zabberwan

Hello All, Been a while, though peep in now and then.. I have 2 little issues with the Registration/Log-in Application based on Larry's code. When one registers there is an error showing on the page since the link to activate sent in the email seems to be wrong; here's a dummy account attempt email: http://venture-wilderness.com/reg_log.phpregistrar/activate.php?x=webmaster%40venture-wilderness.com&y=6c9a4cd312207c885d6a4ceb3a59fe91 It completes the chore of entering details to the DB, only that it enters the activation Hash also in the DB in the column where there's a NULL for a normal user and ! for the staff/admin. All this worked quite flawlessly until now. Somehow somewhere the code seems to have got a hiccup. The second problem arises basically in the database where it stores the hashed password. I increased the VARCHAR to 123 as I read somewhere that using Blowfish with a random Format+Salt of 22 characters can generate a Hash stringlength of anywhere between 13 and 123. It enters only 49 characters and 3 dots at the end making it 52 in all. What am I doing wrong? The function I wrote to augment password security: <?php function password_encrypt ($password) { $hash_format = "$2y$10$"; //Use Blowfish with a "cost" of 10 $salt_length = 22; //Use 22 characters or more $salted = generate_salt ($salt_length); $format_and_salt = $hash_format . $salted; $hash = crypt($password, $format_and_salt); return $hash; } function generate_salt ($length) { // MD5 returns 32 characters $unique_random_string = md5(uniqid(mt_rand() , true)); // Valid Characters for salt: [a-zA-Z0-9./] $base64_string = base64_encode($unique_random_string); // to convert '+' to '.' in base64 encoding $modified_base64_string = str_replace ('+' , '.' , $base64_string); // Truncate String to the Correct Length $salt = substr($modified_base64_string , 0 , $length); return $salt; } ?> What am I doing wrong? Warm regards, zabberwan

Thanks Larry. No more error, it works! Seasons Greetings to all in the meanwhile.. zabberwan

I inserted the following: function curPageURL() { $pageURL = 'http'; if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {$pageURL .= "s";} $pageURL .= "://"; if (isset($_SERVER["SERVER_PORT"]) && $_SERVER["SERVER_PORT"] != "80" && $_SERVER["SERVER_PORT"] != "443") { $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"]; } else { $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]; } return $pageURL; } session_start(); $_SESSION['last_page'] = curPageURL(); However, I get an error (the actual error message in email form is much longer): An error occurred in script '########### /ventureFunctions.php' on line 97: A session had already been started - ignoring session_start() <br />Date/Time: 12-8-2011 18:51:57 <br /> How to fix this, please? Thank you zabberwan

Hi Josee, Thank you very much! It's working as it should - perfectly. Never knew that one could write the links like that.

@ Stuart Thanks for the input, but it sounds a little hazy and complex. But in retrospect: @Josee This is more understandable and manageable, at least, to a nit wit like me! It was the, as in your words below, what was baffling me: — The opening <body> tag of the html pages is in my header.html file (in my case head_part.html). I added an "id" attribute to the <body> tag, represented by a variable. <body id="<?php echo $body_id ?>"> Now, with this under the belt I should be able to fix the problem. I will get back as soon as I am done. Thanks a ton..

Have a heart guys! I haven't got my PHD as yet, you know! How do you indicate the current page with the $_SERVER array ? Please point me to an example.. Thanks

