I have a class in PHP called cUser:
class cUser {
var $m_email;//The users email adresse(String)
var $m_password;//His password(String)
var $m_username;//His username(String)
var $m_active;//If the user have been activate (By following a link send to him via is email)(Bool)
function __construct($p_username, $p_password, $p_email, $p_active) {
$this->m_username = $p_username;
$this->m_password = $p_password;
$this->m_email = $p_email;
$this->m_active = $p_active;
}
//this is the important part...
function connexion() {
include "Config.php";//include all the parameters needed to connect to the DB
$cn = new cConnexion($ConnexionDBHost, $ConnexionDBName, $ConnexionDBLogin, $ConnexionDBPassword);//Initiate a connection to the DB
if($cn->DBConnexion())//If it is connected {
$parameters = array('username'=>$this->getUsername(), 'password'=>$this->getPassword());//create an array with the username and the password
$getConnexion = $cn->SecureSelect("SELECT username, password, email, active FROM user WHERE BINARY username = :username AND BINARY password = :password", $parameters);//selecte the user in the DB (for DB description see below code)
if($getConnexion != null) { //if there is no error in the query.
$resultSet = $getConnexion->fetch();//fetch the results
if($resultSet != null) { //if there is a match
//assigne the DB field values to this instance of cUser
$this->setUsername($resultSet['username']);
$this->setPassword($resultSet['password']);
$this->setEmail($resultSet['email']);
$this->setActive($resultSet['active']);
if($this->getActive() == 1) {
//If the user has been activate already return success
}
else {
//Else send an activation email to the user.Dont connecte him and return an error message
}
}
else {
//Send an error message
}
}
else {
//send an error message
}
}
else {
//send an error message
}
}
//this are not important for the question but I put them there so you can see what kind of operation the class is doing.
function delete(){//Delete this instance of cUser from de DB}
function insert(){//Insert this instance of cUser from the DB}
function update($p_email, $p_username, ...){//Update this instance of cUser with the new parameters}
function activateAccount(){//Activate this instance of cUser}
//And all the getters and setters associate with the class attributes.
}
Here is the MySQL Table containing the field for the cUser class (roughly coded):
USER
varchar email,
varchar password,
varchar username,
tiny int activate,//1 or 0
tiny int connected//1 or 0
Question:
How can I implement or change the function connection so one instance of a user is connected at the same time?
Note:
I already know I can just check if the DB connected field is set to 1 but if two user access the DB at the same time it would create a problem (race condition or something like that).
Is there something like a mutex or semaphore I can use to sync the access of the DB field connected??
Example:
David fill the HTML form and submit it with user name and password ("Dav1", "ThisIsPassword"), a process page create the cUser instance and connect to check if Dav1 already existe then give him access to the rest of the web-app.
Now Davos fill the form and submits it with the same user-name and password that David used because Davos and David are friend and they shared the same account and shared there password.
With the existing code both David and Davos can then access the web application at the same time with the same account what I want is that when David connect Davos get an error message that tell him that the user is either already connected or the user-name/password doesn't match.
Use a transaction.
In MySql you can also use SELECT FOR UPDATE statement.
Pseudocode:
$transaction = db->beginTransaction();
try {
$user = User::getByUsername($username);
if ($passwordImcorrect)
throw new Exception('invalid credentials');
if (user->loggedIn)
throw new Exception('already logged in');
user->loggedIn = 1;
user->save();
$transaction->commit();
}
catch (Exception $e) {
echo $e->getMessage();
$transaction->rollback();
}
Related
When an iOS app connects to a json based php web api using afnetworking, what is the correct path to use to store photos for this php function?
