Hello, galga1:
Nice to see you again!
I have tested what you say and works fine, at least on my system. I
have answered the question so we can work better on your problem. Did
you change the access information (user, password) you gave me the
last time? If not, I will start *digging* today. Also, tell me which
browser and OS have you used, so I can reproduce the problem on my
system.
Regards. |
Request for Answer Clarification by
galgal1-ga
on
18 Aug 2003 08:08 PDT
Hello again!
I am very happy that you answered my question. I am using Internet
Explorer if that is what you mean. I haven't changed any of the
passwords. Also there is something wrong with login.php. When I try to
login it does not look for the password and user name in the database
at all and it just says that the login is incorrect. You can try this
password in login.php: star, and user name: star.
I don't know what happend to it but I would appreciate if you look
into that as well. It worked great before but I changed something in
checkupdate.php and everything stopped working.
Thank you and have a great day!
|
Request for Answer Clarification by
galgal1-ga
on
18 Aug 2003 10:48 PDT
Hello,
I forgot to ask you one more thing. If you go to my web site
(www.htauditions.com) you will see that I have two buttons to sign up
wich are Paid Account and Free Account. I want to avoid that using a
cookie. What I am trying to do is: set a cookie every time they sign
up and one would be a paid account cookie and the other a free account
cookie. When the user goes to login I want to have a page that will
ask for the cookies and if the paid account cookie comes up then the
paid account login form will come up or if the free sccount cookie
comes up the free account login form will come up. The thing is I
don't know how to call a cookie from someones computer. I know how to
set it but I don't know how to ask for it. If you have time please
answer this question.
Thank you for all of your help!
|
Clarification of Answer by
joseleon-ga
on
18 Aug 2003 12:45 PDT
Hello, galga1:
So here it's the complete list of things I have to look on your web,
please, fix me if I'm wrong:
-Check the refresh of the login form, because on your system
disappears
-Check the login script because it doesn't process the login correctly
-Check if the user has setup a cookie (free/paid) and show the buttons
accordingly
Just a quick note, the images of the left menu don't appear, point to
a path on your local system instead to the web server.
Regards.
|
Request for Answer Clarification by
galgal1-ga
on
18 Aug 2003 13:51 PDT
Hello Jose,
I can't thank you enough for all of your help. If you could do these
things for me I would be very greatful. There is one more thing that I
need to get done and if you have time you can help me on it. I am
trying to make a form that sends the users a confirmation e-mail when
they sign-up. I know this can be done using PHP and I tried to do it
but it just wouldn't work. Do you know where I can find such a script
or do you have one that you can give me?
Thank you for telling me about the menu, I will fix it later.
Thank you so much for your effort to help me.
|
Clarification of Answer by
joseleon-ga
on
18 Aug 2003 23:05 PDT
Hello:
No problem sending the e-mail, I will add this task to the list. Do
you want to send plain text or HTML or both? I mean, you can send a
MIME message in both formats and include an HTML design with images
and so on.
Regards.
|
Clarification of Answer by
joseleon-ga
on
19 Aug 2003 00:47 PDT
Hello:
I have fixed the login process, you were registering the Username
variable as a session var, so everytime a login operation was
attempted, it always used the Username to value "star", which was
stored on your server. Also, the username star with password star
doesn't exists. Use hello, hello to test.
Regarding the login process, is very unsecure, you use just a cookie
with the username, the cookie is not set right, and also, the cookie
is not required to access the user page, for example:
http://www.htauditions.com/freemyaccount.php?user=hello
I will keep working on the rest of things, but I must advise you that
login could be easily cheated.
Also, you haven't renamed your files with .inc extension, which are
easily readable from the web by anyone.
Regards.
|
Request for Answer Clarification by
galgal1-ga
on
19 Aug 2003 07:45 PDT
Hello Jose,
The reason why star star didn't work was because you didn't access the
paid account login form abd that is where there is a user named star
star. I have two login forms, one for the free account (login2.php)
and one for the paid account (login.php). Can you fix both of them so
they work?
For the login being unsecure I thank you for telling me that. How do
you propose that I make it more secure. You don't have to do it just
tell me exactly how. Do you want me to rename the files INC or PHP?
For the e-mail I would like for it to exept just HTML or plain text
and html (whichever is easier for you).
Thank you for everything, you are the best!
|
Clarification of Answer by
joseleon-ga
on
19 Aug 2003 08:23 PDT
Hello, galga:
I have fixed the paid login also, but there is no star account on
that database, these are the contents:
Array ( [0] => ball [name] => ball )
Array ( [0] => ball [name] => ball )
Array ( [0] => [name] => )
Array ( [0] => ball [name] => ball )
Array ( [0] => mdogg [name] => mdogg )
Array ( [0] => mdogg [name] => mdogg )
Array ( [0] => ball [name] => ball )
Array ( [0] => ball [name] => ball )
Array ( [0] => ball [name] => ball )
Array ( [0] => red [name] => red )
You can try with any of these and works.
