January 6th, 2014, 09:29 AM
They still exist, but since they're officially deprecated, they emit an E_DEPRECATED warning every time you call them. To prevent flooding your error log, you have to turn those warnings off.
Note, however, that deprecation is the beginning of the end. So if your application is supposed to be around for a while, you'll have to upgrade it at some point.
January 6th, 2014, 09:34 AM
January 8th, 2014, 04:13 PM
Absolutely loving the tutorial and I have learnt so much from it and have added so many extras from learning this tutorial. However I have come across a problem that I cant seem to fix and is driving me mad.
When i log into the system, it recognizes me and welcomes me but whenever i either go to another page or even reload the same page it ends the session causing me to log in again, however, if i log into the system, manually log out using the logout link and then re-login to the system the session works perfectly!
Does anyone know why this would happen and how I would go about fixing it please?
Thanks a lot!
January 9th, 2014, 05:34 AM
I would suggest that you create a new thread for assistance with this, I've only just noticed your post a day on ... anyway, you need to add some debugging, write to screen using "print_r" or similar, the content of $_SESSION at various points in your script so you can try to pinpoint where (and ultimately WHY) it is becoming unset.
Because you've modified the script from the provided tutorial, we can't possibly begin to offer any other assistance without seeing your modified code so if the debugging suggestion above doesn't work then please, post a new thread in the main PHP forum and we'll be able to help (plus, more people will read the post)
"For if leisure and security were enjoyed by all alike, the great mass of human beings who are normally stupefied by poverty would become literate and would learn to think for themselves; and when once they had done this, they would sooner or later realise that the privileged minority had no function and they would sweep it away"
- George Orwell, 1984
January 12th, 2014, 02:37 AM
Please Tell Me how to Decrypt the Encrypted Password... please reply the code to me... i really need it. by the way... it's very useful for me... it is secured.
and one thing.. if you can add the code on how to lock the account after logging in for three times... please add. Thank You Very Much.. More Power.
January 12th, 2014, 03:34 AM
You don't understand. The passwords are hashed, not encrypted. This means the procedure cannot be reverted -- which is the whole point.
Originally Posted by kei_o29
The best you can do is try out different passwords. But this isn't realistic if the target password is strong -- which again is the whole point.
That's what the word "secure" means: Nobody can recover the passwords from the hashes, not even the owner of the website. If he could, the whole algorithm would be garbage.
Blocking an account after three failed attempts is nonsense, because it allows anybody on the Internet to lock out your entire userbase simply by making three failed attempts for each user.
Originally Posted by kei_o29
You'll need a more sophisticated approach. One possibility is to use a CAPTCHA. See this thread.
January 22nd, 2014, 08:26 AM
The logins for this script appear to time out after a certain amount of time. Is there any way to increase or modify the timeout of the session?
January 22nd, 2014, 09:03 AM
January 22nd, 2014, 09:12 AM
Yea I think I figured it out -- it appears to have been the session gc maxlifetime.
thanks for the reply
January 29th, 2014, 12:48 PM
Problems at login page
I have been playing with this register code. I have copied it down to the logout section. It allows registration, and inserts in DB, but when I try to log in it syas wrong password. I am using simple 3 letter passwords as I am just testing. Any suggestions?
I believe all the code is correct as per tutoral. I am not a comlete newbe, but far enough to hang myself every now and then.
January 29th, 2014, 01:03 PM
Thanks for the code...
For some reason I keep getting an error message. The registration form is placing data into the db but these errors are getting in the way.
Warning: Cannot modify header information - headers already sent by (output started at /////private.php:1) in ////common.php on line 78
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /////private.php:1) in ////common.php on line 86
I have tried rewriting the code and copy / paste, but I can't get the errors to stop. What am I doing wrong?
January 29th, 2014, 01:36 PM
Forget about the hash stuff. Home-made crypto algorithms are a very bad idea. None of us can tell whether this is strong, acceptable or complete bogus.
Originally Posted by tompat
Use an established algorithm like bcrypt. If you're using PHP 5.5, it's already built into the language:
If you're running around with some old PHP, use a compatibility library:
Look at the error message: The private.php script generates output in the first line. Maybe you have whitespace before the opening PHP tag. Maybe there's a byte order mark. That's what you have to find out.
Originally Posted by Oldgoat
February 19th, 2014, 12:32 PM
I thought my logout problem was due to session gc maxlifetime but it appears to still be auto logging out after about 20 minutes or so. Does anyone have any other ideas of where to look to prevent this from happening?
February 19th, 2014, 01:04 PM
Did you check the cookie settings I pointed you to last time?
There's two ways a session can get killed: Either on the server through removing the session file. Or client-side through death of the session cookie.
Checking the session cookie is easy: Simply open the developer tools of your browser and see what the Expires value says.
February 19th, 2014, 01:08 PM
The cookie setting in php.ini is set to never expire and in my browser the expire is set to "Session"
Originally Posted by Jacques1