When trying to call the upload php function from api.php the app shows a json error via uialert view
//upload API
function upload($id, $photoData, $title) {
// index.php passes as first parameter to this function $_SESSION['IdUser']
// $_SESSION['IdUser'] should contain the user id, if the user has already been authorized
// remember? you store the user id there in the login function
if (!$id) errorJson('Authorization required');
// check if there was no error during the file upload
if ($photoData['error']==0) {
// insert the details about the photo to the "photos" table
$result = query("INSERT INTO photos(IdUser,title) VALUES('%d','%s')", $id, $title, $token);
if (!$result['error']) {
// fetch the active connection to the database (it's initialized automatically in lib.php)
global $link;
// get the last automatically generated ID in the photos table
$IdPhoto = mysqli_insert_id($link);
// move the temporarily stored file to a convenient location
// your photo is automatically saved by PHP in a temp folder
// you need to move it over yourself to your own "upload" folder
if (move_uploaded_file($photoData['tmp_name'], "upload/".$IdPhoto.".jpg")) {
// file moved, all good, generate thumbnail
thumb("upload/".$IdPhoto.".jpg", 180);
//just print out confirmation to the iPhone app
print json_encode(array('successful'=>1));
} else {
//print out an error message to the iPhone app
errorJson('Upload on server problem');
};
} else {
errorJson('Hmm...Upload database problem.'.$result['error']);
}
} else {
errorJson('Upload malfunction');
}
}
the original author of the api quotes
If you set up a custom domain for this tutorial, and the API files are in the root of the
domain instead of being inside a sub-folder, set the path to an empty string.
The api files have been placed in the following path on a lamp server using the company linode as a host var/www/html/. So far the register and login functions work when called from the app.
#define kAPIHost #"http://104.237.123.187/"
#define kAPIPath #""
When testing on a Mamp server locally, the path for kAPIHost and kAPIPath were
#define kAPIHost #"http://localhost:8888"
#define kAPIPath #"iReporter/"
The .jpg files were stored in a folder named upload that was in the iReporter folder thats hosted at localhost:888 in htdocs: Htdocs > iReporter > Upload.
When hosting the web api, the only way connection would work was putting the main files the app connects to in var/www/html/. I tried putting the upload folder in the same path but am receiving the appropriate UIAlert at runtime expressing the json error that there was an uploading malfunction.
What is the proper way to host this function?
//Entire api.php file
<?php
// helper function, which outputs error messages in JSON format
// so that the iPhone app can read them
// the function just takes in a dictionary with one key "error" and
// encodes it in JSON, then prints it out and then exits the program
function errorJson($msg){
print json_encode(array('error'=>$msg));
exit();
}
// register API
function register($user, $pass) {
//check if username exists in the database (inside the "login" table)
$login = query("SELECT username FROM login WHERE username='%s' limit 1", $user);
if (count($login['result'])>0) {
//the username exists, return error to the iPhone app
errorJson('Username already exists');
}
//try to insert a new row in the "login" table with the given username and password
$result = query("INSERT INTO login(username, pass) VALUES('%s','%s')", $user, $pass);
if (!$result['error']) {
//registration is susccessfull, try to also directly login the new user
login($user, $pass);
} else {
//for some database reason the registration is unsuccessfull
errorJson('Registration failed');
}
}
//login API
function login($user, $pass) {
// try to match a row in the "login" table for the given username and password
$result = query("SELECT IdUser, username FROM login WHERE username='%s' AND pass='%s' limit 1", $user, $pass);
if (count($result['result'])>0) {
// a row was found in the database for username/pass combination
// save a simple flag in the user session, so the server remembers that the user is authorized
$_SESSION['IdUser'] = $result['result'][0]['IdUser'];
// print out the JSON of the user data to the iPhone app; it looks like this:
// {IdUser:1, username: "Name"}
print json_encode($result);
} else {
// no matching username/password was found in the login table
errorJson('Authorization failed');
}
}
//upload API
function upload($id, $photoData, $title) {
// index.php passes as first parameter to this function $_SESSION['IdUser']
// $_SESSION['IdUser'] should contain the user id, if the user has already been authorized
// remember? you store the user id there in the login function
if (!$id) errorJson('Authorization required');
// check if there was no error during the file upload
if ($photoData['error']==0) {
// insert the details about the photo to the "photos" table
//1. change ok
$result = query("INSERT INTO photos(IdUser,title) VALUES('%d','%s')", $id, $title);
if (!$result['error']) {
