Strider64

Going through and making sure every thing is secure, I think I found a flaw. There is no need for: if ($_SERVER['REQUEST_METHOD'] == 'POST') for it's redudant and poises a security issue - never trust $_SERVER All you have to do is this: // Validate the form data: if ($form->validate()) { // Check against the database: $query = 'SELECT id, userType, username, email, pass FROM users WHERE username=:username'; $stmt = $pdo->prepare($query); $result = $stmt->execute(array(':username' => $username->getValue())); // Try to fetch the results: if ($result) { $stmt->setFetchMode(PDO::FETCH_CLASS, 'Member'); $user = $stmt->fetch(); $result = false; } // Verify Stored Hashed Password: $result = password_verify($password->getValue(), $user->pass); // Store the user in the session and redirect: if ($result) { // Store in a session: $_SESSION['user'] = $user; // Redirect: header("Location:index.php"); exit; } } // End of form validation IF. I have been testing this thoroughly and it works

I use "HTML purifier" and find it really easy to use. It saves me a lot of headaches from not having to worry about is or isn't my code sanitized.

Tip - "Once you adopt this system, you want to change the URLs for the links (in the HTML) and the action attribute form of the search form". It felt like I read this over a thousand times in the book and it just didn't seem to click, man do I feel stupid. Needless to say it pays to really really pay attention to the details. I try to keep things simple as possible when I coding, but I have in the past spent time fixing the stupidest mistakes sometimes, I once spent a whole day a long time ago trying to figure out why my code wouldn't work. The problem was instead of having <?php I just had <?. I sometimes tend to have a hard time explaining, that's probably why I put too much code and I have visited other boards where people put to little code. I guess I will eventually find a happy medium the next time. I got it working and thanks once again for all the help - the both of you.

Thanks for the help, but that wasn't it. I think I will move on and revisit this some other time, I also suspect I'll have no problems (I hope) doing this on the web server when the time comes. I now wish I would had built a linux base computer or made it a dual boot system. Once again thanks.

First, I've been pulling my hair trying to resolve this problem, I really would like to be able to have clean urls. First I running on Windows 8 using XAMPP ( I now wish I was using Linux ). I made sure that my .htaccess file does indeed start with a period Here the .access file # Script 2.7 - .htaccess<IfModule mod_rewrite.c> # Turn on the engine:RewriteEngine on # Set the base to this directory:RewriteBase /chapter02/ # Redirect certain paths to index.php:RewriteRule ^(about|contact|this|that|search)/?$ index.p </IfModule> here's the bottom of my httpd.conf file # AJP13 Proxy<IfModule mod_proxy.c><IfModule mod_proxy_ajp.c>Include "conf/extra/httpd-ajp.conf"</IfModule></IfModule><Directory "c:/xampp/htdocs/php_test/chapter02"> AllowOverride All</Directory> and here's part of my config.inc.php file // Determine location of files and the URL of the site:// Allow for development on different servers.if ($local) { // Always debug when running locally: $debug = TRUE; // Define the constants: define('BASE_URI', 'c:/xampp/htdocs/php_test/chapter02'); define('BASE_URL', 'http://localhost/php_test/chapter02/'); define('DB', '/path/to/mysql.inc.php'); } else { define('BASE_URI', '/path/to/live/html/folder/'); define('BASE_URL', 'http://www.example.com/'); define('DB', '/path/to/live/mysql.inc.php'); } Like I said I've been pulling my hair out, stopping apache server, restarting it, modifying code, restarting (even rebooting my machine once). I even did a Google search trying various "fixes" and even this forum. Any help would be greatly appreciated. I know it is probably something stupid that I'm doing. Best Regards, John