Jump to content
Larry Ullman's Book Forums

Jacques

Members
  • Posts

    75
  • Joined

  • Last visited

Everything posted by Jacques

  1. Thank you for your response Larry, I will fiddle with it a bit. Best regards.
  2. Hi Larry, Thank you very much for your response. Unfortunately I couldn't get it to work yet. If I remove the $bn variable from the IF conditional (to test), the query executes but doesn't set the NULL (default value) in the business_name field in the database. Is that correct? Or could you suggest a way to check for either $bn values in the IF conditional? Best regards.
  3. Hi Larry, Please accept my sincere apology for wasting your time by adding the wrong code. The code above included an alternative solution that I found, but I prefer to use your code and solution as below. I tested only the business_name column in the database by inserting the NULL value via the Xammp MariaDB SQL console, and the query executed and inserted the NULL value. Below please find the actual code from your code examples. Thank you. <?php /* * Script: signup.php * Modified: 03-18-2022 * Frontend: HTML5 & CSS3 * Backend: PHP 7 * Database: MariaDB 10 */ /* This script: - is the sign up page for the application. - calls the configuration script. - redirects invalid users. - opens the database connection. - displays, validates and processes the sign up form. */ // Require the configuration before any PHP code as the configuration controls error reporting: require('includes/config.inc.php'); // The config file also starts the session. // If an id session variable exists, redirect the user: if (isset($_SESSION['user_id'])) { $url = 'dashboard.php'; // Define the URL. ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } // Require the database connection: require(MYSQL); // Include the page title: $page_title = $words['words200']; // Include the HTML header file: include('templates/header.html'); // Look for a form submission: if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Trim all the incoming data: $trimmed = array_map('trim', $_POST); // Assume invalid values: $fn = $ln = $bn = $c = $s = $e = $p = FALSE; // Look for a first name: if (preg_match('/^[A-Z \'.-]{2,40}$/i', $trimmed['first_name'])) { $fn = mysqli_real_escape_string($dbc, $trimmed['first_name']); } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words201'] . '</p> </div>'; } // Look for a last name: if (preg_match('/^[A-Z \'.-]{2,40}$/i', $trimmed['last_name'])) { $ln = mysqli_real_escape_string($dbc, $trimmed['last_name']); } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words202'] . '</p> </div>'; } // Look for a business name (not required): if (empty($trimmed['business_name'])) { $bn = NULL; } elseif (preg_match('/^[A-Z0-9 \',.#-]{2,80}$/i', $trimmed['business_name'])) { $bn = mysqli_real_escape_string($dbc, $trimmed['business_name']); } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words203'] . '</p> </div>'; } // Look for a country: if (isset($_POST['country']) && filter_var($_POST['country'], FILTER_VALIDATE_INT, array('min_range' => 1)) ) { $c = $_POST['country']; } else { // No country selected. echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words204'] . '</p> </div>'; } // Look for a state: if (isset($_POST['state']) && filter_var($_POST['state'], FILTER_VALIDATE_INT, array('min_range' => 1)) ) { $s = $_POST['state']; } else { // No state selected. echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words205'] . '</p> </div>'; } // Look for an email address: if (filter_var($trimmed['email1'], FILTER_VALIDATE_EMAIL)) { if ($trimmed['email1'] == $trimmed['email2']) { $e = mysqli_real_escape_string($dbc, $trimmed['email1']); } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words206'] . '</p> </div>'; } } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words207'] . '</p> </div>'; } // Look for a password and match against the confirmed password: if (strlen($trimmed['password1']) >= 8) { if ($trimmed['password1'] == $trimmed['password2']) { $p = password_hash($trimmed['password1'], PASSWORD_DEFAULT); } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words208'] . '</p> </div>'; } } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words209'] . '</p> </div>'; } if ($fn && $ln && $bn && $c && $s && $e && $p) { // If everything's OK. // Make sure the email address is available: $q = "SELECT user_id FROM users WHERE email='$e'"; $r = mysqli_query($dbc, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($dbc)); if (mysqli_num_rows($r) == 0) { // Available. // Create the activation code: $a = md5(uniqid(rand(), true)); // Add the user to the database: $q = "INSERT INTO users (first_name, last_name, business_name, country_id, state_id, email, pass, active, date_created) VALUES ('$fn', '$ln', '$bn', '$c', '$s', '$e', '$p', '$a', NOW() )"; $r = mysqli_query($dbc, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($dbc)); if (mysqli_affected_rows($dbc) == 1) { // If it ran OK. // Send a sign up notification email: $body = "" . $words['words210'] . "\n\n" . $words['words211'] . "\n\n"; $body .