class="fas fa-lock fa-4x"></i> <h2 class="display-5 my-2 font-weight-normal">' . $words['reset_error_3'] . '</h2> <p class="my-3 font-weight-normal text-center">' . $words['reset_error_4'] . '</p> </div> </div>'); } mysqli_stmt_close($stmt); } // End of empty($pass_errors) IF. } elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { $reset_error = '<div class="reset my-5"> <div class="reset-header text-center"> <i class="fas fa-lock fa-4x"></i> <h2 class="display-5 my-2 font-weight-normal">' . $words['reset_error_5'] . '</h2> <p class="my-3 font-weight-normal text-center">' . $words['reset_error_6'] . '</p> </div> </div>'; } // End of the form submission conditional. // If it's safe to change the password, show the form: if (empty($reset_error)) { // Requires the form functions script, which defines create_form_input(): require_once('includes/form_functions.inc.php'); echo '<form class="reset my-5" action="reset.php" method="post" accept-charset="utf-8"> <div class="reset-header text-center"> <i class="fas fa-lock fa-4x"></i> <h2 class="display-5 my-2 font-weight-normal">' . $words['reset_form_1'] . '</h2> <p class="my-3 font-weight-normal text-center">' . $words['reset_form_2'] . '</p> </div>'; create_form_input('pass1', 'password', '', $pass_errors, array('placeholder'=>$words['reset_form_3'])); echo '<small class="form-text text-muted">' . $words['reset_form_4'] . '</small>'; create_form_input('pass2', 'password', '', $pass_errors, array('placeholder'=>$words['reset_form_5'])); echo '<input type="submit" name="submit_button" value="' . $words['reset_form_6'] . '" id="submit_button" class="btn btn-lg btn-block btn-custom" /> </form>'; } else { echo '<div class="reset my-5"> <div class="reset-header text-center"> <i class="fas fa-lock fa-4x"></i> <h2 class="display-5 my-2 font-weight-normal">' . $reset_error . '</h2> <p class="my-3 font-weight-normal text-center">' . $reset_error . '</p> </div> </div>'; } // Include the HTML footer file. include('templates/footer.html'); ?>
  11. Hi Larry, I changed the database query from the original in your reset_password.php script to the below query in order to get the values to assign to the user's sessions when the URL signs the user in. I get the following error (Column 'date_expires' in where clause is ambiguous) because the users table also has a 'date_expires' column. What alias should I use on 'date_expires'? I tried (a.date_expires>NOW() FROM access_tokens AS a) but it obviously didn't work and couldn't find anything useful on the net. Any suggestions would be much appreciated. $q = "SELECT a.user_id, u.email, LEFT(u.first_name,1) AS icon, CONCAT(u.first_name, ' ', u.last_name) AS name, l.lang, t.timezone FROM access_tokens AS a INNER JOIN users AS u ON u.id=u.id INNER JOIN languages AS l ON l.id=l.id INNER JOIN timezones AS t ON t.id=t.id WHERE token=? AND date_expires>NOW()";
  12. Hi Larry, Thank you for your response. I changed the $_POST to assign the value for each form field with: value="' . $row[0] . '", value="' . $row[1] . '" etc. All the input form fields display the correct data from the database as previously, except for the select fields. The select fields also now also gives the following error: (An error occurred in script 'C:\xampp\htdocs\...' on line 246: Trying to access array offset on value of type null). When I assign the select value to an input field, the correct data is displayed in the field. I couldn't find anything helpful on Stack Overflow.
  13. Hi Larry, Please accept my apology for wasting your time. I got the query for checking for the unique email wrong as I left out the "!" when checking the email against the user_id. I fixed that and the query and script executes perfectly now. Sorry again, and thanks for your prompt response and excellent forum!
  14. Hi Larry, I opted for option A and it works perfectly. Thank you for the great and continued support for your books through this forum! Regards.
×
×
  • Create New...