Regarding secure the login, the easiest way to do it is:
-When setting the cookie, set two cookies, one with the username and
another with the md5(password+privatekey)
-To check if a user is logged, get the username, get the password from
the database, make again the md5 and compare it with the one stored in
the cookie
Regards.
P.S. I keep working on the rest.
|
Clarification of Answer by
joseleon-ga
on
19 Aug 2003 09:04 PDT
Hello, galga1:
I have uploaded to your server two scripts:
-mail.php
<?php
function send_mail($myname, $myemail, $contactname, $contactemail,
$subject, $message,$html=FALSE)
{
$headers .= "MIME-Version: 1.0\n";
if (!$html) $headers .= "Content-type: text/plain;
charset=iso-8859-1\n";
else $headers .= "Content-Type: text/html; charset=iso-8859-1\n";
//$headers .= "X-Priority: 1\n";
//$headers .= "X-MSMail-Priority: High\n";
$headers .= "X-Mailer: php\n";
$headers .= "From: \"".$myname."\" <".$myemail.">\n";
return(mail("\"".$contactname."\" <".$contactemail.">", $subject,
$message, $headers));
}
?>
-mailtest.php
<?php
include "mail.php";
send_mail('Webmaster','webmaster@htauditions.com',
'Jose Leon','test@test.com','subject','message');
echo "mail sent";
send_mail('Webmaster','webmaster@htauditions.com',
'Jose Leon','test@test.com','subject','<b>message</b>',
TRUE);
echo "HTML mail sent";
?>
The first contains a helper function to send mail and the second
contains two samples to send mail, text mail and html mail. I hope it
will be useful to you.
Regards.
|
Request for Answer Clarification by
galgal1-ga
on
19 Aug 2003 09:10 PDT
Hello Jose,
I am very sorry but I don't know how I can compare them (user name,
password) with the one stored in the cookie. If you can tell me that
would be great. Once again if you think it would be easier to caht we
can right away. My screen name is patarok and I am using AIM (Aol
Instant Messenger). If you wan to chat just tell me. Here it is 9:10
AM. I will be waiting.
Regards,
GalGal
|
Clarification of Answer by
joseleon-ga
on
19 Aug 2003 09:22 PDT
Hello:
To get the values stored in the cookies you must use the global
array $HTTP_COOKIE_VARS in this way:
$value=$HTTP_COOKIE_VARS["TestCookie"];
So after you set the cookies, you need to do something like this:
$username=$HTTP_COOKIE_VARS["Username"];
$hashedpass=$HTTP_COOKIE_VARS["Password"];
And then:
-Query the database looking for $username
-Get the password
-Code it:
$storedpass=md5($password+$privatekey);
-Compare it:
if ($storedpass==$hassedpass)
{
//The user is authenticated
}
else
{
exit;
}
Regards.
|
Request for Answer Clarification by
galgal1-ga
on
19 Aug 2003 09:56 PDT
Hello Jose,
Thank you for the instructions. I am not such a good programmer so I
would have to ask you ten questions about your instructions. I think
that will take much more time than if you did it real fast. I want to
know how much tip (I will tip you anyway) I should leave you for all
of this great work. I will offer you to help me with my web site in
the future(and I will pay) because it will grow more and more. If you
have any other tips about how I can make my web site better please
tell me right away and tell me how much it would cost.
Thank you for the great work.
Regards,
Toni
|
Clarification of Answer by
joseleon-ga
on
19 Aug 2003 10:11 PDT
Hello:
I will add make a login to my todo list with you. Regarding tips are
your sole decision, that's why are tips ;-)
Regards.
|
Clarification of Answer by
joseleon-ga
on
20 Aug 2003 00:32 PDT
Hello:
I have finished the login script, I have placed a sample on your
server for you to test:
http://www.htauditions.com/loginsample.php
This sample is configured to work against the free accounts table.
The code has been designed to allow you integrate the login system
into any page, so you can password protect as many pages you want
easily, here is the sample code:
<?php
//Connect to the database
include "connect.inc.php";
//Include the data to access the authentication table
include "freeaccount.inc.php";
//include "paidaccount.inc.php";
//Include login functions
include "securelogin.inc.php";
if (checkUserLogged())
{
//If it's logged, no problem, start showing all the form code
echo "the user is logged!!";
}
?>
The files that make up the login are:
//Database connection information
connect.inc.php
//Access to the free account table information
freeaccount.inc.php
//Access to the paid account table information
paidaccount.inc.php
//The include for the login functions
securelogin.inc.php
Please, test it and I will integrate it into your web after that.
