I'm a novice in server-side programming so any advice is appreciated.
I have some PHP files uploaded on a virtual server (000webhost.com) and I'm having trouble with locating a file I'm requiring in another PHP file. The register.php is attempting to "require_once" the update_user_info.php
Here's the code for register.php (Which I've taken from a tutorial and adjusted it with my variables):
<?php
define('__ROOT__', dirname(dirname(__FILE__)));
require_once(__ROOT__.'../update_user_info.php');
$db = new update_user_info();
// json response array
$response = array("error" => FALSE);
if (isset($_POST['name']) && isset($_POST['email']) && isset($_POST ['password']) && isset($_POST['branch']) && isset($_POST['gender'])) {
// receiving the post params
$username = $_POST['username'];
$name = $_POST['name'];
$email = $_POST['email'];
$password = $_POST['password'];
$branch = $_POST['branch'];
$gender = $_POST['gender'];
// check if user is already existed with the same email
if ($db->CheckExistingUser($email)) {
// user already existed
$response["error"] = TRUE;
$response["error_msg"] = "User already existed with " . $email;
echo json_encode($response);
} else {
// create a new user
$user = $db->StoreUserInfo($username, $name, $email, $password, $branch, $gender);
if ($user) {
// user stored successfully
$response["error"] = FALSE;
$response["user"]["username"] = $user["username"];
$response["user"]["name"] = $user["name"];
$response["user"]["email"] = $user["email"];
$response["user"]["branch"] = $user["branch"];
$response["user"]["gender"] = $user["gender"];
echo json_encode($response);
} else {
// user failed to store
$response["error"] = TRUE;
$response["error_msg"] = "Unknown error occurred in registration!";
echo json_encode($response);
}
}
} else {
$response["error"] = TRUE;
$response["error_msg"] = "Required parameter (username, name, email or password) is missing!";
echo json_encode($response);
}
?>
And here's a screenshot of the error that's occurring when attempting to visit the link containing the register.php:
Screenshot of the error
What I've tried so far:
1- tried to use require_once __DIR__."/../filename.php"; and lots more of the same, basically tinkering the statement with different language constructs and constants.
2-Read tutorials on the correct way to use require once but their cases is almost always very different. Either they are using WAMP/XAMPP -meaning they have a local path not a virtual one- So no luck there.
3- tried to change .htaccess file, as someone said in a post that it solved his problem.
4- I'm certain that both files are uploaded to the same directory. Yet it says "No such file".
Does anyone have an idea of where the error could be stemming from? Thanks in advance!
Related
<?php
include('security.php');
if (isset($_POST['login_btn'])) {
$email_login = $_POST['email'];
$password_login = $_POST['password'];
$query = "SELECT * FROM register WHERE email='$email_login' AND password='$password_login' ";
$query_run = mysqli_query($connection, $query);
$usertypes = mysqli_fetch_array($query_run);
if ($usertypes['usertype'] == "admin") {
$_SESSION['username'] = $email_login;
header('Location:/index.php');
} else if($usertypes['usertype'] == "user"){
$_SESSION['username'] = $email_login;
header('Location:../index.php');
}else{
$_SESSION['status'] = "Email or Password is invalid";
header('Location:login.php');
}
}
?>
Warning: Cannot modify header information - headers already sent by
(output started at
/home/imvvsmcb/public_html/admin/database/dbconfig.php:1) in
/home/imvvsmcb/public_html/admin/logincode.php on line 14
thanks for all your help, l fixed it the problem is not in the file l though it was, the bug was in my dbconfig file l had a link to my css
I want my website and my mybb board to be connected. I Googled and made the integration, and I'm able to get a username id, as long as I specify their ID, but nothing happens when I'm using the function as explained.
What I'm trying to do is verify a connection of one to the forums, via my website, and then show their name.
