mnoi

I have seen older technology in the wild than ancient versions of mySQL. I offered it as a potential cause to look at, not the cause itself. More than likely it is 2, incompatible ways to encode the password, and old style passwords is one possibility. Rather than rule out what it might be based of what it shouldn’t be, I prefer to verify that it is not something that shouldn’t be before I check it off the list — especially if checking takes less than 5 minutes. I use persistent connections in a php class that terminates once the script queries are returned, so each person has the server’s attention for a second or two at best. The connection does not persist if there is not object requesting the data. Knowing my average volume and peek volume gives me the luxury to to do this, and my hosting company likes that I keep their server load light with persistent, but conservative connections rather than most of the load being used to establish connections. If the dev is told exactly what the problem is (1), instead of “there’s a problem” then it is more efficient than (1) get the notice, then (2) looking for the problem, (3) finding it, then (4) fixing it. He or she can skip steps 2 and 3 in this case. Since Marie is beginning, it would be more valuable to write test code that is clunky, but works reliably, than to refine it rather than have it not work to begin with. Having an instruction manual give examples that do not work or following advice that delays learning take the most momentum out of a person’s desire to learn than anything else in written instructions, IME. Looking at this once again, I realize that instead of building up a query she could go with a more efficient graceful degradation of queries, meaning that she could do the reverse order of what I first wrote: Check if A, B & C are true, then if not, Checking if at Least A & B are true which would return the error that the account is expired. While it is true the DB could do the expiration checking internally faster, the error handling would probably be handled more gracefully in PHP since SQL select returns are either rows of data, 0 rows or an error message. Sure she could write a stored procedure, which would be faster by returning the expired flag and have php handle the choices a user could make at that point. Larry, I want to be clear that while we might disagree on this topic, I want to thank you for writing this book. I have read your previous books on other topics and have found your writing an excellent example of clarity, conciseness without being to dry and academic. I have recommended your books to a friend learning PHP, and when I was searching for a good book on e-commerce, when your name came up, I chose this title because I knew I would get the best exchange of time for useful information. Thanks.

Make sure your site, script and servers all support and use the same character encoding. UTF-8 is the best bet since it handles virtually everything. look into how to explicitly send file encoding in Apache, how to specify character encoding in php output and insertion into a mysql table, and how to properly setup tables store UTF-8 by default in mySQL. I had similar problem with latin characters being input from a windows browser output as garbage everywhere else because a few columns had the wrong encoding. I ended up having to write a convertor to UTF-8 that detected the browser’s platform and tries to determine the encoding if not obvious, that way all stored data conforms to UTF-8 encoding. Everything: Apache, PHP & mySQL all should be explicitly configured to output and store UTF-8 incase the server or server software is changed.

Check the php.net documentation on how to define constants, and php.ini settings. try duckduckgo.com using bang syntax for quicker searching: "!php php.ini settings" or "!php core directives" Also, what Larry said: in order to get the most out of this book, you must be past the novice/beginner phase of learning PHP and mySQL. I myself have a safarionline account from O’Reilly so I can access hundred of development books, including the one this forum supports, for a very reasonable monthly fee. (I have no vested interest in endorsing it, and only mention it because it has allowed me to augment my abilities greatly for little expense.)

Hi, I just started reading this book the other day and came across this topic as the latest post, and think I can share some insight based on experience. I think there are multiple issues which I will address: First if the password is being garbled, check the version of mySQL and check the mySQL server settings for the password hashing mechanism as well as any PHP settings that might affect the communication between the Apache server and the mySQL server. If the system is setup to hash using the older password hashing function, the hash will be shorter and less secure. It sound like this might be the case, and you need to explicitly configure phpmyadmin to use identical password hashing algorithms if you edit any rows in order for it to work with your server code. I ran into this problem years ago after my site was updated from previous version of both PHP & mySQL server. It was solved by setting up a function to allow login with old passwords, and expire them, thus forcing users to update their passwords. Second, during mySQL queries avoid logic tests such as the IF statement because that pollutes the separation between the data access model and the logic of the program. Instead, query for the presence of the name and password, and have the expiration date row returned. Then use PHP’s built in date function to test to see if the expiration date has passed. The problem with the technique outlined in your code is a lack of detail of the type of failure in returned data, leading to an obfuscation of the real issue. For instance: you are testing 3 thing: name & pass & expiration. If any of these are false the entire query fails and no one can log in. No matter which is incorrect, your logic does not expose which column is false. The result is that you cannot offer any meaningful help to either the end user because your logic does not show you which column is not being matched. My suggestion: Instead, do a name query, then a name and pass query, then an expiration query. Upon any failures assign a $failure variable either 1, 2 or 3, if all queries are successful, $failure = 0. Then return that result ($failure) from the function. Then construct a error function that takes the $failure result and returns the appropriate error message: 1 or 2 = "the name and or password is invalid" 3 = "your account has expired, please click here to renew it." 0 = (allow entry to the site and redirect to whatever landing page you wish upon successful login. If you are concerned about the performance hit making 3 queries instead of just one, use a persistent connection to the mySQL server by utilizing a data access class such as mysqli, or a custom built data access class. In my experience the biggest performance hit comes from making multiple connections, not from the queries themselves, unless they return a very large data set. Cheers.