Jump to content
Larry Ullman's Book Forums

costaM

Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by costaM

  1. Thank you. I will follow the instructions and send to you a feedback.
  2. In Logging In sub subject, there is a reference of login.php on index.php page, this is the one: If ($_SERVER['REQUEST_METHOD']) == 'POST') { include ('includes/login.php'); } I don't see this page developed in Chapiter 4. Is it developed in the following Chapiters? or is the bad reference? Yours;
  3. Dear, I have almost the same issue for loggin and redirecting user login to personalized page like welcom.php. I had a problem with sh256 algorithm, but since I put sh1 it works. My issue is to redirect a user to welcom.php page and protect the page to allow only logged user. The following are the code: <?php require ('./includes/config.inc.php'); //This is the registration page for the site.Require the configuration before any PHP code as the configuration controls error reporting: $page_title = 'Connect au Cop.com'; //Registration title name include ('./includes/headreg.html'); // Include the header file: require (MYSQL); // Require the database connection require ('./includes/form_functions.inc.php'); // Require function to handle the form input boxes $login_errors = array(); // Check for a login form submission: if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $em= mysqli_real_escape_string ($dbc, $_POST['email']); } else { $login_errors['email'] = '<font color="red">Tape un email valide!</font>'; } //Check first if the password is empty before querying db if (!empty($_POST['pass']) ) { $p = mysqli_real_escape_string ($dbc, $_POST['pass']); } else { $login_errors['email'] = '<font color="red">Tape un mot de passe!</font>'; } if (empty($login_errors)){ //No errors, then query the db // Make sure the email address is available: $q = "SELECT Id, fname FROM customer WHERE (email = '$em' AND password='" .get_password_hash($p). "')"; // Get the number of rows returned: $r = mysqli_query($dbc, $q); if(mysqli_num_rows($r)== 1 ) { $row = mysqli_fetch_array($r, MYSQLI_NUM); $_SESSION['user_id'] = $row[0]; $_SESSION['Fname'] = $row[1]; THe issue is here: HOW TO REDIRECT THE USER to welcom.php and keep it from unloggin user? See what I did, but I am not satisfied with it. include('./includes/welcom.php'); //include('./includes/footreg.html'); exit(); } else { // IF no rows, data don not match, send a error message and don not reveal what is wrong $login_errors = 'Adresse email ou mot de passe incorrect. Veuillez refaire.'; } } } ?> <div class="logoimg1"><img src="./products/cophma1.jpg" width="115" height="44" alt="cophma log" /></div> <div class="logoimg2"><img src="./products/com.gif" width="66" height="20" alt="cophma log1" /></div> <div class="logoimg3"><img src="./products/pharm.gif" width="155" height="23" alt="cophma log2" /></div> </div> <!-- Help on registration and login pages --> <div class='regist_form_help'><a href='regist.php'>Nouveau!</a> | <a href='forgot.php'>Mot de passe oublie</a> | <a href='index.php'>Accueil</a></div> <div class="errorDiv"></div> <!-- login form page --> <div class="login_form"> <form action ="login.php" method="post" accept-charset="utf-8"> <fieldset> <legend><font color='#000' size='4.2px'>Connexion au Cophma.com!</font></legend> <!-- Display a errors message on top of the form if value not found in db--> <p><?php if(array_key_exists('login', $login_errors)) { echo '<span class="error">'.$login_errors['login'].'</span><br />'; } ?> <label for="email"><strong>Mon addresse Email est:</strong></label><br /> <?php create_form_input('email', 'text', $login_errors); ?><br /> <label for="pass"><strong>Mon mot de passe est:</strong></label><br /> <?php create_form_input('pass', 'password', $login_errors); ?> <a href="forgot.php" align="right">Oublié le mot de passe?</a><br /><br /><br /> <input type="submit" value="Connexion au Cophma" /> </p> </fieldset> </form> </div> Help!