Here's my code, as well as my attempts to get a username:
PHP Code:
define('IN_MYBB', NULL);
require_once 'forums/global.php';
require_once 'forums/class.MyBBIntegrator.php';
$MyBBI = new MyBBIntegrator($mybb, $db, $cache, $plugins, $lang, $config);
$user = get_user($uid);
while ($forum_user = mysqli_fetch_array($user))
{
echo $forum_user['username'];
}
You could use:
define('IN_MYBB', NULL);
require_once 'forums/global.php';
if(isset($mybb->user['uid'])){
echo "User Found: ".$mybb->user['usernmae']."($mybb->user['uid'].")";
} else {
echo "No user found";
}
MyBBIntegrator isn't even required. But the above code will check if the user is logged in, and display the username and userid. If not it will display No User Found. Hopefully this helps.
please help me, I am in little trouble. I am familiar with codeigniter.
but I struggling with Login in With Facebook button. I included all files like facebook.php and base_facebook. Its working in Localhost but not working on server. please help me to fix this issue. when I click login button it's responding blank. I given my controller coding below. Thanks in advance.
public function check_fb()
{
$this->load->model('users/users_model');
$appId = '************'; //Facebook App ID
$appSecret = '************'; // Facebook App Secret
$homeurl = 'Site URL'; //return to home
$fbPermissions = 'email'; //Required facebook permissions
parse_str($_SERVER['QUERY_STRING'],$_REQUEST);
$this->load->library('Facebook', array("appId"=>"******", "secret"=>"*******"));
$fbuser = $this->facebook->getUser();
// Here it self I did't get any response.
if(!$fbuser){
$fbuser = null;
$loginUrl = $this->facebook->getLoginUrl(array('redirect_uri'=>$homeurl,'scope'=>$fbPermissions));
//echo $loginUrl; exit;
redirect($loginUrl);
}
else
{
$user_profile = $this->facebook->api('/me?fields=id,first_name,last_name,email,gender,locale,picture');
$user = new Users();
//echo "<pre>"; print_r($user_profile); exit;
if(!empty($user_profile)){
if(!empty($user_profile['id']))
{
$check=$this->users_model->check_login_facebook_id($user_profile['id']);
if($check)
{
echo 'already Exist';
}
else
{
$result = $this->users_model->update_login_facebook_id($user_profile['id']);
redirect($this->config->item('base_url').'users/dashboard');
}
}
}
}
}
Above code is working pretty cool..! I made mistake in library folder. I renamed base_facebook.php as Base_facebook.php, its case sensitive. if anyone face like this problem, just check twice your library files name. Facebook.php ,base_facebook.php, Fb_ca_chain_bundle security certificate.
I am get login errors when i test my script by logining under my own account. Do you think hashing passwords twice a bad practice?
I have hashed the users password twice in my website. Once, when they register and once, when they update their password in account update. Also i am using bcrypt method and cost of bcrypting is 10 on both hashings and i am on localhost server.
///// this is the code in register.php page
<?php
if(isset($_POST['registeruser'])) {
session_start();
$FName = $_POST['regfname'];
$LName = $_POST['reglname'];
$Email = mysqli_real_escape_string($conn, $_POST['regemail']);
$origignalpassword = preg_replace('#[^a-z0-9_]#i', '',
$_POST['regpassword']);
$Passwordw = $_POST['confirmedpassword'];
$infosql = "SELECT * FROM users WHERE useremail = '".$Email."'";
$result = mysqli_query($conn,$infosql);
if(mysqli_num_rows($result)>=1)
{
echo "Email already taken.";
}
else if(mysqli_num_rows($result) !=1 && $Passwordw ==
$origignalpassword) {
$Passwordhash = password_hash($Passwordw,
PASSWORD_BCRYPT, array('cost' => 10));
$sql = $conn->query("INSERT INTO users(firstname,
lastname, useremail, Passwordcell) Values('{$FName}',
'{$LName}','{$Email}','{$Psswordhash}')");
header('Location: login.php');
} else {
echo 'Please check your password:' . '<br>';
}
}
?>
//// Below code is the code in my update.php page
<?php session_start();
if(isset($_SESSION['user_id'])) {
} else {
header('Location: login.php');
}
$user = $_SESSION['userid'];
$myquery = "SELECT * FROM users WHERE `userid`='$user'";
$result = mysqli_query($conn, $myquery);
$row = mysqli_fetch_array($result, MYSQLI_BOTH);
$_SESSION['upd_fnames'] = $row['firstname'];
$_SESSION['upd_lnames'] = $row['Lastname'];
$_SESSION['upd_emails'] = $row['useremail'];
$_SESSION['upd_passwords'] = $row['Passwordcell'];
$_SESSION['upd_phone'] = $row['phonenum'];
$_SESSION['upd_bio'] = $row['biography'];
?>
<?php
if (isset($_POST['updateme'])) {
$updfname = $_POST['upd_fnames'];
$updlname = $_POST['upd_lnames'];
$updemail = $_POST['upd_emails'];
$updphone = $_POST['upd_phone'];
$upd_pswd = $_POST['upd_passwords'];
$biography = $_POST['update_biography'];
$Pswod = password_hash($upd_pswd, PASSWORD_BCRYPT,
array('cost' => 10));
$sql_input = $mysqli->query("UPDATE users SET firstname = '{$updfname}', Lastname = '{$updlname}', Phonenum = '{$updphone}', useremail = '{$updemail}', Passwordcell = '{$Pswod}', biography = '{$biography}' WHERE userid=$user");
header('Location: Account.php');
}
else
{
}
?>
Your problem could be just a typo, in your registration script, instead of $Passwordhash you wrote:
"INSERT INTO users(..., Passwordcell) Values(...,'{$Psswordhash}')"
Nevertheless there are other problems with your code, and since you asked for advise, i would like to share my thoughts.