Regards
P.S. I recommend you to make a backup of your web and then make some
cleaning, there is a lot of files and tests which could lead to a
nightmare! ;-)
|
Request for Answer Clarification by
galgal1-ga
on
20 Aug 2003 07:48 PDT
Hello Jose,
Thank you for making a login form for me. It works great! Now am I
going to need a log out button? As for all of the files I will clean
them out when I am done with the web site.
Thank you for all of the help!
Regards,
GalGal
|
Clarification of Answer by
joseleon-ga
on
21 Aug 2003 00:22 PDT
Hello, galga1:
I have finisned to integrate the new login system, this is what I
have done:
-I have fixed some image paths
-Now there is a logout.php script on your server, you just need to
call it to make a logout, place it where you need it
-The login button now points to the account page (instead to a
separate page) and that page checks if the user is already logged or
not, if not, ask for login. If the user is already logged, shows the
account info.
-Both free and paid account have been tested to work
Check it and tell me if everything works ok and if you need something
more.
Regards.
P.S. A last recommendation: It would be better to have all users on
the same database table and setup a field to distinguish between paid
and free ones.
|
Request for Answer Clarification by
galgal1-ga
on
21 Aug 2003 07:57 PDT
Hello Jose,
What is the new login forms name? I thought it was loginsample.php but
it's no. If you have time would you please also make a e-mail form
that e-mails a confirmation message?
Also I would like to not have the free account and paid account
buttons. I had an idea how to do that. What I was thinking was that
when the account is made (free or paid) a cookie is made if the
account is free or paid. Then that cookie is called during
myaccount.php so that when they click on view my account options the
buttons come out for free account if the cookie is free and paid
account if the cookie is paid. nI that possible and sufficient? Will
you be able to do this? Tell me if this is to much work.
Thanks for everything, you are the best!
Best regards,
GalGal
|
Clarification of Answer by
joseleon-ga
on
22 Aug 2003 00:01 PDT
Hello, galga1:
There are no login forms, the login form it's embedded inside each
page that requires login, for example:
myaccount.php
freemyaccount.php
So if the user tries to access that page (in anyway), it will ask for
a login if the user is not logged in. Check out the source code of
those pages to know how you can protect as many pages as you want.
I have modified the subscription scripts (checkall2.php and
freecheck.php) to send a message when the user has been succesfully
subscribed, check out those scripts, the code it's at the bottom and I
think you will want to change the subscription text for your own ;-)
Regarding the cookies stored on the users computer, it's not a good
idea for this kind of website. Let me explain, most of your users are
non teachies, and maybe they will use computers on cyber cafes, on
friends, etc. Saving that cookie is dangerous, I can't tell you how
many times I have used a cybercafe computer and I have had access to
personal information of previous users. I suggest you not to do it,
but if you still want, it would be better to finish off this question
and start a new one. You can put on the subject "For joseleon only:",
this way I will answer it.
Best Regards.
|
Request for Answer Clarification by
galgal1-ga
on
22 Aug 2003 12:07 PDT
Hello Jose,
Thank you for everything. It works great! It is just what I wanted. I
am going to close the question with $40 tip. You deserve more but
that's all I can afford.
One last thing is I accidentaly overwrited the file called
securelogin.inc.php in FTP. Could you send it again beacuse now the
web site only has the old login forms. If you want any money to do
this last thing please tell me.
Best regards,
GalGal
|
Clarification of Answer by
joseleon-ga
on
22 Aug 2003 15:19 PDT
Hello:
Thanks for the tip, and don't worry about the amount, it's great to
work for you ;-)
Regarding restore the securelogin script, I have had to restore the
script to the original state by hand, because I have the sources at my
job and I couldn't go until monday, now should work ;-)
Regards and thanks!
|
Request for Answer Clarification by
galgal1-ga
on
22 Aug 2003 16:06 PDT
Hello Jose,
I am sorry to bother you again but you somehow switched the login
forms for paid account and free account. When you click on paid
account the free account login form comes up and when you click on the
paid account button the free account login form comes up. Please try
to fix this whenever you can. Thank you for all the help and I will
ask you more things in the future.
Have a great day!
Best regards,
GalGal
|
Clarification of Answer by
joseleon-ga
on
23 Aug 2003 02:35 PDT
Hello, galga1:
I don't understand what do you mean by *switch*. I have seen that
you have overwritten some html files I modified to make the images
come up. Be sure you download all the source code from the website
before start modifying on your own.
I have checked all the login process and works well, I mean:
Paid account:
-paid_account.htm
-If you click on signup, points you to myaccount.php
-If you make a login, for example, with hello, hello, you are still
on myaccount.php, which is the paid account page.
Free account:
-free_account2.htm
-If you click on signup, points you to freemyaccount.php
-If you make login, for example, with mdogg, mdogg, you are still on
freemyaccount.php, which is the free account page.
If you can explain more on this, I will fix it ;-)
Regards.
|
,
0 Comments
)