// fetch the active connection to the database (it's initialized automatically in lib.php)
global $link;
// get the last automatically generated ID in the photos table
$IdPhoto = mysqli_insert_id($link);
// move the temporarily stored file to a convenient location
// your photo is automatically saved by PHP in a temp folder
// you need to move it over yourself to your own "upload" folder
if (move_uploaded_file($photoData['tmp_name'], "upload/".$IdPhoto.".jpg")) {
// file moved, all good, generate thumbnail
thumb("upload/".$IdPhoto.".jpg", 180);
//just print out confirmation to the iPhone app
print json_encode(array('successful'=>1));
} else {
//print out an error message to the iPhone app
errorJson('Upload on server problem');
};
} else {
errorJson('Hmm...Upload database problem.'.$result['error']);
}
} else {
errorJson('Upload malfunction');
}
}
//logout API
function logout() {
// by saving an empty array to $_SESSION you are
// effectively destroying all the user session data
// ie. the server won't "remember" anymore anything about
// the current user
$_SESSION = array();
// and to make double-sure, there's also a built-in function
// which wipes out the user session
session_destroy();
}
//stream API
//
// there are 2 ways to use the function:
// 1) don't pass any parameters - then the function will fetch all photos from the database
// 2) pass a photo id as a parameter - then the function will fetch the data of the requested photo
//
// Q: what "$IdPhoto=0" means? A: It's the PHP way to say "first param of the function is $IdPhoto,
// if there's no param sent to the function - initialize $IdPhoto with a default value of 0"
function stream($IdPhoto=0) {
if ($IdPhoto==0) {
// load the last 50 photos from the "photos" table, also join the "login" so that you can fetch the
// usernames of the photos' authors
$result = query("SELECT IdPhoto, title, l.IdUser, username FROM photos p JOIN login l ON (l.IdUser = p.IdUser) ORDER BY IdPhoto DESC LIMIT 50");
} else {
//do the same as above, but just for the photo with the given id
$result = query("SELECT IdPhoto, title, l.IdUser, username FROM photos p JOIN login l ON (l.IdUser = p.IdUser) WHERE p.IdPhoto='%d' LIMIT 1", $IdPhoto);
}
if (!$result['error']) {
// if no error occured, print out the JSON data of the
// fetched photo data
print json_encode($result);
} else {
//there was an error, print out to the iPhone app
errorJson('Photo stream is broken');
}
}
Edit
Here is some s\console output
[24-Jul-2020 11:22:06 America/Los_Angeles] PHP Warning:
move_uploaded_file(upload/24.jpg): failed to open stream: Permission
denied in /var/www/html/api.php on line 81
[24-Jul-2020 11:22:06 America/Los_Angeles] PHP Warning:
move_uploaded_file(): Unable to move '/tmp/phpjbpfcx' to 'upload/24.jpg' in /var/www/html/api.php on line 81
I've searched the forums and have seen many similar issues but none that seem to address my concern. I believe this is different because:
Form validation is not being used at this point
The form method does not seem to be related (just 1 post action)
The routes are not wrapped in web middleware
Here's what the application is supposed to be doing:
A user (with or without Authentication) views a public page with form (display_event)
The user selects a specific ticket for ordering and is directed to a 2nd form (register_step1)
The user then fills out demographic info for as many tickets as are being ordered
The processing step, if the email address used is of a valid user (in DB) should return to the form in step 2 & 3, populate the fields and flash a message. Otherwise it would perform the save() actions required. (register_step2)
The relevant routes from web.php are here:
Route::get('/events/{event}', 'EventController#show')->name('display_event');
Route::post('/register/{event}', 'RegistrationController#showRegForm')->name('register_step1');
Route::post('/register/{event}/create', 'RegistrationController#store')->name('register_step2');
The relevant portions of the RegistrationController.php are here:
public function showRegForm (Request $request, $id) {
// Registering for an event from /event/{id}
$ticket = Ticket::find(request()->input('ticketID'));
$quantity = request()->input('quantity');
$discount_code = request()->input('discount_code');
$event = Event::find($ticket->eventID);
return view('v1.public_pages.register', compact('ticket', 'event', 'quantity', 'discount_code'));
}
And:
public function store (Request $request) {
$event = Event::find(request()->input('eventID'));
if(Auth::check()) {
$this->currentPerson = Person::find(auth()->user()->id);
}
// set up a bunch of easy-reference variables from request()->input()
$email = Email::where('emailADDR', $checkEmail)->first();
if(!Auth::check() && $email === null) {
// Not logged in and email is not in database; must create
$person = new Person;
// add person demographics from form
} elseif(!Auth::check() && $email !== null) {
// Not logged in and email is in the database;
// Should force a login -- return to form with input saved.
flash("You have an account that we've created for you.
