Jump to content
Larry Ullman's Book Forums

Search the Community

Showing results for tags 'chapter 18'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Single Editions
    • Modern Javascript: Develop and Design
    • The Yii Book
    • Effortless Flex 4 Development
    • Building a Web Site with Ajax: Visual QuickProject
    • Ruby: Visual QuickStart Guide
    • C++ Programming: Visual QuickStart Guide
    • C Programming: Visual QuickStart Guide
    • Adobe AIR: Visual QuickPro Guide
  • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (5th Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (4th Edition)
    • PHP 6 and MySQL 5 for Dynamic Web Sites: Visual QuickPro Guide (3rd Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (2nd Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (1st Edition)
  • PHP for the Web: Visual QuickStart Guide
    • PHP for the Web: Visual QuickStart Guide (5th Edition)
    • PHP for the Web: Visual QuickStart Guide (4th Edition)
    • PHP for the Web: Visual QuickStart Guide (3rd Edition)
    • PHP for the World Wide Web: Visual QuickStart Guide (2nd Edition)
    • PHP for the World Wide Web: Visual QuickStart Guide (1st Edition)
  • Effortless E-commerce with PHP and MySQL
    • Effortless E-Commerce with PHP and MySQL (2nd Edition)
    • Effortless E-Commerce with PHP and MySQL
  • PHP Advanced: Visual QuickPro Guide
    • PHP Advanced and Object-Oriented Programming: Visual QuickPro Guide (3rd Edition)
    • PHP 5 Advanced: Visual QuickPro Guide (2nd Edition)
    • PHP Advanced: Visual QuickPro Guide
  • MySQL: Visual QuickStart Guide
    • MySQL: Visual QuickStart Guide (2nd Edition)
    • MySQL: Visual QuickStart Guide (1st Edition)
  • Other
    • Announcements
    • Newsletter, Blog, and Other Topics
    • Forum Issues
    • Social

