1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2013
    Posts
    1
    Rep Power
    0

    Protect Web Service


    Hello,

    I know that this post is very old, but Im a novice and want o know if is possible to protect a Web Service using this method?

    I 've read that using PHP OpenSSL is a better way but, I don´t have the enough expertice.

    I'll apreacite your comments,

    best regards!
  2. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2013
    Posts
    1
    Rep Power
    0

    How to change password if forgotten?


    Obviously, it is an excellent piece of work for novice to advanced php mysql developers.

    But, if any user forgets password, then how can it be reset? Is it possible to change from phpmyadmin? If possible, then how? Can you show the way to reset password if forgotten from the user end/via login page?

    It would a great help indeed.

    Thank you.
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2013
    Posts
    3
    Rep Power
    0

    Password Issues


    Hi,
    Firstly I want to say thanks for posting such an informative guide. I've never touched PHP before, but I was able to get a good understanding of what's going on..

    However, I am unfortunately unable to login to my 'private' page via this method. Having read the rest of the comments, I have troubleshot this issue down to the following:


    $check_password = hash('sha256', $_POST['password'] . $row['salt']);
    var_dump($check_password);
    for($round = 0; $round < 65536; $round++)
    {
    $check_password = hash('sha256', $check_password . $row['salt']);
    // var_dump($check_password);
    }
    var_dump($check_password);
    var_dump($row['password']);
    if($check_password === $row['password'])
    //we never get here as they're not the same.
    {
    // If they do, then we flip this to true
    $login_ok = true;
    }

    When we come to checking to see whether the $check_password is the same as $row['password'], it's not.
    I've changed the password box input type to text (rather than password) to prove I don't have CaPs on or anything silly like this, but to no avail.

    Any suggestions please? I've double-checked my users table and have confirmed the username/password is what I'm trying to input it as..(and as the query is working, I obviously have connection to my db).?
  4. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2013
    Posts
    3
    Rep Power
    0
    Originally Posted by Nesferatu
    Hi,
    Firstly I want to say thanks for posting such an informative guide. I've never touched PHP before, but I was able to get a good understanding of what's going on..

    However, I am unfortunately unable to login to my 'private' page via this method. Having read the rest of the comments, I have troubleshot this issue down to the following:


    $check_password = hash('sha256', $_POST['password'] . $row['salt']);
    var_dump($check_password);
    for($round = 0; $round < 65536; $round++)
    {
    $check_password = hash('sha256', $check_password . $row['salt']);
    // var_dump($check_password);
    }
    var_dump($check_password);
    var_dump($row['password']);
    if($check_password === $row['password'])
    //we never get here as they're not the same.
    {
    // If they do, then we flip this to true
    $login_ok = true;
    }

    When we come to checking to see whether the $check_password is the same as $row['password'], it's not.
    I've changed the password box input type to text (rather than password) to prove I don't have CaPs on or anything silly like this, but to no avail.

    Any suggestions please? I've double-checked my users table and have confirmed the username/password is what I'm trying to input it as..(and as the query is working, I obviously have connection to my db).?
    To update, if I do this it works fine:


    $check_password = hash('sha256', $_POST['password'] . $row['salt']);
    //for($round = 0; $round < 65536; $round++)
    //{
    //$check_password = hash('sha256', $check_password . //$row['salt']);
    // var_dump($check_password);
    //}
    if($check_password === $row['password'])
    {
    // If they do, then we flip this to true
    $login_ok = true;
    }
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2013
    Posts
    3
    Rep Power
    0
    Originally Posted by Nesferatu
    Hi,
    Firstly I want to say thanks for posting such an informative guide. I've never touched PHP before, but I was able to get a good understanding of what's going on..