Please attempt to login and we'll send you a password to your email address.", 'warning');
return back()->withInput();
} elseif(Auth::check() && ($email->personID == $this->currentPerson->personID)) {
// the email entered belongs to the person logged in; ergo in DB
$person = $this->currentPerson;
// add person demographics from form
} elseif(Auth::check() && ($email->personID != $this->currentPerson->personID)) {
// someone logged in is registering for someone else in the DB
$person = Person::find($email->personID);
// add person demographics from form
} else {
// someone logged in is registering for someone else NOT in the DB
$person = new Person;
// add person demographics from form
}
// do more stuff...
$reg = new Registration; (set up a registration record)
}
I took the advice indicated in #apokryfos's comment and changed the form parsing-then-display script from a POST to a get.
redirect()->back() is, apparently, always a method=get and that was the cause of the MethodNotAllowedHttpException. In my ~2 weeks using Laravel, I hadn't yet come across that fact.
I wrote a login script for a website that I am building using resources I have found online. When I ran my code on a local server it worked fine but now that I am actually running it online on a real server it doesn't work. I think I have narrowed down my error but with being new to PHP and not having prior experience with MySql I can't really fix my problem. This is the file for the login script:
//login file
<?php
class Login{
private $db_connection = null;
public function __construct(){
session_start();
$this->dologinWithPostData();
}
private function dologinWithPostData(){
$this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if (!$this->db_connection()->connect_errno) {
// escape the POST stuff
$email = $_POST['email'];
// database query, getting all the info of the selected user (allows login via email address in the
// username field)
$sql = "SELECT email, password
FROM users
WHERE email = '" . $email ."'";
$result_of_login_check = $this->db_connection->query($sql);//This is 0
// if this user exists
if ($result_of_login_check->num_rows == 1) {
// get result row (as an object)
$result_row = $result_of_login_check->fetch_object();
// using PHP 5.5's password_verify() function to check if the provided password fits
// the hash of that user's password
if ($_POST['password'] == $result_row->password) {
// write user data into PHP SESSION (a file on your server)
$_SESSION['email'] = $result_row->email;
$_SESSION['user_login_status'] = 1;
} else {
$this->errors[] = "Wrong password. Try again.";
$_SESSION['user_login_status'] = 0;
}
} else {
$this->errors[] = "This user does not exist.";
}
} else {
$this->errors[] = "Database connection problem.";
}
}
print_r($this->errors);
}
public function isUserLoggedIn()
{
if (isset($_SESSION['user_login_status']) AND $_SESSION['user_login_status'] == 1) {
return true;
}
// default return
return false;
}
}
?>
I run it in another file that is essentially the following:
//Run file
require_once("dbconfig.php");
include_once("login.php");
$login = new Login();
if($login->isUserLoggedIn() == true){
//go to another page }
The variables used to access the database are instantiated in dbconfig.php and are correct. With this code I get an error that says the page is not working and is unable to handle the request. When I comment out the line
if (!$this->db_connection()->connect_errno) {
and the else statement following it, the output is "This user does not exist". So I think the error has something to do with $this->db_connection()->connect_errno). If you can find where I went wrong or have any advice on how to rewrite the script to make it better, it is greatly appreciated.
This is a database establishing error your live remote server database configuration is different.Please verify you dbconfig.php file make sure
database name, host , port , username , password are well defined with your live database
This is wrong:
if (!$this->db_connection()->connect_errno) {
db_connection is simply a variable containing your DB connection object. It is NOT a method.
You probably want
if (!$this->db_connection->connect_errno) {
^--note lack of ()
instead.
I think issue with this follwoing check. your result gets more than 1 records.
// if this user exists
if ($result_of_login_check->num_rows == 1) {
......
