1
PHP / Re: Handling User Passwords
« Last post by GrumpyYoungMan on Today at 03:51:26 pm »Thanks I will see if I can figure it all out...
Recent Posts
2
HTML / CSS / Re: META redirect and HTML 5
« Last post by GrumpyYoungMan on Today at 03:50:48 pm »That make sense, what about handing the registration? Like telling them to wait for email to activate there account, etc?
3
HTML / CSS / Re: CSS Styling via class or id
« Last post by Jason Knight on Today at 03:13:27 pm »Ok, you need to learn "selectors and combinators". A space in CSS is the DESCENDANT combinator.
As your h1 is not a CHILD or grandchild of #mystyle, of course it doesn't work. That's what the space MEANS.
The last one you wrote would target the H1 if the markup were this:
Because then the H1 is then a child of the DIV.
https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_Selectors#Combinators
As your h1 is not a CHILD or grandchild of #mystyle, of course it doesn't work. That's what the space MEANS.
The last one you wrote would target the H1 if the markup were this:
Code: [Select]
<div id="myStyle"><h1>test</h1></div>Because then the H1 is then a child of the DIV.
https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_Selectors#Combinators
4
HTML / CSS / CSS Styling via class or id
« Last post by GrumpyYoungMan on Today at 02:49:32 pm »Styling HTML tags with custom CSS.
I came across a strange problem tonight with styling an H1 tag, the two listed below worked as expected:
Where as this one didn't:
the HTML code was just
Any ideas as to what I have done wrong?
I came across a strange problem tonight with styling an H1 tag, the two listed below worked as expected:
Code: [Select]
#myStyle { /* My Style Code */ }Code: [Select]
h1#myStyle { /* My Style Code */ }Where as this one didn't:
Code: [Select]
#myStyle h1 { /* My Style Code */ }the HTML code was just
Code: [Select]
<h1 id="myStyle">Test</h1>Any ideas as to what I have done wrong?
5
PHP / Re: Handling User Passwords
« Last post by Jason Knight on Today at 02:26:37 pm »First off never blindly !='' on $_POST or any other system set array, use !empty instead in case the index doesn't exist.
Next, stop using double quotes where you don't need them. If you do need them, use string addition as it's faster than string parsing.
Use "if on assignment" rather than screwing around assigning then testing.
I would add an expiry time to the lockout. Hard lockouts with NO timeout could screw even yourself. Usually if you shut them out for 24 hours that's sufficient.
!empty on the $dbUser fetch is unneccessary, any loose false will do.
One big "screwup" (IMHO) is how you check for failed login / lockout twice. I'd try re-arranging that, but for now I lack the time to really go in and do a rewrite to show what I mean.
For the most part though you're on the right track, you just need some tweaking and better practices.
Next, stop using double quotes where you don't need them. If you do need them, use string addition as it's faster than string parsing.
Use "if on assignment" rather than screwing around assigning then testing.
I would add an expiry time to the lockout. Hard lockouts with NO timeout could screw even yourself. Usually if you shut them out for 24 hours that's sufficient.
!empty on the $dbUser fetch is unneccessary, any loose false will do.
One big "screwup" (IMHO) is how you check for failed login / lockout twice. I'd try re-arranging that, but for now I lack the time to really go in and do a rewrite to show what I mean.
For the most part though you're on the right track, you just need some tweaking and better practices.
6
HTML / CSS / Re: META redirect and HTML 5
« Last post by Jason Knight on Today at 02:07:07 pm »With logins the best approach is to just send the user back to the page they logged in from. That way they don't lose where they were.
Hence my current approach is to make logins a modal dialog that is sent to all pages when a user isn't logged in. Because I use "one index" construction ALL pages are really the same page with different content plugged in, so the login / user is logged in checks are run for every page. As such you just change where it says guest to the user name / avatar / what have you, and the trigger for the modal to a logout button -- and of course omit the modal login form.
Then use a random hash in the session matched to a hidden so that if they hit back, they can't re-use the old login form, deleting / recreating the hash on login or on a new form.
No redirects or extra sub-pages needed -- unless they FAIL logging in... in that case I send the login form modal open instead of closed with the error message.
Hence my current approach is to make logins a modal dialog that is sent to all pages when a user isn't logged in. Because I use "one index" construction ALL pages are really the same page with different content plugged in, so the login / user is logged in checks are run for every page. As such you just change where it says guest to the user name / avatar / what have you, and the trigger for the modal to a logout button -- and of course omit the modal login form.
