Adding data...

[birbal]

sorry i forgot to mention that. it will be var_dump($_POST);var_dump("$_POST") will show you the 'Array' string.

[2old2learn?]

sorry i forgot to mention that. it will be var_dump($_POST);var_dump("$_POST") will show you the 'Array' string.

Okay when I get home I will do this string :

public function isTokenValid()  {  	 var_dump($_SESSION['token'], $this->_token); //dump them to see what the problem is  		 return (!isset($_SESSION['token']) || $this->_token != $_SESSION['token'])? 0 : 1;  }

[2old2learn?]

Well added this to class.login.php and inside of Function_construct()

public function __construct()    {		$this->_errors = array();	$this->_login  = isset($_POST['login'])? 1 : 0;	$this->_access = 0;	$this->token   = isset($_POST['token'])? $_POST['token']:'';		var_dump($_SESSION['token'], $this->_token); //dump them to see what the problem is	return (!isset($_SESSION['token']) || $this->_token != $_SESSION['token'])? 0 : 1;	$this->_id	   = 0;	$this->_username = ($this->_login)? $this->filter($_POST['username']) : (isset($_SESSION['username']) ? $_SESSION['username']: null);	$this->_password = ($this->_login)? $this->filter($_POST['password']) : (isset($_SESSION['password']) ? $_SESSION['password']: null);	$this->_passmd5  = ($this->_login)? md5($this->_password) : (isset($_SESSION['password']) ? $_SESSION['password'] : null);  }

The result was this:

string(32) "460dc0b6e75b225bec004ccb9e6cc9e4" NULL

What exactly does this mean ..and is this result keeping me from logging in..???

[justsomeguy]

I'm entering this discussion fairly late and haven't read the previous 227 posts, but if this:var_dump($_SESSION['token'], $this->_token);produces this:string(32) "460dc0b6e75b225bec004ccb9e6cc9e4" NULLthen that means that $_SESSION['token'] is the string you see, and $this->_token is null. It looks like sometimes you have an underscore before "token" and sometimes you don't.Also, MD5 should have fallen out of use years ago for password hashes. SHA-1 or SHA-2 should be used at a minimum, or a more complex hashing function will be more secure. MD5 was only around for 5 years, from 1991 to 1996, before a flaw was found in it that caused people to recommend against using it. I have no clue why anyone still suggests using it or includes it in security tutorials, there's not a single reason for using it. Other flaws in MD5 were found every year between 2004 and 2008, prompting the U. S. Department of Homeland Security to say MD5 "should be considered cryptographically broken and unsuitable for further use." I'm surprised that didn't happen sooner than 2008, it was clear it was broken earlier than that.

[2old2learn?]

I'm entering this discussion fairly late and haven't read the previous 227 posts, but if this:var_dump($_SESSION['token'], $this->_token);produces this:string(32) "460dc0b6e75b225bec004ccb9e6cc9e4" NULLthen that means that $_SESSION['token'] is the string you see, and $this->_token is null. It looks like sometimes you have an underscore before "token" and sometimes you don't.Also, MD5 should have fallen out of use years ago for password hashes. SHA-1 or SHA-2 should be used at a minimum, or a more complex hashing function will be more secure. MD5 was only around for 5 years, from 1991 to 1996, before a flaw was found in it that caused people to recommend against using it. I have no clue why anyone still suggests using it or includes it in security tutorials, there's not a single reason for using it. Other flaws in MD5 were found every year between 2004 and 2008, prompting the U. S. Department of Homeland Security to say MD5 "should be considered cryptographically broken and unsuitable for further use." I'm surprised that didn't happen sooner than 2008, it was clear it was broken earlier than that.

Wow, thanks for the info on this..would be interested in how to convert to the system you mention "SHA-1 or SHA-2" also once i log in as a new user and this string is still present when I go to log in it boot me out..so how do I clear this string my feeling is the string is preventing anyone from logging in..am I correct on this...This log in script is from a youtube tutorial..."phpClass " was the profile name..downloaded the script and try to learn it as I went along..and wanted to add this to my work project..since they want users to log in..Thanks...

[justsomeguy]

If you want to remove something in the session, you can use unset or just set the value to empty.http://www.php.net/manual/en/function.unset.phpPHP has a function for calculating SHA-1 hashes:http://www.php.net/manual/en/function.sha1.phpYou can use the generic hash function to use hashes from the SHA-2 family, like SHA-256 or SHA-512:http://www.php.net/manual/en/function.hash.php

[2old2learn?]