= BASE_URL . 'activate.php?x=' . urlencode($e) . "&y=$a\n\n" . $words['words212'] . "\n\n" . $words['words213'] . ""; mail($trimmed['email1'], $words['words214'], $body, 'From: ' . SEND_EMAIL); // Finish the script: echo '<div class="alert alert-success" role="alert" my-3> <i class="fa-solid fa-circle-check fa-4x"></i> <h4 class="alert-heading">' . $words['words215'] . '</h4> <p class="text-md">' . $words['words216'] . '</p> </div>'; include('templates/footer.html'); // Include the HTML footer. exit(); // Stop the script. } else { // If it did not run OK. echo '<div class="alert alert-danger" role="alert" my-3> <i class="fa-solid fa-circle-exclamation fa-4x"></i> <h4 class="alert-heading">' . $words['words217'] . '</h4> <p class="text-md">' . $words['words218'] . '</p> </div>'; } } else { // The email address is not available. echo '<div class="alert alert-danger" role="alert" my-3> <i class="fa-solid fa-circle-exclamation fa-4x"></i> <h4 class="alert-heading">' . $words['words219'] . '</h4> <p class="text-md">' . $words['words220'] . '</p> </div>'; } } else { // If one of the data tests failed. echo '<div class="alert alert-danger" role="alert" my-3> <i class="fa-solid fa-circle-exclamation fa-4x"></i> <h4 class="alert-heading">' . $words['words221'] . '</h4> <p class="text-md">' . $words['words222'] . '</p> </div>'; } } // End of the main Submit conditional. ?> <!-- Sign Up Form --> <section class="slice sct-color-2 border-top border-bottom" id="signup"> <div class="container"> <div class="row justify-content-center g-5"> <div class="col-lg-7"> <div class="card form-card form-card--style-2"> <div class="form-header text-center"> <div class="form-header-icon"> <i class="fa-solid fa-user-plus"></i> </div> </div> <div class="form-body"> <div class="text-center px-2"> <h3 class="heading heading-2 strong-600 text-normal"><?php echo $words['words223'] ?></h3> </div> <p class="text-center mt-2"><?php echo $words['words224'] ?></p> <p class="text-center mt-2"><?php echo $words['words225'] ?> <a href="signin.php" class=""><?php echo $words['words226'] ?></a> </p> <form action="signup.php" method="post" class="form-signup" role="form"> <div class="row"> <div class="col-md-6"> <div class="form-group"> <input type="text" name="first_name" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['first_name'])) echo $trimmed['first_name']; ?>" placeholder="<?php echo $words['words227'] ?>" maxlength="40" required> </div> </div> <div class="col-md-6"> <div class="form-group"> <input type="text" name="last_name" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['last_name'])) echo $trimmed['last_name']; ?>" placeholder="<?php echo $words['words228'] ?>" maxlength="40" required> </div> </div> </div> <div class="row"> <div class="col-md-12"> <div class="form-group"> <input type="text" name="business_name" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['business_name'])) echo $trimmed['business_name']; ?>" placeholder="<?php echo $words['words229'] ?>" maxlength="80"> </div> </div> </div> <div class="row"> <div class="col-md-6"> <div class="form-group"> <select name="country" class="form-control form-control-lg mt-2"><option><?php echo $words['words230'] ?></option> <?php // Retrieve all the countries and add to the pull-down menu: $q = "SELECT country_id, country FROM countries WHERE lang_id={$_SESSION['lid']} AND status='Active' ORDER BY country ASC"; $r = mysqli_query($dbc, $q); while ($row = mysqli_fetch_array($r, MYSQLI_NUM)) { echo "<option value=\"$row[0]\""; // Look for stickyness: if (isset($_POST['country']) && ($_POST['country'] == $row[0]) ) echo ' selected="selected"'; echo ">$row[1]</option>\n"; } ?> </select> </div> </div> <div class="col-md-6"> <div class="form-group"> <select name="state" class="form-control form-control-lg mt-2"><option><?php echo $words['words231'] ?></option> <?php // Retrieve all the states and add to the pull-down menu: $q = "SELECT state_id, state FROM states WHERE lang_id={$_SESSION['lid']} AND status='Active' ORDER BY state ASC"; $r = mysqli_query($dbc, $q); while ($row = mysqli_fetch_array($r, MYSQLI_NUM)) { echo "<option value=\"$row[0]\""; // Look for stickyness: if (isset($_POST['state']) && ($_POST['state'] == $row[0]) ) echo ' selected="selected"'; echo ">$row[1]</option>\n"; } ?> </select> </div> </div> </div> <div class="row"> <div class="col-md-6"> <div class="form-group"> <input type="email" name="email1" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['email1'])) echo $trimmed['email1']; ?>" placeholder="<?php echo $words['words232'] ?