Probably the biggest problem is, that your code is vulnerable to SQL-injection. Switch to prepared statements as soon as you can, writing code will become even easier than building the query as you did, and both MYSQLI and PDO are supporting it. This answer could give you a start.
Passwords should not be sanitized. Remove the line $origignalpassword = preg_replace('#[^a-z0-9_]#i', '', $_POST['regpassword']), and just pass the input directly to the hash function password_hash($_POST['regpassword'], PASSWORD_DEFAULT). The password_hash() function works with any type of input.
It is a good habit to place an exit after each redirection, otherwise the script will continue executing. header('Location: login.php', true, 303); exit;
Do you really have reason to put the user info into the session? Instead of $_SESSION['upd_fnames'] = $row['firstname']; i would fetch the information on demand from the database. With fetching it from the database you can be sure that the information is actually set (is not null) and is up to date, you can avoid a state and you get a bit more REST full.
Then last but not least i would recommend to follow some style rules, like starting variable names always with a small letter. You can avoid some silly typos and it makes your code more readable.
Fairly new to Zend Framework 1.11 with Doctrine 2.
I have successfully created a login etc using Doctrine.
My current problem though is that the Zend_Auth instance works fine when I stay within the controller that the log in is within.
If I try determine the state of Zend_Auth::getInstance->HasIdentity() in any other controller it returns blank.
If I then go back to any page residing within the controller containing the login/authentication hasIdentity works fine.
I have even tried writing to the storage but this provides no joy.
My auth code is as follows which is the action called after clicking Login (Within MembersareaController)
public function authAction()
{
$this->_helper->viewRenderer->setNoRender(true);
$loginForm = new Application_Model_Login();
if($this->getRequest()->isPost()){
$usr = "";
$pwd = "";
$KeepLoggedIn = false;
$message = "";
$usr = $this->_getParam('username');
$pwd = $this->_getParam('password');
$pwdMd5 = md5($pwd);
if($usr !== "" && $pwd !== ""){
$GDSAdaptor = new ZC_Auth_Adapter($usr, $pwdMd5);
$result = \Zend_Auth::getInstance()->authenticate($GDSAdaptor);
if(\Zend_Auth::getInstance()->hasIdentity()){
$this->flashMessenger->addMessage(LOGIN_SUCCESS);
$this->_redirect('/membersarea/index');
}else{
$this->flashMessenger->addMessage(LOGIN_INVALID);
}
}else{
$this->flashMessenger->addMessage(LOGIN_MISSING_FORMVAL);
$this->_redirect('/membersarea/login');
}
}
Trying to seeing a person is logged in on the IndexController with the following code produces no results. hasIdentity returns a blank value.
public function indexAction()
{
if(Zend_Auth::getInstance()->hasIdentity())
{
$msg = "hasIdentity: YES";
}else{
$msg = "hasIdentity: NO";
}
$this->view->msg = $msg;
}
Zend_Session::rememberMe(); in the bootstrap solved this issue