Post/deleted..sorry nothing important

[2old2learn?]

Found the error with outside help and the error was caused here

public function isTokenValid()  {	var_dump($_SESSION['token'], $this->_token); //dump them to see what the problem is <<< here is what was added...		return (!isset($_SESSION['token']) || $this->_token != $_SESSION['token'])? 0 : 1;	//return (!isset($_SESSION['token']) || $this->_token != $_SESSION['token'])? 0 : 1;  }

the above was changed to that and it works..once I log in it takes me to the " Members Area "I thank everyone who put soooooo much time in helping me...but I still have a long ways to go..so I do count on you...thanks.. :)

[2old2learn?]

Birbal thank you sooooo very much in all that you have done..now login works great..not sure is email is added in once someone registers..but that is not really necessary at this point..Now once I log in how do I re-direct to another index/homepage???Here is index script:

<?phpsession_start();include('/class.login.php');$login = new Login();if($login->isLoggedIn())  echo "Members Area - Welcome to my Site";//Now how do I direct to my homepage from here now..tried Include('/folder/index.php');?????   else   echo "Front Page"; ?>

As you can see I have tried a Include file..it was a no go!!

[birbal]

include will just include the file something like copy paste if you need to redirect you need to use header("location:yourpageaddress.php");If you use header make sure there is no any output has been made to the browser.other wise it will throw you some error

[2old2learn?]

include will just include the file something like copy paste if you need to redirect you need to use header("location:yourpageaddress.php");If you use header make sure there is no any output has been made to the browser.other wise it will throw you some error

Ahhh...thanks..buddy..I realized that once I got to work..so I will make the changes..once I get home..also I have the pages pass protected..don't have the code in front of me right now..but I think if I am right I just add (not sure) Include('class.login.php;) to tell script that you are logged in...am I close in saying this...??

[2old2learn?]

include will just include the file something like copy paste if you need to redirect you need to use header("location:yourpageaddress.php");If you use header make sure there is no any output has been made to the browser.other wise it will throw you some error

Cool got it working now..thanks..now I tried this out to see if it worked once I logged in and it didn't this set the page password protected..here is the code:

<?php //This block prevents users from viewing this page unless logged inglobal $user;if ($user->uid) {  <<// Am I correct that this is looking for a " UniqueID "..?? Right now my users table is just "ID" So if I delete users can I change table ID to unique..???	return "This page is only visible for logged-in users.";	} else {  	echo "<script type='text/javascript'>alert('To Access this Page .. Please Log In!');</script>"; 	include('home.php');		//echo "Please Log In!";	return;		}	?>

This is the error message I get..was hoping I could get this right without asking for help...to show what you given with your help that I was getting the idea..of scripting...

Notice: Trying to get property of non-object in C:\xampp\htdocs\login_scripts\index_sr.php on line 9

[birbal]

according to your code this the function to check a user is logged in or not.

public function isLoggedIn() { ($this->_login)? $this->verifyPost() : $this->verifySession(); return $this->_access; }

you need to check on every page that its returning true or not. if its returning true user is logged in else he is not.You need to include the class everytime to create a instance from it

include 'login.php';

then you have to make a object of class $user=new Login();if($user->isLoggedIn()){//do something for logged user}else{// do something for non logged user}

Notice: Trying to get property of non-object in C:\xampp\htdocs\login_scripts\index_sr.php on line 9

this error means you are trying to access a property rather than an object.

[2old2learn?]

Wow...warning to all except the pro's here(they know better)...don't forget to back up your files... I accidentally messed up my class.register.php file..and for the life of me..I couldn't remember what I did and how to correct it...was at a loss..for hours I spent on this error..but I then remembered I made a back up...of this file..and behold..there it was..so I just replaced the messed up class file with the back up ..and bingo back to normal except for a minor error which I fixed immediately...So Remember to Back Up your files in your project/or anyother set up your doing...So a full day of progressing on my project was lost..again back up, back up, back up!!!!!

[2old2learn?]

Hey hope I am making some headway here...well I took this login block from my old web site..and made some adjustments..had numerous error's then I tweaked it..and now down to 2 error's One error on Line 3 the others on Line 5 here is the code:

<?php//Player Login/Logged-In Blockif(user){	<<< This is first error on line 3 $servertime = date("D g:i A"); $out[toprightcorner]=$out[toprightcorner]."	<< This is the second error on Line 5.. <table width='200' height=='90' border='0' cellspacing='0' cellpadding='2'> <tr> <td valign='top' align='center' width='100%' height='100%'> <strong> <font class='catfont'> Welcome user[user]<br> Your Player ID is user[id]<br> Server Time: $servertime </font> </strong> </td> </tr> </table>"; }else{   $out[toprightcorner]=$out[toprightcorner]."  <table width='100%' border='0' cellspacing='0' cellpadding='2'>  <tr>  form method='post' action='login'>  <td valign='center' align='left'><font class='catfont'><strong>Player ID:</strong></font></td>  <td valign='center. align='right'><input type='text' name='userid' class='loginforma' onblur=\"if (value =='') {vaule ='Login'}\" onfocus=\"if (value == 'Login') {value =''}\" value='Login'></td>  </tr>  <tr>  <td valign='center' align='left'><font class='catfont'><strong>Password:</strong></font></td>  <td valign='center' align='right'><input type='password' name='playerpss' value='' class='loginformb'></td>  </tr>  <tr>  <td widthi='100%' valign='center' align='right'colspan='2'>  <input type='hidden' name='action' value='login'>  <input type='submit' value='' class='loginformc'></td>  </tr>  </form>  </table>";}?>

[birbal]

if(user){

Probably you are missing a dollar here $user. if you use like 'user' it will be taken as constant

$out[toprightcorner]=$out[toprightcorner]."

you are missing quote here around topicrightcorner. same as above it will be first taken as constant. if its unable to find such a constant it will throw some errors and take it as literal after that.though i am not sure why you need to assign upon same variable here.

[2old2learn?]

Probably you are missing a dollar here $user. if you use like 'user' it will be taken as constantyou are missing quote here around topicrightcorner. same as above it will be first taken as constant. if its unable to find such a constant it will throw some errors and take it as literal after that.though i am not sure why you need to assign upon same variable here.

Yea, I made those changes now just have one error on line 5...this is a User's login block script from my old competition web site..just want to make a login block page of my web page..I have the login script working..but that only for now takes you to another page..I would like to have it part of site page..and you see it in the top corner..

[2old2learn?]

Hey I am trying out a new login script..the other one I was working on still works..but always good to learn new technic's..right!I managed to clear most error's but I get this one still...

Parse Error: syntax error unexpect T_STRING in Challenge.php line 5

Here is the code for challenge.php file:

<?phpsession_start();$validate = hash('sha512', $_COOKIE['authenticate'] . $_SESSION['key'], false);$username = hash('sha512', $_SESSION['user'], false);if (!session_is_registered('$_COOKIE['authenticate']') || !session_is_registered($validate) || !session_is_registered($username)) {	$charset = array('A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','0','1','2','3','4','5','6','7','8','9');  	$key = "";	$c = 0;	for(; $c < 32; $c++)	{		$r = rand(0, 61); 		$key .= $charset[$r];	}	$_SESSION['key'] = $key;	echo $key;}else	echo ("_SESSION_REGISTERED_");?>

Thanks

[Err]

Remove the outer-most single quotes around '$_COOKIE['authenticate']'

[2old2learn?]

Remove the outer-most single quotes around '$_COOKIE['authenticate']'

I believe I did that earlier..and a much bigger problem arised..will try later though since I brought my laptop to work this time..thanks..Update: Yes, I did have the single ' ' removed..and no different..

[birbal]

session_is_registered() has been deprecated. you may want to like to use the super global array $_SESSION to work with session.to determine a session exist or not you can use something like isset($_SESSION['somedata'])

I believe I did that earlier..and a much bigger problem arised..will try later though since I brought my laptop to work this time..thanks..Update: Yes, I did have the single ' ' removed..and no different..

which quote did you remove? removing the outer quote should fix the parse error.

[2old2learn?]

session_is_registered() has been deprecated. you may want to like to use the super global array $_SESSION to work with session.to determine a session exist or not you can use something like isset($_SESSION['somedata'])which quote did you remove? removing the outer quote should fix the parse error.

I removed it from here...

if (!session_is_registered('$_COOKIE['authenticate']') || !session_is_registered($validate) ||

if (!session_is_registered($_COOKIE['authenticate'] ) || !session_is_registered($validate) ||

When I get home which will be easier I will post login script and then this will make sense..

[justsomeguy]

Use isset instead:if (!isset($_SESSION[$_COOKIE['authenticate']]) ...That assumes that $_COOKIE['authenticate'] contains the name of a variable that you're looking for in the session. Is that what you're trying to check for?

[2old2learn?]

Use isset instead:if (!isset($_SESSION[$_COOKIE['authenticate']]) ...That assumes that $_COOKIE['authenticate'] contains the name of a variable that you're looking for in the session. Is that what you're trying to check for?

Well this is a newer verion of a login script..right now I will post the script.once I get home...I am at work right now..info is not available..here..thanks that seems though it might be it though...

[2old2learn?]

Okay Okay..before I go any further..I don't want anyone to think the wrong thing here..its just I am having a very very hard time understand somethings..especially this and any other login script I delt with in the past..the last one still work and is great I just don't know how to go about to impliement it..So here is one login script that really looks tough to understand..and I think I would really like to use this one unless someone has a real good one that I can just add into my project..Here is the login code...it would be nice if someone could line by line explain why/what each line does and why it does what it does..there is five parts to it ...but I think if I caught the idea with this first one..the rest won't be needed...I hope I can get some understanding on this...

<?php session_start() ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>LOGIN</title><script type="text/javascript" src="sha512.js"></script><script type="text/javascript">document.oncontextmenu = function() { return false; } //disable right clicking function getKey() {	 var xmlhttp;	 if (window.XMLHttpRequest)		 xmlhttp = new XMLHttpRequest();	 else		 xmlhttp = new ActiveXObject("Microsoft.XMLHTTPREQUEST");	 xmlhttp.onreadystatechange = function() {		 if(xmlhttp.status == 200 && xmlhttp.readyState == 4) {			 var str = xmlhttp.responseText;			 alert(str);			 var expr = /^_SESSION_REGISTERED_/;			 if (str.search(expr) == -1 ) {				 if (str.length > 32)		 //this is only because 000webhost concats a counter to the key and i only need the first 32 characters since my key is 32 chars long :)		 str = str.substr(0, 32); 				document.getElementById("key").value = str;				 document.getElementById("login").disabled = false;			 }			 else{				 document.getElementById("results").innerHTML = "You are already logged in! " + "Logout <a href=\"logout.php\">Here</a>";				 return;			 }		 }	 }	 xmlhttp.open("GET", "challenge.php", true);	 xmlhttp.send(); } function login() {	 var xmlhttp;	 if (window.XMLHttpRequest)		 xmlhttp = new XMLHttpRequest();	 else		 xmlhttp = new ActiveXObject("Microsoft.XMLHTTPREQUEST"); 	var key = document.getElementById("key").value;	 var pass = hex_sha512(document.getElementById("password").value);	 var auth = hex_sha512(key + pass); 	xmlhttp.onreadystatechange = function() {		 if(xmlhttp.status == 200 && xmlhttp.readyState == 4)			 document.getElementById("results").innerHTML = xmlhttp.responseText;	 } 	document.getElementById("results").innerHTML = "Please wait...";	 var str = "user=" + document.getElementById("username").value + "&hash=" + auth + "&pass=" + pass;	 xmlhttp.open("POST", "auth.php", true);	 xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");	 xmlhttp.send(str); }</script></head><body onload="getKey()" style="background-color:#CC"><div align="center" style="border:thin solid black; width:400px">  <form id="form1" name="form1">	<table>  <tr>  <td>Username</td>  <td><input type="text" id="username" name="username" size="30" /></td>  </tr>  <tr>  <td>Password</td>  <td><input type="password" id="password" name="password" size="30" /></td>  </tr>	</table>	<input type="hidden" id="key" name="key" />  </form>  <button id="login" disabled="disabled" onclick="login()">LOGIN</button></div><div id="results"></div>If you can see this page =><a href="sample_page.php"> Sample Page </a> then you've successfully registered.</body></html>

again if I don't understand what each line is for ... then this is all mute..Many thanks..Part 2:

<?phpsession_start();$validate = hash('sha512', $_COOKIE['authenticate'] . $_SESSION['key'], false);$username = hash('sha512', $_SESSION['user'], false);if (!session_is_registered($_COOKIE['authenticate']) || !session_is_registered($validate) || !session_is_registered($username)) {	$charset = array('A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','0','1','2','3','4','5','6','7','8','9');  	$key = "";	$c = 0;	for(; $c < 32; $c++)	{		$r = rand(0, 61); 		$key .= $charset[$r];	}	$_SESSION['key'] = $key;	echo $key;}else	echo ("_SESSION_REGISTERED_");?>