>" maxlength="50" required> </div> </div> <div class="col-md-6"> <div class="form-group"> <input type="email" name="email2" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['email2'])) echo $trimmed['email2']; ?>" placeholder="<?php echo $words['words233'] ?>" maxlength="50" required> </div> </div> </div> <div class="row"> <div class="col-md-6"> <div class="form-group"> <input type="password" name="password1" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['password1'])) echo $trimmed['password1']; ?>" placeholder="<?php echo $words['words234'] ?>" maxlength="50" required> </div> </div> <div class="col-md-6"> <div class="form-group"> <input type="password" name="password2" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['password2'])) echo $trimmed['password2']; ?>" placeholder="<?php echo $words['words235'] ?>" maxlength="50" required> </div> </div> </div> <div class="row"> <div class="col-md-12"> <div class="form-group"> <p class="text-center mt-2"> <?php echo $words['words236'] ?> <a href="" data-toggle="modal" data-target="#privacyModal"><?php echo $words['words237'] ?></a> <?php echo $words['words238'] ?> <a href="" data-toggle="modal" data-target="#termsModal"><?php echo $words['words239'] ?></a>. </p> </div> </div> </div> <button type="submit" name="submit" class="w-100 btn btn-block btn-styled btn-base-2 mt-2"><?php echo $words['words240'] ?></button> </form> <!-- Form Auxiliary Links --> <div class="form-user-footer-links"> <div class="row"> <div class="col-6"> <p class="mt-4"> <a href="reset_password.php" class=""><?php echo $words['words241'] ?></a> </p> </div> <div class="col-6"> <p class=" text-right mt-4"> <a href="index.php" class=""><?php echo $words['words242'] ?></a> </p> </div> </div> </div> </div> </div> </div> </div> </div> </section><!-- /.sign up form --> <?php // Include the HTML footer file: include('templates/footer.html');
  4. Hi Larry, Apologies as I tried to submit more information after I realized that I hadn't provided enough, but forgot to submit it! Below is the complete signup script. Thank you. <?php /* * Script: signup.php * Modified: 03-18-2022 * Frontend: HTML5 & CSS3 * Backend: PHP 7 * Database: MariaDB 10 */ /* This script: - is the sign up page for the application. - calls the configuration script. - redirects invalid users. - opens the database connection. - displays, validates and processes the sign up form. */ // Require the configuration before any PHP code as the configuration controls error reporting: require('includes/config.inc.php'); // The config file also starts the session. // If an id session variable exists, redirect the user: if (isset($_SESSION['user_id'])) { $url = 'dashboard.php'; // Define the URL. ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } // Require the database connection: require(MYSQL); // Include the page title: $page_title = $words['words200']; // Include the HTML header file: include('templates/header.html'); // Look for a form submission: if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Trim all the incoming data: $trimmed = array_map('trim', $_POST); // Assume invalid values: $fn = $ln = $bn = $c = $s = $e = $p = FALSE; // Look for a first name: if (preg_match('/^[A-Z \'.-]{2,40}$/i', $trimmed['first_name'])) { $fn = mysqli_real_escape_string($dbc, $trimmed['first_name']); } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words201'] . '</p> </div>'; } // Look for a last name: if (preg_match('/^[A-Z \'.-]{2,40}$/i', $trimmed['last_name'])) { $ln = mysqli_real_escape_string($dbc, $trimmed['last_name']); } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words202'] . '</p> </div>'; } // Look for a business name (not required): if (empty($trimmed['business_name'])) { $bn = true; } elseif (preg_match('/^[A-Z0-9 \',.#-]{2,80}$/i', $trimmed['business_name'])) { $bn = mysqli_real_escape_string($dbc, $trimmed['business_name']); } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words203'] . '</p> </div>'; } // Look for a country: if (isset($_POST['country']) && filter_var($_POST['country'], FILTER_VALIDATE_INT, array('min_range' => 1)) ) { $c = $_POST['country']; } else { // No country selected. echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words204'] . '</p> </div>'; } // Look for a state: if (isset($_POST['state']) && filter_var($_POST['state'], FILTER_VALIDATE_INT, array('min_range' => 1)) ) { $s = $_POST['state']; } else { // No state selected. echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words205'] . '</p> </div>'; } // Look for an email address: if (filter_var($trimmed['email1'], FILTER_VALIDATE_EMAIL)) { if ($trimmed['email1'] == $trimmed['email2']) { $e = mysqli_real_escape_string($dbc, $trimmed['email1']); } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words206'] . '</p> </div>'; } } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words207'] . '</p> </div>'; } // Look for a password and match