    However, I am unfortunately unable to login to my 'private' page via this method. Having read the rest of the comments, I have troubleshot this issue down to the following:


    $check_password = hash('sha256', $_POST['password'] . $row['salt']);
    var_dump($check_password);
    for($round = 0; $round < 65536; $round++)
    {
    $check_password = hash('sha256', $check_password . $row['salt']);
    // var_dump($check_password);
    }
    var_dump($check_password);
    var_dump($row['password']);
    if($check_password === $row['password'])
    //we never get here as they're not the same.
    {
    // If they do, then we flip this to true
    $login_ok = true;
    }

    When we come to checking to see whether the $check_password is the same as $row['password'], it's not.
    I've changed the password box input type to text (rather than password) to prove I don't have CaPs on or anything silly like this, but to no avail.

    Any suggestions please? I've double-checked my users table and have confirmed the username/password is what I'm trying to input it as..(and as the query is working, I obviously have connection to my db).?
    I found the corresponding hash algorithm in the 'register.php' file, and understand where I was having the problem now (as I was not intending to allow registration).
  6. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2013
    Posts
    2
    Rep Power
    0

    Talking


    Hi, I'm trying to re-teach myself PHP, as I haven't really done anything with PHP since 2000. I found this tutorial (which is EXACTLY how I learn best, thank you for that). I'm able to get everything to work just fine. I was able to successfully add new rows to my MySQL table, and incorporate them into this script, without any real issue. The one thing I'm trying to do now, is set this script up (all testing BTW, to practice) in a subfolder (I named "system") and call upon some functions (and include others directly) from an page in my document root.

    Where I'm getting an error is trying to login from my main page (index.php). If I include the login.php page (using PHP include()) into my main page, it all works just fine. If I call upon login.php (IE index.php?system=login) it works just fine. But if I type a new form with the form action of login.php it always tells me that my login failed. I did set my form action to "system/login.php" so there's no confusion. I can't really tell why it's failing. As I was typing this, I thought to echo what the script is using for username and password, to see if there's any conflict.. I'll report back if that helps me.. but can anyone here think of a reason why this wouldn't just work out of the box?

    Thanks for any help I receive!
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2013
    Posts
    2
    Rep Power
    0
    Well, I actually solved the issue myself.. I took a break from this, and decided to work on other features, to clear my head.. I ran into the header() issue while trying to include login and logout into another page, so I added

    PHP Code:
    ob_start(); 
    At the very top of my index.php page, and I changed all

    PHP Code:
    require("common.php"); 
    to

    PHP Code:
    require_once("common.php"); 
    Then, all of the sudden I could login without an issue (and use the header() function as well).

    Again, thank you very much for making this tutorial, and thank everyone who has commented and contributed since then!
  8. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2013
    Posts
    2
    Rep Power
    0

    Warning: mysql_query()


    Hi,

    I'm relatively new to php but have used this tutorial and a few others to make a basic staff logon system for an events caterer.

    I'm using the 'common.php' file in all of my php files to connect to my database, and that seems to be working fine. However when I try and run a sql query I get the following error:

    Warning: mysql_query() [function.mysql-query]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /home/content/47/11368447/html/***/eventlist.php on line 18

    Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/content/47/11368447/html/***/eventlist.php on line 18

    Line 18 is:

    $result=mysql_query($sql);

    Here is the entire code:

    PHP Code:
    <?php
    // First we execute our common code to connection to the database and start the session 
        
    require("common.php"); 
         
        
    // At the top of the page we check to see whether the user is logged in or not 
        
    if(empty($_SESSION['user'])) 
        { 
            
    // If they are not, we redirect them to the login page. 
            
    header("Location: login.php"); 
             
            
    // Remember that this die statement is absolutely critical.  Without it, 
            // people can view your members-only content without logging in. 
            
    die("Redirecting to login.php"); 
        } 

    $sql="SELECT * FROM Events";
    $result=mysql_query($sql);

    ?>


    <table width="400" border="0" cellspacing="1" cellpadding="0">
    <tr>
    <td>
    <table width="400" border="1" cellspacing="0" cellpadding="3">
    <tr>
    <td colspan="4"><strong>List data from mysql </strong> </td>
    </tr>

    <tr>
    <td align="center"><strong>Name</strong></td>
    <td align="center"><strong>Start Date</strong></td>
    <td align="center"><strong>End Date</strong></td>
    </tr>

    <?php
    while($event=mysql_fetch_array($result)){
    ?>

    <tr>
    <td><? echo $event['name']; ?></td>
    <td><? echo $event['datestart']; ?></td>
    <td><? echo $event['dateend']; ?></td>


    <td align="center"><a href="updateevent.php?id=<? echo $event['name']; ?>">update event</a></td>
    <td align="center"><a href="deleteevent.php?id=<? echo $event['name']; ?>">delete</a></td>
    </tr>


    <?php
    }
    ?>

    </table>
    </td>
    </tr>
    </table>

    <a href="addevent.php">Add Event</a>
    I hope someone can help me, I really appreciate it,
    Joe
  9. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,910
    Rep Power
    1045
    Originally Posted by JoeMorgan
    I hope someone can help me, I really appreciate it,
    This very thread is an excellent tutorial for the PDO database extension. Why would you go back to that age-old mysql_query() stuff?

    Switch to PDO.
  10. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2013
    Posts
    1
    Rep Power
    0
    how would you query the database to retrieve the user id number say and echo it back?
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2013
    Posts
    2
    Rep Power
    0
    As I've said before I'm really new to PHP.

    Would anybody like to tell me how to convert the code for 'mysql_query' into the PDO database extension?

    Sorry being so naive,
    Joe
  12. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2013
    Posts
    1
    Rep Power
    0

    Thank you


    First, thanks for the easy to follow instructions. I've gone through all 21 page of this thread, just to learn what other people have run into as far as issues. I can say, i retyped this into my project and works like a charm.

    There is one thing i need to do though, that was not in any of these replies. With the exception of iframing.

    I need to take these:
    Code:
     if($row) 
            { 
                die("This username is already in use"); 
            }
    and

    Code:
     if($row) 
            { 
                die("This email address is already registered"); 
            }
    and insert it into a div in the form itself, instead on top of the page. I have a warning div built into my form for such a thing, but i am unable to figure out how to get the error message to display in that particular div.

    Ideas on this?

    Thanks in advanced.
  13. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,910
    Rep Power
    1045
    Hi,

    I'm pretty sure that we did talk about this on the previous pages: You must not expose the email addresses of your users, not even indirectly.

    If I use my personal e-mail address to create an account on your website, that doesn't give you the right to tell the whole world that I'm a registered user. In fact, I do not want you to publish my address. But that's what you would do if you displayed this message: Anybody could go to your website and check arbitrary email addresses.

    The correct way to handle this is to send out an email in any case: If the address is free, you send a confirmation link. If the address is in use, you tell the owner and maybe explain how to reset the password. You do not display a message on the website.

    Email addresses, names etc. are private data. You may not publish them until you have the explicit permission of the user.
    Last edited by Jacques1; September 30th, 2013 at 05:37 PM.
  14. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    311
    Rep Power
    8
    Jacques, are the scripts I posted on the previous page correct? I am beginning to doubt it because I got problems with my system (due to changing domain etc., not because of the scripts) and I see the columns 'active' and 'used' in my table 'responses', but they are not in my scripts... please help...
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2013
    Posts
    6
    Rep Power
    0

    Managing html depending on session


    Hello everyone. I'm using this system and it's all working great so far. Though, there are some things I'm having trouble with. The login form is on the site's main page where you learn about it and such. The user can successfully login and be taken to the main user page. But, when the user goes back to the main page where the login form is, the login form displays and allows the user to re-login even if they're still on their session.

    I've tried different things to hide the form if the user is logged in, but I can't seem to find out how to do this. I also want the menu to display a special link to only user who are logged in.

    How can I accomplish these things in PHP? Thanks in advance!
    ~Jake

IMN logo majestic logo threadwatch logo seochat tools logo