(admin/mod: if you feel this should be a separate question in a different place, please move it to the appropriate location) Hi, Did me a great favor by staying off php for a while and now recuperated I am back with another question concerning my script. That is good advice by Larry in the book! In my log-in and registration php application, I have my links in the sidebar and these remain visible when clicked to show different elements in the main content. However, these do not show as activated or inert when their corresponding element is showing in the main content. For example I hover over the link it changes its color and I click on it, it shows the login form, but the link to the login form does not show as an activated link..that cannot be used again. The last behavior property (below) in the css file seems to make no difference at all. <?php // Display links based upon the login status - (if user is logged in): if (isset($_SESSION['user_id'])) { echo '<a href="log_out.php" title="Logout">Logout</a><br /> <a href="change_password.php" title="Change Your Password">Change Password</a><br /> <a href="../reg_log.php" title="Login">Login</a>'; } ?> Here's the CSS: #sidebar a:hover { background-color: #E0DDD8; } /* When the link is pressed down and showing the element; this property is not showing */ #sidebar a:active { background-color: #E0DDD8; cursor:default; } Any ideas how to achieve this? Thank you

Hi Paul, Thanks for pointing that out. Now it definitely does not show the message and also adds the state when the users enter country as United States and their state. However, when 1. a registrant whose country is not United States leaves the field blank as instructed, it still shows the message, "Please enter your State!" 2. a registrant whose country is a United States, but leaves it the state blank, it shows the the same message, though it continues and registers the user. This however, is quite in order and I will make the form sticky and return it to the user to complete. Regards

And here's one more - one of my favorites. When you want to wish someone good luck: Hals- und Beinbruch! (= wish you broken neck and leg..) Couple of small script issues and maybe the one below needs to be tweaked as it does not enter "state" to the database even when the country has been assigned as ['United States'] and the "states" field has been filled up.. In addition it shows the message "Please enter your State!" to every successful Registration: //Check for state - courtesy Swanson: if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $trimmed['state']) && $trimmed['country'] == 'US') { // assuming country code is US and not USA $s = mysqli_real_escape_string ($dbc, $trimmed['state']); } else { echo '<p class="error">Please enter your State!</p>'; } If there is a way to allow symbols in the "username" and "passwords" and allow an integer as the first character in a username (at the moment it does not accept it)? It is becoming common practice now a days to use symbols especially in passwords and so on. Thanks for any suggestions.

THE WIZARD HATH SPOKEN! In German we say, "Faust auf's Auge" (= fit like a fist on the eye!) No more undefined error.. Thanks

Thank you very much for the input! @Hartley: JS would certainly solve that problem, but I am only a dabbler with it. I understand to some extent the written code, but can hardly concoct a string to any particular cause or effect. Doing it just with PHP would be okay and as for "not confusing the user" I would put a note in the state field itself "Fill only if your country is United States" with the help of some new HTML 5 (placeholder) attribute. The note would erase itself as soon as the user enters cursor in the field to put any content inside. The entry for Country in the pull down is United States. @Paul Swanson: This seems the easier and simpler way out, but on implementing it continues to give the same "undefined" error: <p>An error occurred in script 'XYZ/venture-wilderness/registrar/register.php' on line 86: Undefined variable: s <br />Date/Time: 5-25-2011 06:52:24 <br /><pre>Array ( Would be great if we can develop/manipulate the strings to comply to our needs. I was testing in a similar way, but more so on the lines: (This also generated errors..) //Check for State if (isset(Country['United States'])) { (preg_match ('/^[A-Z \'.-]{2,40}$/i', $trimmed['state'])) { $s = mysqli_real_escape_string ($dbc, $trimmed['state']); } } Sorry for responding so late, but the board somehow did not inform with the usual email. Regards to all

Thank you Larry for suggesting to put the questions one by one. So I will begin with with Registration chronologically: The code for register is: <?php # Script 16.6 - register.php // This is the registration page for the site. ob_start(); require_once ('includes/config.inc.php'); $page_title = 'Register'; include('includes/head_part.html'); if (isset($_POST['submitted'])) { // Handle the form. require_once (MYSQL); // Trim all the incoming data: $trimmed = array_map('trim', $_POST); // Assume invalid values: $fn = $ln = $e = $p = FALSE; // Check for a first name: if (preg_match ('/^[A-Z \'.-]{2,20}$/i', $trimmed['first_name'])) { $fn = mysqli_real_escape_string ($dbc, $trimmed['first_name']); } else { echo '<p class="error">Please enter your first name!</p>'; } // Check for a last name: if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $trimmed['last_name'])) { $ln = mysqli_real_escape_string ($dbc, $trimmed['last_name']); } else { echo '<p class="error">Please enter your last name!</p>'; } // Check for a username: if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $trimmed['username'])) { $un = mysqli_real_escape_string ($dbc, $trimmed['username']); } else { echo '<p class="error">Please enter your username!</p>'; } // Check for an email address: if (preg_match ('/^[\w.-]+@[\w.-]+\.[A-Za-z]{2,6}$/', $trimmed['email'])) { $e = mysqli_real_escape_string ($dbc, $trimmed['email']); } else { echo '<p class="error">Please enter a valid email address!</p>'; } // Check for a password and match against the confirmed password: if (preg_match ('/^\w{4,20}$/', $trimmed['password1']) ) { if ($trimmed['password1'] == $trimmed['password2']) { $p = mysqli_real_escape_string ($dbc, $trimmed['password1']); } else { echo '<p class="error">Your password did not match the confirmed password!</p>'; } } else { echo '<p class="error">Please enter a valid password!</p>'; } // Check for country: if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $trimmed['country'])) { $c = mysqli_real_escape_string ($dbc, $trimmed['country']); } else { echo '<p class="error">Please enter your Country!</p>'; } //Check for state: if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $trimmed['state'])) { $s = mysqli_real_escape_string ($dbc, $trimmed['state']); } else { echo '<p class="error">Please enter your State!</p>'; } if ($fn && $ln && $e && $p && $un && $c) { // If everything's OK... //combine first and last names $name = $fn. ' ' .$ln; // Make sure the email address is available: $q = "SELECT user_id FROM users WHERE email='$e'"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); if (mysqli_num_rows($r) == 0) { // Available. // Create the activation code: $a = md5(uniqid(rand(), true)); // Add the user to the database: $q = "INSERT INTO users (name, username, email, pass, country, state, active, registration_date) VALUES ('$name', '$un', '$e', SHA1('$p'), '$c', '$s', '$a', NOW() )"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); if (mysqli_affected_rows($dbc) == 1) { // If it ran OK. // Send the email: $body = "Thank you for registering at the Venture Wilderness Website. Just one last step to activate your account, please click the following link:\n\n"; $body .= BASE_URL . 'registrar/activate.php?x=' . urlencode($e) . "&y=$a\n\n"; $body .= "This will activate your login ability and verify your email. If you have any questions or need some assistance, please feel free to contact our Staff (from 7 AM to 7 PM (EST = European Standard Time).\n\n"; $body .= "If you are interested to know how we evaluate user data, please see our Privacy Policy at https://venture-wilderness.com/services.php?tab=2#TabbedPanels2'.\n\n"; $body .= "Venture Wilderness"; mail($trimmed['email'], 'Registration Confirmation', $body, 'From: services@venture-wilderness.com'); // Finish the page: echo '<p>Thank you for registering! A confirmation email has been sent to your address. Please click the link in that email to verify your email and activate your account.</p>'; //include ('includes/footer.html'); // Include the HTML footer. exit(); // Stop the page. } else { // If it did not run OK. echo '<p class="error">You could not be registered due to a system error. We apologize for any inconvenience.</p>'; } } else { // The email address is not available. echo '<p class="error">That email address is already registered. If you have forgotten your password, use the link, "Retrieve Password" to have your password sent to you.</p>'; } } else { // If one of the data tests failed. echo '<p class="error">Please re-enter your passwords and try again.</p>'; } mysqli_close($dbc); } // End of the main Submit conditional. ?> <link href="../_css/reg_log.css" rel="stylesheet" type="text/css" /> <div id="mainContent"> <table width="550" border="0"> <tr> <td width="150"><h2>Registration</h2></td> <td width="150"><a href="../regist_tnc.php" title="Terms & Conditions">Terms & Conditions</a> </td> <td width="230"><label for="checkbox">I accept Terms & Conditions<class ="rustred" input name="acceptance" type="checkbox" value="checkox" checked /></td> </tr> </table> <form action="register.php" method="post"> <fieldset> <p><label for="">First Name</label><input name="first_name" type="text" class="textField" value="<?php if (isset($trimmed['first_name'])) echo $trimmed['first_name']; ?>" size="20" maxlength="20" /></p> <p><label for="">Last Name</label><input name="last_name" type="text" class="textField" value="<?php if (isset($trimmed['last_name'])) echo $trimmed['last_name']; ?>" size="20" maxlength="40" /></p> <p><label for="">Username</label><input name="username" type="text" class="textField" value="<?php if (isset($trimmed['username'])) echo $trimmed['username']; ?>" size="20" maxlength="40" /></p> <p><label for="">Email Address</label><input name="email" type="text" class="textField" value="<?php if (isset($trimmed['email'])) echo $trimmed['email']; ?>" size="20" maxlength="80" /></p> <p><label for="">Password</label><input name="password1" type="password" class="textField" size="20" maxlength="20" /></p> <p><label for="">Confirm Password</label><input name="password2" type="password" class="textField" size="20" maxlength="20" /></p> <p><label for="country">Country</label><input name="country" type="text" class="textField" value="<?php if (isset($trimmed['country'])) echo $trimmed['country']; ?>" size="20" maxlength="30" /></p> <p><label for="state">State</label><input name="state" type="text" class="textField" value="<?php if (isset($trimmed['state'])) echo $trimmed['state']; ?>" size="20" maxlength="30" /></p> <div id="submit" align="left"><input name="submit" type="image" value="Join The Elite Travellers!" src="../_images/page_decos/register_btn.png"/></div> <p><input type="hidden" name="submitted" value="TRUE" /></p> </fieldset> </form> </div> <?php include ('includes/foot_part.html'); // Flush the buffered output. ob_end_flush(); ?> On registering a user, it throws an error, but enters the user in the database. The error occurs because I have an entry "State" in the form which is to be filled up only if the users "Country" is "United States" (because of a. varying "Sales Tax or VAT " in each of the States and b. vast distances between the main airports - i.e. cost of air ticket: New York - Delhi is approx. EUR 1250.- whereas LA - Delhi is approx. EUR 1650. Other Countries have the same tax in all their states and provinces and most flights are also priced approximately same. This entry is undefined and is not an error, but a NOTICE or warning. Reporting Notices is turned "OFF" in your script as well as on my local and remote servers. So I don't know how to bypass it. I tried to fix it with PHP so that the field "State" will only appear if the "Country" is set to "United States", but was unable to achieve it. An error occurred in script '/home/zabber1/public_html/venture-wilderness/registrar/register.php' on line 87: Undefined variable: s <br />Date/Time: 5-21-2011 13:12:07 <br /><pre>Array ( [GLOBALS] => Array *RECURSION* [_ENV] => Array ( [CONTENT_LENGTH] => 191 [size=2] [CONTENT_TYPE] => application/x-www-form-urlencoded[/size] I also tried putting the lists of "Countries" and "States" as Record Sets using Dreamweaver. It works perfectly on the testing server, but does not work on the remote server. The problem seems to be the "mysql_select_db" in the following script that Dreamweaver generates: mysql_select_db($database_registrations, $registrations); $query_rsCountries = "SELECT * FROM countries ORDER BY countryName ASC"; $rsCountries = mysql_query($query_rsCountries, $registrations_con) or die(mysql_error()); $row_rsCountries = mysql_fetch_assoc($rsCountries); $totalRows_rsCountries = mysql_num_rows($rsCountries); mysql_select_db($database_registrations, $registrations); $query_rsStates = "SELECT * FROM states ORDER BY stateName ASC"; $rsStates = mysql_query($query_rsStates, $registrations_con) or die(mysql_error()); $row_rsStates = mysql_fetch_assoc($rsStates); $totalRows_rsStates = mysql_num_rows($rsStates); In addition when any users register the message they get looks looks this: Is there a way to display this gracefully? Knowing how to solve these errors will help me solve all other problems regarding the application. Thank you