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Found 3 results

  1. <?php // script 18.6 if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form. // Need the database connection: require (MYSQL); // Trim all the incoming data: $trimmed = array_map('trim', $_POST); // Assume invalid values: $fn = $ln = $e = $p = FALSE; // Check for a first name: if (preg_match ('/^[A-Z \'.-]{2,20}$/i', $trimmed['first_name'])) { $fn = mysqli_real_escape_string ($dbc, $trimmed['first_name']); } else { echo '<p class="error">Please enter your first name!</p>'; } // Check for a last name: if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $trimmed['last_name'])) { $ln = mysqli_real_escape_string ($dbc, $trimmed['last_name']); } else { echo '<p class="error">Please enter your last name!</p>'; } // Check for an email address: if (filter_var($trimmed['email'], FILTER_VALIDATE_EMAIL)) { $e = mysqli_real_escape_string ($dbc, $trimmed['email']); } else { echo '<p class="error">Please enter a valid email address!</p>'; } // Check for a password and match against the confirmed password: if (preg_match ('/^\w{4,20}$/', $trimmed['password1']) ) { if ($trimmed['password1'] == $trimmed['password2']) { $p = mysqli_real_escape_string ($dbc, $trimmed['password1']); } else { echo '<p class="error">Your password did not match the confirmed password!</p>'; } } else { echo '<p class="error">Please enter a valid password!</p>'; } if ($fn && $ln && $e && $p) { // If everything's OK... // Make sure the email address is available: $q = "SELECT user_id FROM users WHERE email='$e'"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); if (mysqli_num_rows($r) == 0) { // Available. // Create the activation code: $a = md5(uniqid(rand(), true)); // new line include('includes/lib/password.php'); // new line $hash=password_hash($p, PASSWORD_BCRYPT); // Add the user to the database: $q = "INSERT INTO users (email, pass, first_name, last_name, active, registration_date) VALUES ('$e', '" . password_hash($p, PASSWORD_BCRYPT) . "', '$fn', '$ln', '$a', NOW() )"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); if (mysqli_affected_rows($dbc) == 1) { // If it ran OK. // Send the email: $body = "Thank you for registering at <whatever site>. To activate your account, please click on this link:\n\n"; $body .= BASE_URL . 'activate/x=' . urlencode($e) . "&y=$a"; mail($trimmed['email'], 'Registration Confirmation', $body, 'From: mymail@sample.com'); // Finish the page: echo '<h3>Thank you for registering! A confirmation email has been sent to your address. Please click on the link in that email in order to activate your account.</h3>'; include ('includes/footer.html'); // Include the HTML footer. exit(); // Stop the page. } else { // If it did not run OK. echo '<p class="error">You could not be registered due to a system error. We apologize for any inconvenience.</p>'; } } else { // The email address is not available. echo '<p class="error">That email address has already been registered. If you have forgotten your password, use the link at right to have your password sent to you.</p>'; } } else { // If one of the data tests failed. echo '<p class="error">Please try again.</p>'; } mysqli_close($dbc); } // End of the main Submit conditional. ?> <h1>Register</h1> <form action="http://www.sample.com/register/" method="post"> <fieldset> <p><b>First Name:</b> <input type="text" name="first_name" size="20" maxlength="20" value="<?php if (isset($trimmed['first_name'])) echo $trimmed['first_name']; ?>" /></p> <p><b>Last Name:</b> <input type="text" name="last_name" size="20" maxlength="40" value="<?php if (isset($trimmed['last_name'])) echo $trimmed['last_name']; ?>" /></p> <p><b>Email Address:</b> <input type="text" name="email" size="30" maxlength="60" value="<?php if (isset($trimmed['email'])) echo $trimmed['email']; ?>" /> </p> <p><b>Password:</b> <input type="password" name="password1" size="20" maxlength="20" value="<?php if (isset($trimmed['password1'])) echo $trimmed['password1']; ?>" /> <small>Use only letters, numbers, and the underscore. Must be between 4 and 20 characters long.</small></p> <p><b>Confirm Password:</b> <input type="password" name="password2" size="20" maxlength="20" value="<?php if (isset($trimmed['password2'])) echo $trimmed['password2']; ?>" /></p> </fieldset> <div align="center"><input type="submit" name="submit" value="Register" /></div> </form> <?php # Script 18.7 - activate.php // This page activates the user's account. require ('includes/config.inc.php'); $page_title = 'Activate Your Account'; include ('includes/header.html'); // If $x and $y don't exist or aren't of the proper format, redirect the user: if (isset($_GET['x'], $_GET['y']) && filter_var($_GET['x'], FILTER_VALIDATE_EMAIL) && (strlen($_GET['y']) == 32 ) ) { // Update the database... require (MYSQL); $q = "UPDATE users SET active=NULL WHERE (email='" . mysqli_real_escape_string($dbc, $_GET['x']) . "' AND active='" . mysqli_real_escape_string($dbc, $_GET['y']) . "') LIMIT 1"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); // Print a customized message: if (mysqli_affected_rows($dbc) == 1) { echo "<h3>Your account is now active. You may now log in.</h3>"; } else { echo '<p class="error">Your account could not be activated. Please re-check the link or contact the system administrator.</p>'; } mysqli_close($dbc); } else { // Redirect. $url = BASE_URL . 'index.php'; // Define the URL. ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } // End of main IF-ELSE. include ('includes/footer.html'); ?> I am modularizing a site that uses the registration (18.6) and activation (18.7) scripts from Chapter 18. All works fine until I try to rewrite activation.php to activation.inc.php and place it in the modules folder. When the activation e-mail comes and I click on the link, I receive a 404/Page Not Found. I am using the following in my .htaccess: RewriteEngine On RewriteRule ^(home|register)/?$ index.php?=$1 [L] RewriteRule ^(activate)/?$ index.php?p=$1&x=$2&y=$3 [L] As mentioned, registration works to the point of all data being inserted into database and the "Registration Confirmation" e-mail being received. It strongly appears to be a matter of my mod_rewrite syntax. Any suggestions as to where I am in error would be appreciated. Thank you.
  2. <?php # Script 18.8 - login.php // This is the login page for the site. require ('includes/config.inc.php'); $page_title = 'Login'; include ('includes/header.html'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { require (MYSQL); // Validate the email address: if (!empty($_POST['email'])) { $e = mysqli_real_escape_string ($dbc, $_POST['email']); } else { $e = FALSE; echo '<p class="error">You forgot to enter your email address!</p>'; } // Validate the password: if (!empty($_POST['pass'])) { $p = mysqli_real_escape_string ($dbc, $_POST['pass']); } else { $p = FALSE; echo '<p class="error">You forgot to enter your password!</p>'; } if ($e && $p) { // If everything's OK. include('includes/lib/password.php'); // Query the database: $q = "SELECT user_id, first_name, user_level FROM users WHERE (email='$e' AND pass='" . password_hash($p, PASSWORD_BCRYPT) . "') AND active IS NULL"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); if (@mysqli_num_rows($r) == 1) { // A match was made. // Register the values: $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); mysqli_free_result($r); mysqli_close($dbc); // Redirect the user: $url = BASE_URL . 'index1.php'; // Define the URL. ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } else { // No match was made. echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>'; } } else { // If everything wasn't OK. echo '<p class="error">Please try again.</p>'; } mysqli_close($dbc); } // End of SUBMIT conditional. ?> <h1>Login</h1> <p>Your browser must allow cookies in order to log in.</p> <form action="login.php" method="post"> <fieldset> <p><b>Email Address:</b> <input type="text" name="email" size="20" maxlength="60" /></p> <p><b>Password:</b> <input type="password" name="pass" size="20" maxlength="20" /></p> <div align="center"><input type="submit" name="submit" value="Login" /></div> </fieldset> </form> <?php include ('includes/footer.html'); ?> include('includes/lib/password.php'); // Add the user to the database: $q = "INSERT INTO users (email, pass, first_name, last_name, active, registration_date) VALUES ('$e', '" . password_hash($p, PASSWORD_BCRYPT) . "', '$fn', '$ln', '$a', NOW() )"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); I am trying to use the password_hash encryption technique for the Ch 18 example rather than SHA1. I was able to successfully register via changing the registration query (see second script, which includes 'lib/password.php' due to my version of Php). However, when I try to login (see top script), it indicates my password doesn't match what's on file. Is it possible something needs changed in the login's validation? Or have I possibly missed something else? Any help would be greatly appreciated.
  3. Can anyone provide me with a simple solution to the Pursue question in chapter 18, create a last_login field and make it so that a user can see how long it has been since they last logged in. thanks Graham
×
×
  • Create New...