Jump to content
Larry Ullman's Book Forums

Strider64

Members
  • Posts

    5
  • Joined

  • Last visited

Posts posted by Strider64

  1. Going through and making sure every thing is secure, I think I found a flaw.

     

    There is no need for:

    if ($_SERVER['REQUEST_METHOD'] == 'POST') 

    for it's redudant and poises a security issue - never trust $_SERVER

     

    All you have to do is this:

    // Validate the form data:
    if ($form->validate()) {
    
        // Check against the database:
        $query = 'SELECT id, userType, username, email, pass FROM users WHERE username=:username';
        $stmt = $pdo->prepare($query);
        $result = $stmt->execute(array(':username' => $username->getValue()));
                
        // Try to fetch the results:
        if ($result) {
            $stmt->setFetchMode(PDO::FETCH_CLASS, 'Member');
            $user = $stmt->fetch();
            $result = false;
        }
        // Verify Stored Hashed Password:
        $result = password_verify($password->getValue(), $user->pass);
        // Store the user in the session and redirect:
        if ($result) {
            
            // Store in a session:
            $_SESSION['user'] = $user;
            
            // Redirect:
            header("Location:index.php");
            exit;
            
        }
        
    } // End of form validation IF.

    I have been testing this thoroughly and it works ;)

     

     

  2. Tip - "Once you adopt this system, you want to change the URLs for the links (in the HTML) and the action attribute form of the search form".

     

     

    It felt like I read this over a thousand times in the book and it just didn't seem to click, man do I feel stupid. Needless to say it pays to really really pay attention to the details. I try to keep things simple as possible when I coding, but I have in the past spent time fixing the stupidest mistakes sometimes, I once spent a whole day a long time ago trying to figure out why my code wouldn't work. The problem was instead of having <?php I just had <?. I sometimes tend to have a hard time explaining, that's probably why I put too much code and I have visited other boards where people put to little code. I guess I will eventually find a happy medium  the next time.  :D   I got it working and thanks once again for all the help - the both of you. 

  3. First, I've been pulling my hair trying to resolve this problem, I really would like to be able to have clean urls.

     

    First I running on Windows 8 using XAMPP ( I now wish I was using Linux ).

     

    I made sure that my .htaccess file does  indeed start with a period

     

    Here the .access file

    # Script 2.7 - .htaccess<IfModule mod_rewrite.c>
    # Turn on the engine:RewriteEngine on
    # Set the base to this directory:RewriteBase /chapter02/
    # Redirect certain paths to index.php:RewriteRule 
    ^(about|contact|this|that|search)/?$ index.p
    </IfModule>

    here's the bottom of my httpd.conf file

    # AJP13 Proxy<IfModule mod_proxy.c><IfModule 
    mod_proxy_ajp.c>Include 
    "conf/extra/httpd-ajp.conf"</IfModule></IfModule><Directory 
    "c:/xampp/htdocs/php_test/chapter02"> AllowOverride 
    All</Directory>

    and here's part of my config.inc.php file

    // Determine location of files and the URL of the site:// Allow for 
    development on different servers.if ($local) {
        // Always debug when running 
    locally:    $debug = 
    TRUE;       // Define the 
    constants:    define('BASE_URI', 
    'c:/xampp/htdocs/php_test/chapter02');    define('BASE_URL', 
    'http://localhost/php_test/chapter02/');    define('DB', 
    '/path/to/mysql.inc.php');   } else {
        define('BASE_URI', 
    '/path/to/live/html/folder/');    define('BASE_URL', 
    'http://www.example.com/');    define('DB', 
    '/path/to/live/mysql.inc.php');   }

    Like I said I've been pulling my hair out, stopping apache server, restarting it, modifying code, restarting (even rebooting my machine once). I even did a Google search trying various "fixes" and even this forum. Any help would be greatly appreciated.

     

    I know it is probably something stupid that I'm doing.

     

    Best Regards,

                John

×
×
  • Create New...