removing e-mail feature from available code.
I had to re-do my project, since for some reason they didn't like my work, even after extensive consultation with my supervisor about it.
So one of the things I had to re-do was the admin and login code, and since they felt it was too simple, I had to find a better solution for it, and at first, I thought this seems fine: http://www.ineedtutorials.com/code/php/complete-advanced-login-member-system-php-tutorial
Now keep in mind that I can't host my project on a server, in fact I can only host it on my own laptop, which is quite a downer as it could've made my work easier.
I then removed these following features:
a) e-mail activation B) lost password feature (since it requires the site to send an e-mail to the user)
After removing them, I tried to register, but it simply didn't want to add me into the database. Even if a user is added via SQL, I also can't log into the site.
Here's the code that I've made changes to:
//functions.inc.php
<?php
require_once("validation.functions.inc.php");
require_once("user.functions.inc.php");
require_once("display.functions.inc.php");
require_once("login.functions.inc.php");
function generate_code($length = 10)
{
if ($length <= 0)
{
return false;
}
$code = "";
$chars = "abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ123456789";
srand((double)microtime() * 1000000);
for ($i = 0; $i < $length; $i++)
{
$code = $code . substr($chars, rand() % strlen($chars), 1);
}
return $code;
}
?>
//display.functions.inc.php
<?php
#### Display Functions ####
function show_userbox()
{
// retrieve the session information
$u = $_SESSION['username'];
$uid = $_SESSION['loginid'];
// display the user box
echo "<div id='userbox'>
Welcome $u
<a href='./logout.php'>Logout</a>
</ul>
</div>";
}
function show_loginform($disabled = false)
{
echo '<form name="login-form" id="login-form" method="post" action="./index.php">
<fieldset>
<legend>Please login</legend>
<dl>
<dt><label title="Username">Username: </label></dt>
<dd><input tabindex="1" accesskey="u" name="username" type="text" maxlength="30" id="username" /></dd>
</dl>
<dl>
<dt><label title="Password">Password: </label></dt>
<dd><input tabindex="2" accesskey="p" name="password" type="password" maxlength="15" id="password" /></dd>
</dl>
<ul>
<li><a href="./register.php" title="Register">Register</a></li>
<li><a href="./lostpassword.php" title="Lost Password">Lost password?</a></li>
</ul>
<p><input tabindex="3" accesskey="l" type="submit" name="cmdlogin" value="Login" ';
if ($disabled == true)
{
echo 'disabled="disabled"';
}
echo ' /></p></fieldset></form>';
}
function show_registration_form(){
echo '<form action="./register.php" method="post">
<fieldset><legend>Register</legend>
<dl>
<dt><label for="username">Username:</label></dt>
<dd><input name="username" type="text" id="username" maxlength="30">
</dd>
</dl>
<dl>
<dt><label for="password">Password:</label></dt>
<dd><input name="password" type="password" id="password" maxlength="15">
</dd>
</dl>
<dl>
<dt><label for="password2">Re-type password:</label></dt>
<dd><input name="password2" type="password" id="password2" maxlength="15">
</dd>
</dl>
<dl>
<dt><label for="email">email:</label></dt>
<dd><input name="email" type="text" id="email" maxlength="255">
</dd>
</dl>
<p>
<input name="reset" type="reset" value="Reset">
<input name="register" type="submit" value="Register">
</p>
</fieldset>
</form>';
}
?>
login.functions.inc.php
<?php
#### Login Functions #####
function isLoggedIn()
{
if (session_is_registered('loginid') && session_is_registered('username'))
{
return true; // the user is loged in
} else
{
return false; // not logged in
}
return false;
}
function checkLogin($u, $p)
{
global $seed; // global because $seed is declared in the header.php file
if (!valid_username($u) || !valid_password($p) || !user_exists($u))
{
return false; // the name was not valid, or the password, or the username did not exist
}
//Now let us look for the user in the database.
$query = sprintf("
SELECT loginid
FROM login
WHERE
username = '%s' AND password = '%s'
LIMIT 1;", mysql_real_escape_string($u), mysql_real_escape_string(sha1($p . $seed)));
$result = mysql_query($query);
// If the database returns a 0 as result we know the login information is incorrect.
// If the database returns a 1 as result we know the login was correct and we proceed.
// If the database returns a result > 1 there are multple users
// with the same username and password, so the login will fail.
