Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 2 of 2 FirstFirst 12
Results 16 to 27 of 27
  1. #16
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,531
    Thanks
    8
    Thanked 1,091 Times in 1,082 Posts
    I see now why I was confused by this.

    Usually, when a person registers, everything goes into a database before the confirmation is sent. A column in the db table has a status of confirmed or not confirmed. Then, a unique key is created that is written into the user's db row. That key is part of the confirmation email link ... example:
    http://www.mysite.com/confirm.php?key=J7BMTi0e293Kr834

    The script called confirm.php compares the key to the database. If it matches, the status is 'confirmed'.

    No other information is ever used with the confirmation email except that key.
    Do you see how much more secure that would be? Not having the email and password showing in the URL variables?




    .
    Last edited by mlseim; 02-28-2013 at 02:37 AM.

  2. #17
    Regular Coder
    Join Date
    Nov 2011
    Location
    Preston, UK
    Posts
    131
    Thanks
    36
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by mlseim View Post
    I see now why I was confused by this.

    Usually, when a person registers, everything goes into a database before the confirmation is sent. A column in the db table has a status of confirmed or not confirmed. Then, a unique key is created that is written into the user's db row. That key is part of the confirmation email link ... example:
    http://www.mysite.com/confirm.php?key=J7BMTi0e293Kr834

    The script called confirm.php compares the key to the database. If it matches, the status is 'confirmed'.

    No other information is ever used with the confirmation email except that key.
    Do you see how much more secure that would be? Not having the email and password showing in the URL variables?




    .
    Thank you so much for your advise.
    I was given similar advice previously, but to be honest I didn't fully understand.
    What you have said about security is now very clear. What isn't so clear is HOW to do it.

    One of my problem areas is HOW does the first entry into the database get removed if the proposer isn't genuine and doesn't follow up.

    I will have to think long and hard about how to code this system.

    I must say though, it does make absolute sense.

    Thanks again.
    The MAN, The MYTH, The LEGEND:
    John C
    ________________________________
    Support your local Country Music Club

  3. #18
    Regular Coder Arcticwarrio's Avatar
    Join Date
    May 2012
    Location
    UK
    Posts
    727
    Thanks
    20
    Thanked 85 Times in 85 Posts
    You can have your code for list of clubs only show confirmed clubs and every x months purge manually purge non confirmed clubs

    or something like that

    i made a random generator a while back:

    http://www.codingforums.com/showthread.php?t=270020
    Last edited by Arcticwarrio; 02-28-2013 at 09:42 AM.
    There are 10 types of people on CodingForums,
    Those who understand Binary and those who dont.
    Get Cloud Hosting now from only£59 / month

  4. #19
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,531
    Thanks
    8
    Thanked 1,091 Times in 1,082 Posts
    You can also have a column called 'timestamp'. Use UNIX time(); for a timestamp.
    Write that when they register. After a month has passed on any rows that haven't been confirmed, you delete those rows.

  5. #20
    Regular Coder
    Join Date
    Nov 2011
    Location
    Preston, UK
    Posts
    131
    Thanks
    36
    Thanked 0 Times in 0 Posts
    Hi Guys...

    I haven't got round to your suggestions about the start of the script.
    I will do, when I figure out how to do it. Hopefully without help.

    Meanwhile, I have been continuing with the script, which is not affected by a change in the start, and I am struggling. I have been working on this for over 4 hours, without success.

    I need to replace "##[club_code]##" in a file with "$club_code"
    this is where I am up to. My register-exec.php file contains :
    PHP Code:
    //CREATE NEW ADD DATES PAGE        
            
    $old_add_dates 'fr_add_dates.php';
            
    $new_add_dates $club_code."_add_dates.php";
            
    $old_add_dates_tpl "fr_add_dates.tpl";
            
    $new_add_dates_tpl $club_code."_add_dates.tpl";
        
            
    copy($old_add_dates$new_add_dates) or die("Unable to copy $old_add_dates to $new_add_dates.");
            
    copy($old_add_dates_tpl$new_add_dates_tpl) or die("Unable to copy $old_add_dates_tpl to $new_add_dates_tpl.");
            
    chmod($new_add_dates,0777) or die("Unable to chmod $new_add_dates to 0777.");
            
    chmod($new_add_dates_tpl,0777) or die("Unable to chmod $new_add_dates_tpl to 0777.");
            
            
    $file_contents file_get_contents($new_add_dates_tpl);
            
    $file_contents str_replace("##[club_code]##","$club_code",$file_contents);                file_put_contents($new_add_dates_tpl,$file_contents);
    /*echo "return = ".$club_code; exit;*/
            
    $file_contents file_get_contents($new_add_dates);
            
    $file_contents str_replace("##[club_code]##","$club_code",$file_contents);                file_put_contents($new_add_dates,$file_contents); 
    My new file, $new_add_dates = $club_code."_add_dates.php"; is created OK, but the replacement doesn't take place.
    Here is the code in the new file:
    PHP Code:
    $template join('',file('##[club_code]##_add_dates.tpl')); 
    Here is the newly created file attributes:
    Code:
    -rwxrwxrwx 1 apache       apache        5251 Mar  1 11:54 fr1249_add_dates.php
    -rwxrwxrwx 1 apache       apache        6129 Mar  1 11:54 fr1249_add_dates.tpl
    The directory attributes are:
    Code:
    drwxrwxrwx 4 countrymusic apache       4096 Mar  1 11:54 fr_admin
    This is part of the contents of fr1249_add_dates.php:
    Code:
    $template = join('',file('##[club_code]##_add_dates.tpl'));
    
    echo $template;
    exit;
    and it should be:
    Code:
    $template = join('',file('fr1249_add_dates.tpl')); 
    
    echo $template;
    exit;
    I'm hoping that somebody can tell me what is wrong.
    The replacements are OK in all other files.