against the confirmed password: if (strlen($trimmed['password1']) >= 8) { if ($trimmed['password1'] == $trimmed['password2']) { $p = password_hash($trimmed['password1'], PASSWORD_DEFAULT); } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words208'] . '</p> </div>'; } } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words209'] . '</p> </div>'; } if ($fn && $ln && $bn && $c && $s && $e && $p) { // If everything's OK. // Make sure the email address is available: $q = "SELECT user_id FROM users WHERE email='$e'"; $r = mysqli_query($dbc, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($dbc)); if (mysqli_num_rows($r) == 0) { // Available. // Create the activation code: $a = md5(uniqid(rand(), true)); // Add the user to the database: $q = "INSERT INTO users (first_name, last_name, business_name, country_id, state_id, email, pass, active, date_created) VALUES ('$fn', '$ln', NULLIF ('$bn',''), '$c', '$s', '$e', '$p', '$a', NOW() )"; $r = mysqli_query($dbc, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($dbc)); if (mysqli_affected_rows($dbc) == 1) { // If it ran OK. // Send a sign up notification email: $body = "" . $words['words210'] . "\n\n" . $words['words211'] . "\n\n"; $body .= BASE_URL . 'activate.php?x=' . urlencode($e) . "&y=$a\n\n" . $words['words212'] . "\n\n" . $words['words213'] . ""; mail($trimmed['email1'], $words['words214'], $body, 'From: ' . SEND_EMAIL); // Finish the script: echo '<div class="alert alert-success" role="alert" my-3> <i class="fa-solid fa-circle-check fa-4x"></i> <h4 class="alert-heading">' . $words['words215'] . '</h4> <p class="text-md">' . $words['words216'] . '</p> </div>'; include('templates/footer.html'); // Include the HTML footer. exit(); // Stop the script. } else { // If it did not run OK. echo '<div class="alert alert-danger" role="alert" my-3> <i class="fa-solid fa-circle-exclamation fa-4x"></i> <h4 class="alert-heading">' . $words['words217'] . '</h4> <p class="text-md">' . $words['words218'] . '</p> </div>'; } } else { // The email address is not available. echo '<div class="alert alert-danger" role="alert" my-3> <i class="fa-solid fa-circle-exclamation fa-4x"></i> <h4 class="alert-heading">' . $words['words219'] . '</h4> <p class="text-md">' . $words['words220'] . '</p> </div>'; } } else { // If one of the data tests failed. echo '<div class="alert alert-danger" role="alert" my-3> <i class="fa-solid fa-circle-exclamation fa-4x"></i> <h4 class="alert-heading">' . $words['words221'] . '</h4> <p class="text-md">' . $words['words222'] . '</p> </div>'; } } // End of the main Submit conditional. ?> <!-- Sign Up Form --> <section class="slice sct-color-2 border-top border-bottom" id="signup"> <div class="container"> <div class="row justify-content-center g-5"> <div class="col-lg-7"> <div class="card form-card form-card--style-2"> <div class="form-header text-center"> <div class="form-header-icon"> <i class="fa-solid fa-user-plus"></i> </div> </div> <div class="form-body"> <div class="text-center px-2"> <h3 class="heading heading-2 strong-600 text-normal"><?php echo $words['words223'] ?></h3> </div> <p class="text-center mt-2"><?php echo $words['words224'] ?></p> <p class="text-center mt-2"><?php echo $words['words225'] ?> <a href="signin.php" class=""><?php echo $words['words226'] ?></a> </p> <form action="signup.php" method="post" class="form-signup" role="form"> <div class="row"> <div class="col-md-6"> <div class="form-group"> <input type="text" name="first_name" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['first_name'])) echo $trimmed['first_name']; ?>" placeholder="<?php echo $words['words227'] ?>" maxlength="40" required> </div> </div> <div class="col-md-6"> <div class="form-group"> <input type="text" name="last_name" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['last_name'])) echo $trimmed['last_name']; ?>" placeholder="<?php echo $words['words228'] ?>" maxlength="40" required> </div> </div> </div> <div class="row"> <div class="col-md-12"> <div class="form-group"> <input type="text" name="business_name" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['business_name'])) echo $trimmed['business_name']; ?>" placeholder="<?php echo $words['words229'] ?>" maxlength="80"> </div> </div> </div> <div class="row"> <div class="col-md-6"> <div class="form-group"> <select name="country" class="form-control form-control-lg mt-2"><option><?php echo $words['words230'] ?></option> <?php // Retrieve all the countries and add to the pull-down menu: $q = "SELECT country_id, country FROM countries WHERE lang_id={$_SESSION['lid']} AND status='Active' ORDER BY country ASC"; $r = mysqli_query($dbc, $q); while ($row = mysqli_fetch_array($r, MYSQLI_NUM)) { echo "<option value=\"$row[0]\""; // Look for stickyness: if (isset($_POST['country']) && ($_POST['country'] == $row[0]) ) echo ' selected="selected"'; echo ">$row[1]</option>\n"; } ?> </select> </div> </div> <div class="col-md-6"> <div class="form-group"> <select name="state" class="form-control form-control-lg mt-2"><option><?php echo $words['words231'] ?></option> <?php // Retrieve all the states and add to the pull-down menu: $q = "SELECT state_id, state FROM states WHERE lang_id={$_SESSION['lid']} AND status='Active' ORDER BY state ASC"; $r = mysqli_query($dbc, $q); while ($row = mysqli_fetch_array($r, MYSQLI_NUM)) { echo "<option value=\"$row[0]\""; // Look for stickyness: if (isset($_POST['state']) && ($_POST['state'] == $row[0]) ) echo ' selected="selected"'; echo ">$row[1]</option>\n"; } ?> </select> </div> </div> </div> <div class="row"> <div class="col-md-6"> <div class="form-group"> <input type="email" name="email1" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['email1'])) echo $trimmed['email1']; ?>" placeholder="<?php echo $words['words232'] ?>" maxlength="50" required> </div> </div> <div class="col-md-6"> <div class="form-group"> <input type="email" name="email2" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['email2'])) echo $trimmed['email2']; ?>" placeholder="<?php echo $words['words233'] ?>" maxlength="50" required> </div> </div> </div> <div class="row"> <div class="col-md-6"> <div class="form-group"> <input type="password" name="password1" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['password1'])) echo $trimmed['password1']; ?>" placeholder="<?php echo $words['words234'] ?>" maxlength="50" required> </div> </div> <div class="col-md-6"> <div class="form-group"> <input type="password" name="password2" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['password2'])) echo $trimmed['password2']; ?>" placeholder="<?php echo $words['words235'] ?>" maxlength="50" required> </div> </div> </div> <div class="row"> <div class="col-md-12"> <div class="form-group"> <p class="text-center mt-2"> <?php echo $words['words236'] ?> <a href="" data-toggle="modal" data-target="#privacyModal"><?php echo $words['words237'] ?></a> <?php echo $words['words238'] ?> <a href="" data-toggle="modal" data-target="#termsModal"><?php echo $words['words239'] ?></a>. </p> </div> </div> </div> <button type="submit" name="submit" class="w-100 btn btn-block btn-styled btn-base-2 mt-2"><?php echo $words['words240'] ?></button> </form> <!-- Form Auxiliary Links --> <div class="form-user-footer-links"> <div class="row"> <div class="col-6"> <p class="mt-4"> <a href="reset_password.php" class=""><?php echo $words['words241'] ?></a> </p> </div> <div class="col-6"> <p class=" text-right mt-4"> <a href="index.php" class=""><?php echo $words['words242'] ?></a> </p> </div> </div> </div> </div> </div> </div> </div> </div> </section><!-- /.sign up form --> <?php // Include the HTML footer file: include('templates/footer.html');
  5. Hi Larry, I am using your validation method from chapter 10 to validate and optional business name but the query doesn't want to execute. I have re-checked the validation (no errors) and database, but cannot find anything wrong. When I run a SQL query in Xammp to update a user's business name to NULL, the record updates, so the column settings are correct. Do you perhaps have any suggestions? Thank you. // Look for a business name (not required): if (empty($trimmed['business_name'])) { $bn = NULL; } elseif (preg_match('/^[A-Z0-9 \',.#-]{2,80}$/i', $trimmed['business_name'])) { $bn = mysqli_real_escape_string($dbc, $trimmed['business_name']); } else { echo '<p>Please enter a valid business name!</p>'; }
  6. Hi Larry, Thank you very much for taking the time to explain the implementation details. Hopefully I can get my head around it! Kind regards.
  7. Thank you for your response Larry. If you could perhaps offer some guidance in terms of how you would approach such a subscription model, it would be much appreciated. Kind regards.
  8. Hi Larry, I want to offer different subscription plans on my virtual products site (free, basic, standard and premium) that would limit subscribers to a number of views. Should I use the virtual subscription model (Part 2) and adapt it, or use the shopping cart model (Part 3)? Regards.
  9. Hi Larry, Thank you very much for your answer. What you explained makes perfect sense so I will exclude the duplicate login for the project. Regards.
  10. Hi Larry, I want to manage logins to disallow duplicate logins so that one subscriber can't use another subscriber's login credentials to log in simultaneously. I was thinking of adding a "logged_in" ENUM column to the user table with values "Yes" and "No". The value is set to "Yes" when the user logs in and to "No" when the user logs out. But if the user just closes the browser window without logging out via the website, that would create an issue when the user tries to log in again. Your thoughts on this will be much appreciated. Regards.
  11. Thank you very much for your answer Larry. Of course it makes perfect sense to me now!
  12. Hi Larry, Thank you very much for your response. I changed the innodb_log_file_size and innodb_log_file_size in the my.ini text file as recommended in the StackOverflow article without any success. Changing the storage engine from InnoDB to MyISAM seems to have solve the issue so should I just continue with MyISAM? If I run into issues with MyISAm I will have to switch the columns and the rows as you suggested. Regards.
  13. Hi Larry, Thank you for your guidance. The query from the code above calls all the users, languages and time zones from their respective tables so no wonder the script didn't execute! The correct query is: $q = "SELECT a.user_id, u.type, u.email, LEFT(u.first_name,1) AS icon, CONCAT(u.first_name, ' ', u.last_name) AS name, u.lang_id, u.timezone_id FROM access_tokens AS a INNER JOIN users AS u ON u.id=u.id WHERE a.token=? AND a.user_id=u.id AND a.date_expires>NOW()"; The script now executes and stores the correct sessions. Just one last question if I may: Should I generate a session id for an admin user within the reset.php script or let the admin user first reset his or her password via the link and then sign out and sign in again through the signin.php page which will generate the admin session? My main concern is security.
  14. Hi Larry, I have incorporated the language part of the forum project into my e-commerce site. I have however ran into issues with MySQL/MariaDB regarding the number of word columns representing the translatable words for the site (over 250 so far). I get the following database error: "Warning: #139 Row size too large (&gt; 8126). Changing some columns to TEXT or BLOB or using ROW_FORMAT=DYNAMIC or ROW_FORMAT=COMPRESSED may help. In current row format, BLOB prefix of 768 bytes is stored inline." Do you have any suggestions on a different approach maybe as having so many columns in a database table is probably not a good idea? Thank you.
  15. Hi Larry, Thank you very much for your response. I updated the query and it doesn't give the "ambiguous" error anymore, but it now gives the following user reset error: "Either the provided token does not match that on file or your time has expired. Please resubmit the "Forgot your password?" form." The script does insert a new token and the correct date/time into the "access_tokens" table. I also checked the query again and couldn't find any errors. My script is included below. Your thoughts would be much appreciated. Thank you. <?php // Require the configuration before any PHP code as the configuration controls error reporting: require('includes/config.inc.php'); // The config file also starts the session. // Redirect invalid user: if (isset($_SESSION['user_id'])) { $url = 'index.php'; // Define the URL. header("Location: $url"); exit(); // Quit the script. } // Require the database connection: require(MYSQL); // Include the page title: $page_title = $words['reset_page_title_1']; // Include the HTML header file: include('templates/header.html'); // For storing reset error only: $reset_error = ''; // For storing password errors: $pass_errors = array(); if (isset($_GET['t']) && (strlen($_GET['t']) === 64) ) { // First access $token = $_GET['t']; // Fetch the user ID: $q = "SELECT a.user_id, u.email, LEFT(u.first_name,1) AS icon, CONCAT(u.first_name, ' ', u.last_name) AS name, l.lang, t.timezone FROM access_tokens AS a INNER JOIN users AS u ON u.id=u.id INNER JOIN languages AS l ON l.id=l.id INNER JOIN timezones AS t ON t.id=t.id WHERE token=? AND a.date_expires>NOW()"; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 's', $token); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); if (mysqli_stmt_num_rows($stmt) === 1) { mysqli_stmt_bind_result($stmt, $user_id, $email, $icon, $name, $lang_id, $timezone_id); mysqli_stmt_fetch($stmt); // Create a new session ID: session_regenerate_id(true); $_SESSION['user_id'] = $user_id; // Store the data in a session: //$_SESSION['user_id'] = $user_id; $_SESSION['email'] = $email; $_SESSION['icon'] = $icon; $_SESSION['name'] = $name; $_SESSION['lid'] = $lang_id; $_SESSION['timezone'] = $timezone_id; // Clear the token: $q = 'DELETE FROM access_tokens WHERE token=?'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 's', $token); mysqli_stmt_execute($stmt); } else { $reset_error = '<div class="reset my-5"> <div class="reset-header text-center"> <i class="fas fa-lock fa-4x"></i> <h2 class="display-5 my-2 font-weight-normal">' . $words['reset_message_1'] . '</h2> <p class="my-3 font-weight-normal text-center">' . $words['reset_message_2'] . '</p> </div> </div>'; } mysqli_stmt_close($stmt); } else { // No token! $reset_error = '<div class="reset my-5"> <div class="reset-header text-center"> <i class="fas fa-lock fa-4x"></i> <h2 class="display-5 my-2 font-weight-normal">' . $words['reset_error_1'] . '</h2> <p class="my-3 font-weight-normal text-center">' . $words['reset_error_2'] . '</p> </div> </div>'; } // If it's a POST request, handle the form submission: if (($_SERVER['REQUEST_METHOD'] === 'POST') && isset($_SESSION['user_id'])) { // Okay to change password: $reset_error = ''; // Check for a password and match against the confirmed password: if (preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!@#\$%\^&\*])(?=.{12,})^/', $_POST['pass1']) ) { if ($_POST['pass1'] == $_POST['pass2']) { $p = $_POST['pass1']; } else { $pass_errors['pass2'] = $words['reset_validation_1']; } } else { $pass_errors['pass1'] = $words['reset_validation_2']; } if (empty($pass_errors)) { // If everything's OK. // Define the query: $q = 'UPDATE users SET pass=? WHERE id=? LIMIT 1'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 'si', $pass, $_SESSION['user_id']); $pass = password_hash($p, PASSWORD_BCRYPT); mysqli_stmt_execute($stmt); if (mysqli_stmt_affected_rows($stmt) === 1) { // Send a confirmation email: $email = ($_SESSION['email']); $body = $words['reset_email_1']; $body = wordwrap ($body,70); mail($email, $words['reset_email_2'], $body, 'FROM: ' . SEND_EMAIL); // Let the user know the password has been changed: echo '<div class="reset my-5"> <div class="reset-header text-center"> <i class="fas fa-lock fa-4x"></i> <h2 class="display-5 my-2 font-weight-normal">' . $words['reset_message_3'] . '</h2> <p class="my-3 font-weight-normal text-center">' . $words['reset_message_4'] . '</p> </div> </div>'; include('templates/footer.html'); // Include the HTML footer file. exit(); } else { // If it did not run OK. trigger_error('<div class="reset my-5"> <div class="reset-header text-center"> <i class="fas fa-lock fa-4x"></i> <h2 class="display-5 my-2 font-weight-normal">' . $words['reset_error_3'] . '</h2> <p class="my-3 font-weight-normal text-center">' . $words['reset_error_4'] . '</p> </div> </div>'); } mysqli_stmt_close($stmt); } // End of empty($pass_errors) IF. } elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { $reset_error = '<div class="reset my-5"> <div class="reset-header text-center"> <i class="fas fa-lock fa-4x"></i> <h2 class="display-5 my-2 font-weight-normal">' . $words['reset_error_5'] . '</h2> <p class="my-3 font-weight-normal text-center">' . $words['reset_error_6'] . '</p> </div> </div>'; } // End of the form submission conditional. // If it's safe to change the password, show the form: if (empty($reset_error)) { // Requires the form functions script, which defines create_form_input(): require_once('includes/form_functions.inc.php'); echo '<form class="reset my-5" action="reset.php" method="post" accept-charset="utf-8"> <div class="reset-header text-center"> <i class="fas fa-lock fa-4x"></i> <h2 class="display-5 my-2 font-weight-normal">' . $words['reset_form_1'] . '</h2> <p class="my-3 font-weight-normal text-center">' . $words['reset_form_2'] . '</p> </div>'; create_form_input('pass1', 'password', '', $pass_errors, array('placeholder'=>$words['reset_form_3'])); echo '<small class="form-text text-muted">' . $words['reset_form_4'] . '</small>'; create_form_input('pass2', 'password', '', $pass_errors, array('placeholder'=>$words['reset_form_5'])); echo '<input type="submit" name="submit_button" value="' . $words['reset_form_6'] . '" id="submit_button" class="btn btn-lg btn-block btn-custom" /> </form>'; } else { echo '<div class="reset my-5"> <div class="reset-header text-center"> <i class="fas fa-lock fa-4x"></i> <h2 class="display-5 my-2 font-weight-normal">' . $reset_error . '</h2> <p class="my-3 font-weight-normal text-center">' . $reset_error . '</p> </div> </div>'; } // Include the HTML footer file. include('templates/footer.html'); ?>
  16. Hi Larry, I changed the database query from the original in your reset_password.php script to the below query in order to get the values to assign to the user's sessions when the URL signs the user in. I get the following error (Column 'date_expires' in where clause is ambiguous) because the users table also has a 'date_expires' column. What alias should I use on 'date_expires'? I tried (a.date_expires>NOW() FROM access_tokens AS a) but it obviously didn't work and couldn't find anything useful on the net. Any suggestions would be much appreciated. $q = "SELECT a.user_id, u.email, LEFT(u.first_name,1) AS icon, CONCAT(u.first_name, ' ', u.last_name) AS name, l.lang, t.timezone FROM access_tokens AS a INNER JOIN users AS u ON u.id=u.id INNER JOIN languages AS l ON l.id=l.id INNER JOIN timezones AS t ON t.id=t.id WHERE token=? AND date_expires>NOW()";
  17. Hi Larry, Thank you for your response. I changed the $_POST to assign the value for each form field with: value="' . $row[0] . '", value="' . $row[1] . '" etc. All the input form fields display the correct data from the database as previously, except for the select fields. The select fields also now also gives the following error: (An error occurred in script 'C:\xampp\htdocs\...' on line 246: Trying to access array offset on value of type null). When I assign the select value to an input field, the correct data is displayed in the field. I couldn't find anything helpful on Stack Overflow.