To do that, go to your " My Settings" - scroll arrow next to your user name - and go to "Notification Options" and remove the check from "Hide my email from other members"

Hi, Have been busy with other things and now that I had some time to get back to finishing the registration/login system. I have finally been able to adapt it to my site and most things are functioning, but not very smoothly. So if anyone wants to lend me some further help, would really appreciate it.. Here are some of the problems am having: 1. The log out function just does not work. It shows alright, but on clicking it, it generates constantly the error, "Oops! This link appears to be broken.." 2. I tried to add a menu/list from the database (after making record sets) for Country and States. Dreamweaver 5 shows the register.php correctly in the browser, but when I try it on the remote server it gives an error: [b]Warning[/b]: require_once(../Connections/registrations.php) [[url="http://venture-wilderness.com/registrar/function.require-once"]function.require-once[/url]]: failed to open stream: No such file or directory in [b]/home/zabber1/public_html/venture-wilderness/registrar/register.php[/b] on line [b]1[/b] [b]Fatal error[/b]: require_once() [[url="http://venture-wilderness.com/registrar/function.require"]function.require[/url]]: Failed opening required '../Connections/registrations.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in [b]/home/zabber1/public_html/venture-wilderness/registrar/register.php[/b] on line [b]1[/b] the main problems seem to be: <?php require_once('../Connections/registrations_con.php'); ?> on line 1 mysql_select_db($database_registrations, $registrations); $query_rsCountries = "SELECT * FROM countries ORDER BY countryName ASC"; $rsCountries = mysql_query($query_rsCountries, $registrations_con) or die(mysql_error()); $row_rsCountries = mysql_fetch_assoc($rsCountries); $totalRows_rsCountries = mysql_num_rows($rsCountries); mysql_select_db($database_registrations, $registrations); $query_rsStates = "SELECT * FROM states ORDER BY stateName ASC"; $rsStates = mysql_query($query_rsStates, $registrations_con) or die(mysql_error()); $row_rsStates = mysql_fetch_assoc($rsStates); $totalRows_rsStates = mysql_num_rows($rsStates); I tried with the actual database settings on the remote site, but continue to get this error. If this error continues then as a last resort I can leave alone the Menu/List, but I need to have the fields. 3. The SESSION_COOKIE has a default life only for as long as the session which isn't very inviting and user friendly. Is there somewhere I can increase the time to live and add a few more parameters like username etc. ? (I concatenated first_name and last_name to "name" to save an entry field and changed the corresponding references in the code.) 4. How to direct users from one mode to the other (HTTP <=> HTTPS). I would like: User comes to HTTP site log in in HTTP and if new user then is directed to HTTPS to register and return to login in the HTTP mode. I know that one has to do this using "Headers", but am not sure how to exactly code it since we also have BASE.URL 5. Would also appreciate a little help to implement code snippet courtesy Paul Swanson: if (!empty ($errors) { // if errors exist, create div for display echo '<div style="color:red;margin:10px;">' . "\n"; foreach ($errors as $error) { // loop thru $errors array and print each error echo "$error<br />\n"; } echo "</div>\n\n"; // close div } // end of $errors conditional I suppose with all that on board will make fine robust application!

Hi Paul, That is exactly what I was looking for! Thank you so much. As for the Output Buffering, I had already tried the suppression operator, but it did not remove it, but as I just rechecked the code, the error came from not starting the function in the header_include. So, I changed that, and prepended the suppressor for good measure, just in case..