if (mysql_num_rows($result) != 1)
{
return false;
} else
{
// Login was successfull
$row = mysql_fetch_array($result);
// Save the user ID for use later
$_SESSION['loginid'] = $row['loginid'];
// Save the username for use later
$_SESSION['username'] = $u;
// Now we show the userbox
return true;
}
return false;
}
?>
user.functions.inc.php
<?php
##### User Functions #####
function user_exists($username)
{
if (!valid_username($username))
{
return false;
}
$query = sprintf("SELECT loginid FROM login WHERE username = '%s' LIMIT 1",
mysql_real_escape_string($username));
$result = mysql_query($query);
if (mysql_num_rows($result) > 0)
{
return true;
} else
{
return false;
}
return false;
}
function registerNewUser($username, $password, $password2, $email)
{
global $seed;
if (!valid_username($username) || !valid_password($password) ||
!valid_email($email) || $password != $password2 || user_exists($username))
{
return false;
}
$code = generate_code(20);
$sql = sprintf("insert into login (username,password,email) value ('%s','%s','%s','%s')",
mysql_real_escape_string($username), mysql_real_escape_string(sha1($password . $seed))
, mysql_real_escape_string($email));
if (mysql_query($sql))
{
$id = mysql_insert_id();
if (sendActivationEmail($username, $password, $id, $email, $code))
{
return true;
} else
{
return false;
}
} else
{
return false;
}
return false;
}
?>
validation.functions.inc.php
<?php
#### Validation functions ####
function valid_email($email)
{
// First, we check that there's one @ symbol, and that the lengths are right
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email))
{
// Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
return false;
}
// Split it into sections to make life easier
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++)
{
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$",
$local_array[$i]))
{
return false;
}
}
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1]))
{ // Check if domain is IP. If not, it should be valid domain name
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2)
{
return false; // Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++)
{
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i]))
{
return false;
}
}
}
return true;
}
function valid_username($username, $minlength = 3, $maxlength = 30)
{
$username = trim($username);
if (empty($username))
{
return false; // it was empty
}
if (strlen($username) > $maxlength)
{
return false; // to long
}
if (strlen($username) < $minlength)
{
return false; //toshort
}
$result = ereg("^[A-Za-z0-9_\-]+$", $username); //only A-Z, a-z and 0-9 are allowed
if ($result)
{
return true; // ok no invalid chars
} else
{
return false; //invalid chars found
}
return false;
}
function valid_password($pass, $minlength = 6, $maxlength = 15)
{
$pass = trim($pass);
if (empty($pass))
{
return false;
}
if (strlen($pass) < $minlength)
{
return false;
}
if (strlen($pass) > $maxlength)
{
return false;
}
$result = ereg("^[A-Za-z0-9_\-]+$", $pass);
if ($result)
{
return true;
} else
{
return false;
}
return false;
}
?>
and the registration code:
<?php
require_once "header.php";
if (isset($_POST['register'])){
if (registerNewUser($_POST['username'], $_POST['password'], $_POST['password2'], $_POST['email'])){
echo "Thank you for registering.
<a href='./index.php'>Click here to login.</a>
";
}else {
echo "Registration failed! Please try again.";
show_registration_form();
}
} else {
// has not pressed the register button
show_registration_form();
}
require_once "footer.php";
?>
note that I didn't include the activation code, disabled and enabled features in the sql table in my database, and I also didn't include mail.functions.inc.php file, lostpassword.php file, changepassword.php file and also the activate.php files (since I deemed them unnecessary), and I'm pretty sure it's something I missed somewhere, but I'm not too sure myself, or is it impossible to remove the e-mailing feature?
fuser wrote: After removing them, I tried to register, but it simply didn't want to add me into the database. Even if a user is added via SQL, I also can't log into the site.
It didn't add to database because you got a small error in user.functions.inc.php:
mysql_real_escape_string($username), mysql_real_escape_string(sha1($password . $seed))
, mysql_real_escape_string($email));```
You only need three type specifier **%s**
Also, in registerNewUser() function, you didn't need the sendActivationEmail() function since you did not want to use it. This should work for your user.functions.inc.php
```markup<?php
##### User Functions #####
function user_exists($username)
{
if (!valid_username($username))
{
return false;
}
$query = sprintf("SELECT loginid FROM login WHERE username = '%s' LIMIT 1",
mysql_real_escape_string($username));
$result = mysql_query($query);
if (mysql_num_rows($result) > 0)
{
return true;
} else
{
return false;
}
}
function registerNewUser($username, $password, $password2, $email)
{
global $seed;
if (!valid_username($username) || !valid_password($password) ||
!valid_email($email) || $password != $password2 || user_exists($username))
{
return false;
}
$sql = sprintf("insert into login (username,password,email) value ('%s','%s','%s')",
mysql_real_escape_string($username), mysql_real_escape_string(sha1($password . $seed))
, mysql_real_escape_string($email));
if (mysql_query($sql))
{
return true;
}
}
?>```
--Edit--
You also did not need the generate_code() function in functions.inc.php
thanks for the solution, but after implementing it, the registration is successful, but now my problem is that I can't login.
after a user has successfully registered, he still cannot log into the website, and will be redirected to the homepage. the same goes for the users that were added via sql.
edit: I'm thinking that it will either be the login or validation code, not really too sure.
fuser wrote: I had to re-do my project, since for some reason they didn't like my work, even after extensive consultation with my supervisor about it.
So one of the things I had to re-do was the admin and login code, and since they felt it was too simple, I had to find a better solution for it, and at first, I thought this seems fine: http://www.ineedtutorials.com/code/php/complete-advanced-login-member-system-php-tutorial
Maybe because it wasn't your work. It was someone's else work that you borrowed online and modified with a great deal of assistance, albeit unsuccessfully in the end.
Are you seriously going down the same route again?
MoshBat wrote: Learn PHP. This is the second thread, and I'm damn sure it will contain huge "snippets" of code featuring rather simple mistakes. Agreed. You need to quit posting shit about your project until you actually make some effort to learn PHP.
Write your own damn login system and email system, and whatever else you need. Ask questions along the way if you're having trouble understanding something… after you've tried to find the answer on your own.
Then, ask how we'd improve it. Ask if there's a better way to do something. Ask what features we'd add. Anything that relates to code YOU wrote.
DON'T keep asking about large snippets of code that you don't understand, unless you need specific help understanding how something specific in it works.
Requesting a lock.