}else{
$this->errors[] = "This user does not exist.";
}
make sure your email address is unique in Data table, if it is not unique then your above statement will fail and show the text "This user does not exist." from else part
So I am trying to make a login form on my vb.net application that would connect in my mysql database via my php script. So I've set up a wampp server to test it out. Got my php code below
<?php
if($_POST)
{
if(isset($_POST["username"]) && isset($_POST["password"]))
{
$connect = mysql_pconnect("localhost","root","");
if($connect)
{
$select = mysql_select_db("ktmf",$connect);
if($select)
{
$user = mysql_escape_string($_POST["username"]);
$pwd = mysql_escape_string($_POST["password"]);
$GetRows = mysql_query("SELECT * FROM users WHERE username='$user' AND password='$pwd'");
$RowCount=mysql_num_rows($GetRows);
if($RowCount>0)
{
die("Correct !");
}
else
{
die("Incorrect !");
}
}
else
{
die("Unable to select database." . mysql_error());
}
}
else
{
die("Unable connect to database." . mysql_error());
}
}
else
{
die("Access Denied!");
}
}
else
{
die("Access Denied!");
}
?>
and then I got my vb.net code there
Imports System.Net
Imports System.Text
Public Class login
Function AuthUser(ByVal AuthenticationPage As String, ByVal Username As String, ByVal Password As String) As Boolean
Dim wc As New WebClient()
wc.Headers.Add("Content-Type", "application/x-www-form-urlencoded")
Dim Data As String = String.Format("username={0}&password={1}", WebUtility.UrlEncode(Username), WebUtility.UrlEncode(Password))
Dim ResponseBytes() As Byte = wc.UploadData(AuthenticationPage, "POST", Encoding.ASCII.GetBytes(Data))
Dim Response As String = Encoding.ASCII.GetString(ResponseBytes)
If Response.Contains("Correct") Then
Return True
Else
Return False
End If
End Function
Private Sub login_Load(sender As Object, e As EventArgs) Handles MyBase.Load
End Sub
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
If AuthUser("http://127.0.0.1/login.php", TextBox1.Text, TextBox2.Text) Then
Me.Hide()
works.Show()
Else
MsgBox("You have provided invalid username or password. Unable to login.")
End If
End Sub
End Class
So when I try to login with the Application I got the Error "You have provided invalid username or password. Unable to login." wich I specified incase of error.
I still dont know what I did wrong, But if someone could help me I'd apreciate.
thanks
Your question does not contain much information, so only generaly:
1) Check what actual response (if any) you get
2) If you do not get any response, check web server log to see, if the request make it there at all
3) Test your PHP script independently on VB.NET. E.g. Simple HTML form would do.
If you share with us your findings based on above, you may get more specific answers.
I'm trying to create an account register page with CakePHP 2.0 where user needs to activate it's new account by clicking on a link in the email he's received after insert username, email and password.
My question is how can I set an activation code inside the user record.
I thought to create a table field named activation_code and then to store an hashed version of the username to be sure the user can activate itself by clicking the email link with the activation key.
All the procedure is done but I don't know how can I set the activation_code inside the $data['User'] object and It's not clear for me if this is a good usage of the MVC framework or I should make it in a different way.
During the user registration action I've done this but I get an error when I try to create 'activation_code' dynamically:
// from the UserController class
public function register () {
if (!empty($this->data)) {
if ($this->data['User']['password'] == $this->data['User']['confirm_password']) {
// here is where I get the error
$this->data['User']['activation_key'] = AuthComponent::password($this->data['User']['email']);
$this->User->create();
if ($this->User->save($this->data)) {
// private method
$this->registrationEmail ($this->data['User']['email'], $this->data['User']['username']);
$this->redirect(array('controller'=>'users', 'action'=>'registration', 'success'));
}
}
}
}
Obviously the activation_key is an empty field inside my database.
So how can I create a filed dynamically from the controller?
$this->data['User']['activation_key']
should be:
$this->request->data['User']['activation_key']
(You should change all references to $this->data to the new cakephp2.0 $this->request->data)
I've solved the problem with the method Model::set(), so:
public function register () {
if (!empty($this->data)) {
if ($this->data['User']['password'] == $this->data['User']['confirm_password']) {
$this->User->create();
// I've used set method
$this->User->set('activation_key', AuthComponent::password($this->data['User']['email']));
if ($this->User->save($this->data)) {
$this->registrationEmail ($this->data['User']['email'], $this->data['User']['username']);
$this->redirect(array('controller'=>'users', 'action'=>'registration', 'success'));
}
}
}
}