  18. Hi Larry, Please accept my apology for wasting your time. I got the query for checking for the unique email wrong as I left out the "!" when checking the email against the user_id. I fixed that and the query and script executes perfectly now. Sorry again, and thanks for your prompt response and excellent forum!
  19. Hi Larry, I opted for option A and it works perfectly. Thank you for the great and continued support for your books through this forum! Regards.
  20. Hi Larry, I want to assign the value from $_POST['lang'] = $row[3]; to the below select form, but can't get it to work. Any recommendations? Thank you! // Language drop down menu: echo '<div class="form-group'; if (array_key_exists('lang', $profile_errors)) echo ' has-error'; echo '"><select name="lang" id="lang" class="form-control"> <option>' . $words['profile_form_6'] . '</option>'; // Retrieve all the languages and add to the pull-down menu: $q = "SELECT id, lang FROM languages WHERE status='Active' ORDER BY lang ASC"; $r = mysqli_query($dbc, $q); if (mysqli_num_rows($r) > 0) { while ($row = mysqli_fetch_array($r, MYSQLI_NUM)) { echo "<option value=\"$row[0]\""; // Check for stickyness: if (isset($_POST['lang']) && ($_POST['lang'] == $row[0]) ) echo ' selected="selected"'; echo ">$row[1]</option>\n"; } } mysqli_free_result($r); echo '</select>'; if (array_key_exists('lang', $profile_errors)) echo '<span class="help-block">' . $profile_errors['lang'] . '</span>'; echo '</div>';
  21. Hi Larry, My logout message "You are now logged out." from my logout.php script (below) reverts back to the default language (English) when the user logs out. How do I get the $_SESSION['lid'] = $row['lang_id'] to remain valid until just after the user logged out so that the logout message displays in the user's selected language? Thank you. <?php /* This script: - is the sign out page for the site. - calls the configuration script. - redirects invalid users. - opens the database connection. - destroys the variables, session and cookie. */ // Require the configuration before any PHP code as the configuration controls error reporting: require('includes/config.inc.php'); // The config file also starts the session. // Redirect invalid user: if (!isset($_SESSION['user_id'])) { $url = 'index.php'; // Define the URL. header("Location: $url"); exit(); // Quit the script. } // Destroy the session: $_SESSION = array(); // Destroy the variables. session_destroy(); // Destroy the session itself. setcookie (session_name(), '', time()-300); // Destroy the cookie. // Require the database connection: require(MYSQL); // Include the page title: $page_title = $words['signout_page_title_1']; // Include the HTML header file: include('templates/header.html'); // Print a message: echo '<h2 class="display-5 my-2 font-weight-normal">' . $words['log_out_message'] . '</h2>'; // Include the HTML footer file: include('templates/footer.html'); ?>
  22. Hi Larry, I want to update a user's data where the unique email will either be updated or not. Using the script as it stands, the email has to be updated for the script to execute successfully. Do you have any suggestions on how to approach this because I can't figure out for the life of me if it would be done with validation or a database query or a combination of both? Thank you.
  23. Hi Larry, Thank you very much for your response. I have checked both the videos.php and view_video.php scripts again and also compared them to the original pdfs.php and view_pdf.php scripts, which execute perfectly. Apart from the variable and Content-type changed from "pdf" to "mp4" and "application/pdf" to "video/mp4" in the video scripts, the pdf and video scripts are identical. If the view script is executed twice, shouldn't two videos instead of one open up? (I added the target="_blank" element to open the pdfs and videos in a new tab).
  24. Hi Larry, Thank you very much for your response. And yes, you "guess" was correct of course! The "Undefined index: mp4" error only appears when the the file size, including an MP4, is much larger that the "upload_max_filesize" and the "post_max_size" as defined in the php.ini file (currently set at 10MB each). Trying to uploading a 20MB file (double the maximum set values) still generates only a form validation error. But any file from 50MB and upwards generates the "Undefined index: mp4" error. Any way to avoid the "Undefined index" error (without increasing the "upload_max_filesize" and the "post_max_size" values) just in case a user tries to upload a 50MB plus video file? Regards,
×
×
  • Create New...