  4. Dear Larry, I have been doing my registration and login.php on separate pages. Registration succeed but I can not login. When I remove the part of get_ password_hash, the $q is Ok, the user can see the welcome page. OF course, I can't accept any one using only user name to login. I have tried to resend new password to user, it succeed. How to overcome this get_password_hash issue? It seems that the hash is not the same with the one on database. while the password is the same. Why this issue? Please provide another method to overcome this. I have seen new book on the same subject, unfortunately it will be on December, while I am in need of Kind version now. Also, I wish to redirect a user after registration to welcome page. Many errors on head already sent are displayed. Of course, I did the following: If Insert into db succeed, then redirect the user to by using: Header('Location:Welcome.php'); Why is going through? Costa
  5. Dear Larry, I succeeded to connect to mysql client throught dos and insert some data into tables. I tried many time till I did the following with database name to succeed: INSERT INTO `mydbase_name`.`mytbl_name`(colmn1, colmn2, colmn3,...) VALUES (' ',' ',.....) But I failed to create the procedure as following: DELIMITER $$ CREATE PROCEDURE select_category (type VARCHAR(6)) BEGIN IF type = 'Foods' THEN SELECT * FROM tblcategory ORDER BY strCat_Keyword; END IF; END$$ From END$$ without typing DELIMITER; the error message is splashed: No database selected! How to make it? I have tried the following: DELIMITER $$ CREATE PROCEDURE mydatabase_name.select_category (type VARCHAR(6)) BEGIN IF type = 'Foods' THEN SELECT * FROM tblcategory ORDER BY strCat_Keyword; END IF; END$$ Then, without typing DELIMITER;, another error message is splashed: Access denied to connect to mydatabase_name @ localhost... May you help me?
  6. Dear Larry, I have an issue on the same thread. I defined procedures in mysql.inc.php and called them in different file such as shop.php. Is it correct or I may create their own file to be included in files needs them? And I have a error message: unexpected '$' in the line of DELIMITER $$. What Can I do to work out this sign $ that has problem? Your advises are imperative as my system is meeting the requirement for procedures. PHP and Mysql are 5+.
  7. Dear Larry, My OS is XP Pack 3 and I installed my XAMPP on E partition as C partition has some problem. Is in E partition I installed my OS.
  8. Dear Larry, I wish to request a full path to the mysql client using XAMPP in order to text procedures given in the book. The system of XAMPP is meeting the requirement for running procedures. I am using XAMPP, so, how can I do to have a figure 8.2 and test again the procedure created?
  9. I wish to ask the follwing quick question to have swift answers: - preg_match function to allow number, uppercase, lowercase and non alphanumeric? - where can I put the code to implement SSL for the registration page: such 'https//' .BASE_URL. 'register.php'?
  10. Please see the code below as per the book on the forgot_password.php file if ($_SERVER['REQUEST_METHOD'] == 'POST'){ // Make an email filter if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){ //Check the db a to find the email, if available send password $q = 'SELECT lngCus_Id FROM tblcustomer WHERE strCus_Email = "'. mysqli_real_escape_string($dbc, $_POST['email']). '"'; // Return rows $r = mysqli_query($dbc, $q); // If row is find with customer ID if (mysqli_num_rows($r) == 1){ list($uid) = mysqli_fetch_array($r, MYSQLI_NUM); } else { $pass_errors['email'] = 'Your email is not valid!'; } } else { //No valid email address $pass_errors['email'] = 'Please enter a valid email address!'; } } // If no error if (empty($pass_errors)) { //Take a randon password and substract from 11 characheter for 15 characters from 32 characters given $p = substr(md5(uniqid(rand(), true)), 10, 15) ; //Add the new password to the db $q = "UPDATE tblcustomer SET strCus_Password = '".get_password_hash($p)."' WHERE lngCus_Id = $uid LIMIT 1"; } } Please explain me: list($uid) = mysqli_fetch_array($r, MYSQLI_NUM); The error is on the line of: WHERE lngCus_Id = $uid LIMIT 1"; Hope to hearing from you soon! Costa
  11. Dear Larry, I wish to ask on the Chap 4 of the Effortless E-Commerce. I dn't undestand the variable error being undefined on $q= UPDATE statement on updating random password that must be sent to user who want to reset his forgotten password: The statement is on updating password where id = $uid LIMIT 1"; I wish to know the meaning of the value $uid LIMIT 1 that is being reported as undefined variable (undefined variable: uid). How to fix it in other way. I am sure you've understand my idea and the line giving problem.
×
×
  • Create New...