Then use a random hash in the session matched to a hidden so that if they hit back, they can't re-use the old login form, deleting / recreating the hash on login or on a new form.
No redirects or extra sub-pages needed -- unless they FAIL logging in... in that case I send the login form modal open instead of closed with the error message.
7
PHP / Re: Handling User Passwords
« Last post by GrumpyYoungMan on Today at 08:40:40 am »For now I am using password_verify:
Am I going down the right lines? Securely? apart from the database hash retrieve... I am not a fan of this...
Code: [Select]
// If the "username" and "password" inputs are set then continue with the login:
if( $_POST['username'] != "" && $_POST['password'] != "" ) {
// Fetch User from DB
$fetchUser = $DB->prepare("
SELECT
u_id, u_user, u_email, u_password, u_login_attempts
FROM
{$prefix}users
WHERE
u_user=:username
");
$fetchUser->execute( [
':username' => $_POST['username'],
] );
$dbUser = $fetchUser->fetch();
// PASSword Match?
if( ! empty($dbUser) ) {
if( $dbUser['u_login_attempts'] < 3 ) {
if( ! password_verify($_POST['password'], $dbUser['u_password'] ) ) {
// Incorrect Password:
$errors[] = "invalid_login_2_credentials";
// Update FAILED logim attempts:
$userLogInAttempts = $DB->prepare("
UPDATE
{$prefix}users
SET
u_login_attempts = Coalesce(u_login_attempts, 0)+1, u_last_login_attempt = NOW()
WHERE
u_id=:uid
");
$userLogInAttempts->execute( [
':uid' => $dbUser['u_id'],
] );
if ( ( $dbUser['u_login_attempts'] + 1 ) >= 3 ) {
// ADD EMAIL TO QUEUE
$lockedEmail = $DB->prepare("
INSERT INTO
{$prefix}email_queue (
eq_id, eq_to, eq_from, eq_subject, eq_message, eq_added
)
VALUES (
:id, :to, :from, :subject, :message, NOW()
)
");
$lockedEmail->execute( [
':id' => uniqid(),
':to' => $dbUser['u_email'],
':from' => $CONFIG['email_from'],
':subject' => "Account Locked",
':message' =>"Your account has now been locked for security reasons. <p>Sorry!</p>Test Message!"
] );
}
}
else {
echo "<h1>MORE login stuff...?</h1>\n";
// Update Last Login:
$userLastLogIn = $DB->prepare("
UPDATE
{$prefix}users
SET
u_last_login = NOW()
WHERE
u_id=:uid
");
$userLastLogIn->execute( [
':uid' => $dbUser['u_id'],
] );
}
}
else {
// LOCKED Account:
$errors[] = "invalid_login_3_credentials";
}
}
else {
// Invalid DB User
$errors[] = "invalid_login_1_credentials";
}Am I going down the right lines? Securely? apart from the database hash retrieve... I am not a fan of this...
8
HTML / CSS / Re: META redirect and HTML 5
« Last post by GrumpyYoungMan on Today at 07:27:06 am »Thanks again Jason, you are spot on, you are basically right, I am copying what I have seen from other sites.
So what are you saying I should just take the input and redirect back to homepage? Or another page just confirming the details have been entered?
So the:
Login Form - redirect successful - home page is an old technique now?
So what are you saying I should just take the input and redirect back to homepage? Or another page just confirming the details have been entered?
So the:
Login Form - redirect successful - home page is an old technique now?
9
PHP / Re: HTML & CSS in Email
« Last post by Dave on Today at 05:23:51 am »Safest to use inline styling since a lot of (most) mail clients won't allow external style sheets. PHPMailer is probably the easiest mailer to use out there though there are several available of course.
10
PHP / HTML & CSS in Email
« Last post by GrumpyYoungMan on Today at 04:54:29 am »How do we send HTML in email?
As in, do we have to use "inline" styles?
Also is PHPMailer an suitable third party add on to enable SMTP email sending?
As in, do we have to use "inline" styles?
Also is PHPMailer an suitable third party add on to enable SMTP email sending?
Advertisement
CUTCODEDOWN.COM
© Jason M. Knight
Forums powered by
SMF 2.0.15
SMF © Simple Machines
Used under license
© Jason M. Knight
Forums powered by
SMF 2.0.15
SMF © Simple Machines
Used under license