    I'm hoping that I'm not going to look like a 'complete dick head' again.

    Thank you.
    The MAN, The MYTH, The LEGEND:
    John C
    ________________________________
    Support your local Country Music Club

  6. #21
    Regular Coder
    Join Date
    Nov 2011
    Location
    Preston, UK
    Posts
    131
    Thanks
    36
    Thanked 0 Times in 0 Posts
    After many more hours of testing, I have found a solution to my problem.
    Instead of:
    PHP Code:
            $old_add_dates 'fr_add_dates.php';
            
    $new_add_dates $club_code."_add_dates.php"
    I changed to:
    PHP Code:
            $old_add_dates 'fr_add_dates.php';
            
    $new_add_dates $club_code."_add_dates.htm";
            
    $new_php_add_dates $club_code."_add_dates.php"
    I then added:
    PHP Code:
            copy($new_add_dates$new_php_add_dates) or die("Unable to copy $new_add_dates to $new_php_add_dates.");
            
    chmod($new_php_add_dates,0777) or die("Unable to chmod $new_php_add_dates to 0777."); 
    I can then perform the replace function that I need:
    PHP Code:
    $file_contents file_get_contents($new_php_add_dates);
            
    $file_contents str_replace("##[club_code]##","$club_code",$file_contents);                        file_put_contents($new_php_add_dates,$file_contents); 
    I now need to delete the $new_add_dates (.htm file). I tried:
    PHP Code:
    $fh fopen($new_add_dates'w') or die("can't open file");
            
    fclose($fh);
            
    unlink($new_add_dates); 
    but it doesn't delete the file.
    Can anybody suggest how I can delete the unwanted file ???


    Thanks.
    The MAN, The MYTH, The LEGEND:
    John C
    ________________________________
    Support your local Country Music Club

  7. #22
    Regular Coder Arcticwarrio's Avatar
    Join Date
    May 2012
    Location
    UK
    Posts
    727
    Thanks
    20
    Thanked 85 Times in 85 Posts
    can you just rename the file instead?
    There are 10 types of people on CodingForums,
    Those who understand Binary and those who dont.
    Get Cloud Hosting now from only£59 / month

  8. #23
    Regular Coder
    Join Date
    Nov 2011
    Location
    Preston, UK
    Posts
    131
    Thanks
    36
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Arcticwarrio View Post
    can you just rename the file instead?
    Hi Arcticwarrio...
    Thank you for your suggestion.

    However, it turned out that I didn't need to have the second process.
    I had overlooked a piece of code, further down the script, that was causing all my problems.

    Thank you ALL...
    The MAN, The MYTH, The LEGEND:
    John C
    ________________________________
    Support your local Country Music Club

  9. #24
    Regular Coder
    Join Date
    Nov 2011
    Location
    Preston, UK
    Posts
    131
    Thanks
    36
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by mlseim View Post
    I see now why I was confused by this.

    Usually, when a person registers, everything goes into a database before the confirmation is sent. A column in the db table has a status of confirmed or not confirmed. Then, a unique key is created that is written into the user's db row. That key is part of the confirmation email link ... example:
    http://www.mysite.com/confirm.php?key=J7BMTi0e293Kr834

    The script called confirm.php compares the key to the database. If it matches, the status is 'confirmed'.

    No other information is ever used with the confirmation email except that key.
    Do you see how much more secure that would be? Not having the email and password showing in the URL variables?

    .
    Hi Guys..

    I just want to thank ALL who helped and advised me with this project.

    I think I have now just about finished it.

    On exceptionally good advice, I have now loaded the database on the first click of the input form, including a security key. I created a new field in the database, m_key, and send confirmation email with this m_key plus status (to change the status field from 0 to 1)
    Code:
    Please DO NOT reply to this email. It is an unattended mailbox.
    
    To validate your email address, please click the following link:
    
    http://countrymusic.org.uk/cm_clubs/cm_admin/register-exec.php?m_key=3c4d583d63292f70aba39f853fa7a9e8&status=1
    By changing the status field to 1, I can see at a glance if any status fields remain at 0 which will indicate that the submission was not confirmed.

    There is just one query that I have:

    It has been suggested that I use sha1 rather than md5.
    Is there any advantage to this. ????

    Once again, I really appreciate all the help and advice that I have been given.

    THANK YOU
    The MAN, The MYTH, The LEGEND:
    John C
    ________________________________
    Support your local Country Music Club

  10. #25
    Regular Coder Arcticwarrio's Avatar
    Join Date
    May 2012
    Location
    UK
    Posts
    727
    Thanks
    20
    Thanked 85 Times in 85 Posts
    its just higher encryption and harder to hack
    There are 10 types of people on CodingForums,
    Those who understand Binary and those who dont.
    Get Cloud Hosting now from only£59 / month

  11. #26
    New to the CF scene
    Join Date
    May 2013
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Please help me with this issue, I owned a social network, i want to show my users password in my database. please help me out with this issue because the password is encrypt and is not showing.

  12. #27
    New to the CF scene
    Join Date
    May 2013
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    please help me I owned a social network, i want to show my users password in my database. please help me out with this issue because the password is encrypt and is not showing.


 
Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •