Password failing using Bcrypt - bcrypt

So far bcrypt has had no problems until now. For some reason the following password won't work. UIO78349%^&(]\\';= This is the first time I've had a password not work and I hope somebody has an explanation. I hunted the net and read about the character limit but this is well below that. Not sure if it makes any difference but the user input for password is going through mysqli_real_escape_string.
First batch of code where the login form is located:
<?php
session_start();
?>
<html>
<body>
<form method="post" action="sidebar-signin-block.php">
<table width="90%" border="0" align="center" bgcolor="white">
<tr>
<td bgcolor="ffffff" colspan="2" align="center"><h2>User Login</h2></td>
</tr>
<tr>
<td align="right">Email:</td>
<td><input type="text" name="email"></td>
</tr>
<tr>
<td align="right">Password:</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" name="login" value="Login"></td>
</tr>
<tr>
<td colspan="2" align="center"><h3 style="margin-top:7px;">Forgot Password?</h3></td>
</tr>
<tr>
<td bgcolor="#ffffff" colspan="2" align="center"><div style="padding-top:5px;"><span style="font-size:20px;">Don't have an account?<br />Sign Up is <em>quick</em> and <em>easy</em>!</span></div></td>
</table>
</form>
<?php
// Connecting to the database and making the Bcrypt functions available
include("admin/includes/connect.php");
include ("lib/password.php");
// Gathering and sanitizing user login input
if(isset($_POST['login'])){
$email = trim(((isset($conn) && is_object($conn)) ? mysqli_real_escape_string($conn, $_POST['email']) :((trigger_error ("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : "")));
$pass = trim(((isset($conn) && is_object($conn)) ? mysqli_real_escape_string($conn, $_POST['password']) : ((trigger_error ("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : "")));
// Checking the database records for the user login input
$hash_query = "select nonadmin_user_pass from nonadmin_user_login where email='$email'";{
$run_query = mysqli_query($conn, $hash_query);}
while ($row = mysqli_fetch_assoc($run_query)) {
$fetch_pass = $row['nonadmin_user_pass'];
}
// If the user email and password matches we start a session
if ((password_verify($pass, $fetch_pass)) == 1){
// Verifying user login success with splash page then sending user back to the home page
$_SESSION['email']=$email;
echo "<script>window.open('login-success.php','_self')</script>";}
// When the user login fails an alert is given to inform them
else {
echo "<script>alert('Email or password is incorrect please try again')</script>";
echo "<script>window.open('index.php','_self')</script>";}
}
?>
</body>
</html>
Here the js.
<script>$(document).ready(function(){
$("#login").click(function(){
var email = $("#email").val();
var password = $("#password").val();
// Checking for blank fields.
if( email =='' || password ==''){
$('input[type="text"],input[type="password"]');
$('input[type="text"],input[type="password"]');
alert("Please fill all fields.");
}else {
$.post("log-me-in.php",{ email1: email, password1:password},
function(data) {
if(data=='Invalid Email.......') {
$('input[type="text"]');
$('input[type="password"]');
alert(data);
}else if(data=='Email or Password is wrong please try again.'){
$('input[type="text"],input[type="password"]');
alert(data);
} else if(data=='Successfully Logged in.'){
window.location.reload();
$("form")[0].reset();
$('input[type="text"],input[type="password"]');
alert(data);
} else{
alert(data);
}
});
}
});
});</script>
Here's the php being called:
<?php
session_start();
// Connecting to the database and making the Bcrypt functions available
include("admin/includes/connect.php");
include ("lib/password.php");
$email=$_POST['email1']; // Fetching Values from URL.
$password= ($_POST['password1']);
// check if e-mail address syntax is valid or not
//$email = filter_var($email, FILTER_SANITIZE_EMAIL); // sanitizing email(Remove unexpected symbol like <,>,?,#,!, etc.)
//if (!filter_var($email, FILTER_VALIDATE_EMAIL)){
//echo "Invalid Email.......";
//}else{
// Matching user input email and password with stored email and password in database.
$result = mysqli_query($conn, "SELECT * FROM nonadmin_user_login WHERE email='$email'");
$data = mysqli_fetch_array($result);
$bcrypt_pass = $data['nonadmin_user_pass'];
$email_match = $data['email'];
if (password_verify ($password, $bcrypt_pass) == 1 AND $email == $email_match) {
$_SESSION['email']=$email;
echo "Successfully Logged in.";
}
else{
echo "Email or Password is wrong please try again";
}
//}
?>
Here is the user registration code where the password initially gets entered before mail verification:
<html>
<head>
<title>Register at Recycling Kansas City</title>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" type="text/css" href="/styles/register-user.css" media="all">
<!-- ie compatibility -->
<!--[if IE]>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<![endif]-->
<!--[if lt IE 9]>
<script src="Site/javascript/bootstrap/html5shiv.js"></script>
<![endif]-->
<meta content="recycling kansas city, recycling centers, recycling locations" name="keywords">
<meta content="Recycling Kansas City is an efficient resource to help you quickly find a recycle center that is nearby. Use our map to find locations and accepted items." name="description">
</head>
<h1 class="center">Why register at Recycling Kansas City?</h1>
<p>By registering here you will gain access to additional features. Once registered you can create your own custom profile, submit and comment on blog articles, advertise your products or services and have the choice to opt in for email announcements.</p>
<p>All of your information will be securely stored in our database and you can delete your account at any time. Also, rest assured that we will never share any of your submitted details with anyone ever.</p>
<form method="post" action="register-user.php">
<table width="520" border="10" align="center" bgcolor="white">
<tr>
<td bgcolor="ffffff" colspan="2" align="center"><h1>Registration</h1></td>
</tr>
<tr>
<td align="right">Email</td>
<td><input type="text" name="email" size="53"></td>
</tr>
<tr>
<td align="right">Password:</td>
<td><input type="password" name="pwd" size="53"></td>
</tr>
<tr>
<td align="right">User Name:</td>
<td><input type="text" name="name" size="53"></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" name="register" value="Register"></td>
</tr>
</table>
</form>
</html>
<?php
include ("../admin/includes/connect.php");
include ("../lib/password.php");
$con = new mysqli("localhost", "$username", "$password", "$database");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
if(isset($_POST['register'])){
$email = trim(mysql_escape_string($_POST['email']));
$nonadmin_user_pass = trim(mysql_escape_string($_POST['pwd']));
$password = password_hash($nonadmin_user_pass, PASSWORD_BCRYPT);
$nonadmin_user_name = trim(mysql_escape_string($_POST['name']));
$query_verify_email = "SELECT * FROM nonadmin_user_login WHERE email ='$email' and verified = 1";
$verified_email = mysqli_query($con,$query_verify_email);
if (!$verified_email) {
echo ' System Error';
}
if (mysqli_num_rows($verified_email) == 0) {
// Generate a unique code:
$hash = md5(uniqid(rand(), true));
$query_create_user = "INSERT INTO `nonadmin_user_login` (`email`, `nonadmin_user_pass`, `nonadmin_user_name`, `hash`) VALUES ('$email', '$password', '$nonadmin_user_name', '$hash')";
$created_user = mysqli_query($con,$query_create_user);
if (!$created_user) {
echo 'Query Failed ';
}
if (mysqli_affected_rows($con) == 1) { //If the Insert Query was successfull.
$subject = 'Activate Your Email';
$headers = "From: admin#recyclingkansascity.com \r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
$url= 'http://recyclingkansascity.com/includes/register-verify.php?email=' . urlencode($email) . "&key=$hash";
$message ='<p>To activate your account please click on Activate buttton</p>';
$message.='<table cellspacing="0" cellpadding="0"> <tr>';
$message .= '<td align="center" width="300" height="40" bgcolor="#000091" style="-webkit-border-radius: 5px; -moz-border-radius: 5px; border-radius: 5px;
color: #ffffff; display: block;">';
$message .= '<a href="'.$url.'" style="color: #ffffff; font-size:16px; font-weight: bold; font-family: Helvetica, Arial, sans-serif; text-decoration: none;
line-height:40px; width:100%; display:inline-block">Click to Activate</a>';
$message .= '</td> </tr> </table>';
mail($email, $subject, $message, $headers);
echo '<p class="center">A confirmation email
has been sent to <b>'. $email.' </b></p><p class="center">Please <strong>click</strong> on the <strong><em>Activate</em> Button</strong> to Activate your account.</p> ';
} else { // If it did not run OK.
echo '<div>You could not be registered due to a system
error. We apologize for any
inconvenience.</div>';
}
}
else{
echo '<div>Email already registered</div>';}
}
?>
So far never a hiccup on any password until the password at the top of the post? Weird if you ask me.

Remove all calls to mysqli_real_escape_string() for password input, the functions password_hash() and password_verify() accept even binary input and are not prone to SQL-injection. I assume this already solves your problem. Escaping should be done as late as possible and only for the given target system, so the function mysqli_real_escape_string() should only be called to build an SQL query.
Then the function password_verify() already returns a boolean, no need to compare it with == 1.
if (password_verify($pass, $fetch_pass))
{
...
}
If this doesn't solve your problem, i would make sure that every page uses UTF-8 as file format and defined it in the header.

Related

Change the direction of Hebrew Character during PDF creation by laravel DomPdf

I have a serious problem,
I want to show the Hebrew words in RTL format after PDF creation, but it's not showing. It always shows LTR.
I have some words combinations of English and Hebrew language.
I did some search on google but no luck.
I am using Laravel DomPdf.
I have checked my dompdf core file DOMPDF_UNICODE_ENABLED and its value is "DOMPDF_UNICODE_ENABLED" => true, still not abel to get the solution.
Here is my blade file
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<!-- Meta, title, CSS, favicons, etc. -->
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<html xmlns="http://www.w3.org/1999/xhtml" dir="rtl">
</head>
<body>
<table class="lead" cellspacing="0" width="100%" style="font-size: 12px; font-family: 'firefly, DejaVu Sans, sans-serif'; ">
<thead>
<tr>
<th width="10%" style="font-weight: bold;">Date</th>
<th width="15%" style="font-weight: bold;">Name</th>
<th width="20%" style="font-weight: bold;">Details</th>
<th width="10%" style="font-weight: bold;">Contact Origin</th>
<th width="15%" style="font-weight: bold;">Status</th>
<th width="10%" style="font-weight: bold;">Comment</th>
<th width="10%" style="font-weight: bold;">Country</th>
</tr>
</thead>
<tbody>
<?php
foreach($leadInfo as $k=>$v){
$continent = getAllContinentName($v->country);
if(strtolower($continent) == strtolower("Asia")){
$backGround = "#FFB300";
} else if(strtolower($continent) == strtolower("Africa")){
$backGround = "#FFB300";
} else if(strtolower($continent) == strtolower("North America")){
$backGround = "#009792";
} else if(strtolower($continent) == strtolower("South America")){
$backGround = "#FF7E00";
} else if(strtolower($continent) == strtolower("Antarctica")){
$backGround = "#15E6E8";
} else if(strtolower($continent) == strtolower("Europe")){
$backGround = "#0074FF";
} else if(strtolower($continent) == strtolower("Australia")){
$backGround = "#05A900";
} else {
$backGround = "#FFFFFF";
}
if($v->email_status_id == 10){
$statusBackGround = "#a9d18d";
} else if($v->email_status_id == 11){
$statusBackGround = "#ff0000";
} else if($v->email_status_id == 12){
$statusBackGround = "#b3c6e7";
} else if($v->email_status_id == 13){
$statusBackGround = "#c09200";
} else if($v->email_status_id == 14){
$statusBackGround = "#ffff00";
} else {
$statusBackGround = "#FFFFFF";
}
?>
<tr>
<td> {{ date('m-d-Y',strtotime($v->created_date)) }} </td>
<td>{{ $v->name }}</td>
<td>{{ mb_substr($v->message, 0, 300) }}</td> <!-- This line has combination of english and hebrew language-->
<td>{{ $v->contact_origin }}</td>
<td style="direction: rtl !important; unicode-bidi: bidi-override; color:black; background-color: {{ $statusBackGround }};">{{ $v->status_name }}</td> <!-- This line has only hebrew language -->
<td>{{ $v->comment }}</td>
<td style="color:black; background-color: {{ $backGround }}" >{{ getAllCountryName($v->country) }}</td>
</tr>
<?php } ?>
</tbody>
</table>
</body>
</html>
It would be great if anyone helps me to get out of this.
Dompdf (up to and including 0.8.1) does not currently support RTL text (see issue 1009). There is a work around, but the results are passable at best.
If you're interested in trying it out modify the Text rendered by adding the following code at line 83:
if (strtolower($style->direction) === 'rtl') {
preg_match_all('/./us', $text, $ar);
$text = join('',array_reverse($ar[0]));
// if there are numbers in the string so the next line reverse the number back treat also numbers with dot (decimal) and email
$text = preg_replace_callback('/\d+-\d+|\d+|\d+\.\d+|\S+#\S+/', function (array $m) { return strrev($m[0]); }, $text);
}
you can use this package which supports rtl languages such as persian and arabic
https://github.com/barryvdh/laravel-snappy
in order to change the direction , just within the html tag which is going to be converted to pdf , use dir="rtl"

Request tracker REST API: Web Interface to Create New Tickets

I previously had a custom form that users could fill out to place work orders, and once they hit submit, it would create a new ticket with all the information and add it to one of the RT queues.
We previously used Mason to do this, but now we've moved to WordPress and would like to redo this in a cleaner way using PHP.
I read through the API documentation and reviewed this thread along with many others posted on Stack Overflow. I know how to connect to RT and create new tickets via command line and cURL, but I can't seem to figure out how to do so using the web interface on submit. I would really appreciate if someone could give me some pointers on where to start.
Thanks
Edit:
Thank you for the response. Below is the form I've made which interacts with a our SQL database to pull some information and I need it to create a new ticket with all the information on submit. Should I create a new php file similar to [this][2] and include it as a form action?
<form action="<?php echo $_SELF; ?>";
method="post"
id="woForm"
name="woForm"
enctype="multipart/form-data"
>
<input type="hidden" name="session_id" value="<?php echo session_id(); ?>">
<input type="hidden" name="Queue" value="<?php echo $queue; ?>">
<input type="hidden" name="id" value="new">
<input type="hidden" name="Status" value="new">
<input type="hidden" name="Owner" value="10">
<table width="450" align="center" border="0" cellpadding="0" cellspacing="5">
<tr><td align="left" colspan="2">
<h2><?php echo $name; ?></h2>
<p>Please note that all fields except for <b>Ext:</b>, <b>CC:</b> and <b>Attachments:</b> are <span class="required">required</span>.
You cannot submit a request for assistance using this form unless all the required
fields have been completed.</p>
<h2 style="color:red;">Please enter information for the INDIVIDUAL needing assistance</h2>
</td>
</tr>
<?php
// Get all of the customFields
$query1 = "select * from CustomFields where disabled='0' and sortOrder != 0 order by sortOrder ASC;";
$result1 = mysql_query($query1) or die ("dead3: ".mysql_error());
// Go through each custom field
while($row1 = mysql_fetch_array($result1)) {
// Get the information about that field
$count = 0;
$fieldId = $row1['id'];
$name = $row1['Name'];
// $postname is in a very specific format, and will become the name of the field in the form
// where the data for this custom field is entered. In order to submit a ticket into rt, the
// name of the field MUST be in this format.
$postName = "Object-RT::Ticket--CustomField-".$fieldId."-Values";
?>
<!-- Create a row in the table for this custom field -->
<tr>
<!-- Create a column with the name of the custom field -->
<td align="right" class="requestformlabel"><label class="required"><?php echo $name; ?>:</label></td>
<!-- Create a column for the input field -->
<td class = "requestformtd">
<?php
// If the custom field is department or building, we need a pull-down menu
if($name=="Department" || $name=="Building") { ?>
<!-- start of the pull-down menu -->
<select name="<?php echo $postName; ?>">
<?php
// Get all of the possible values for the customField from the database
// Added option to exclude sort order 9999. See ticket #40665 for more info.
$query3 = "SELECT * FROM CustomFieldValues WHERE CustomField='$fieldId' AND SortOrder != '9999' ORDER BY SortOrder ASC";
$result3 = mysql_query($query3) or die ("dead4: ".mysql_error());
// Go through each possible value for the custom field
while($row3 = mysql_fetch_array($result3)) {
// Get the information on the custom field value from the database
$tmp = $row3['Name'];
$description = $row3['Description'];
// If the custom field value was already selected
if($tmp == $_POST["$postName"]) {
// Insert the option into the pull-down menu and mark it as selected in the form
echo "<option value='$tmp' selected='selected'>$description</option>";
// otherwise
} else {
// Only insert it as an option in the pull-down menu
echo "<option value='$tmp'>$description</option>";
}
}
?>
</td></tr>
<?php
// If the name of the custom field is operating system, we want radio buttons
} else if ($name == "Operating System") {
// Get all the possible values for this field form the database
$query4 = "select * from CustomFieldValues where CustomField='$fieldId' order by sortorder asc";
$result4 = mysql_query($query4) or die ("dead5: ".mysql_error());
// For each customfield value
while($row4 = mysql_fetch_array($result4)) {
// Get the description of the customfieldvalue from the database
$osName = $row4['Description'];
// If the customfieldvalue has already been selected
if ($osName == $_POST["$postName"]) {
// Put the radio button into the form and mark it as checked
echo "<input type='radio' name='$postName' value='$osName' checked='checked'>$osName";
// Otherwise
} else {
// Put the radio button into the form
echo "<input type='radio' name='$postName' value='$osName'>$osName";
}
} ?>
</td></tr>
<?php
// If the name of the custom field is ip adress, we want a disbaled text box. This is because while we want the user to see their ip adress, we do not want them to be able to change it.
} else if ($name == "IP_Address"){
?>
<input name="<?php echo $postName; ?>" size="40" value='<?php
echo $_SERVER['REMOTE_ADDR']; ?>' readonly></td></tr>
<?php
// If it's the hostname variable
} else if ($name == "Host_Name"){
?>
<input name="<?php echo $postName; ?>" size="40" value='<?php echo gethostbyaddr($_SERVER['REMOTE_ADDR']); ?>' readonly></td></tr>
<?php
// Otherwise, create a text box for the custom field.
} else {
?>
<input name="<?php echo $postName; ?>" size="40" value='<?php echo $_POST["$postName"]; ?>'></td></tr>
<?php } // end else statement
} // end while loop
?>
<tr>
<td class="requestformlabel" align="right"><label class="required">Your E-mail Address:</label></td>
<td align="left" class="requestformtd"><input name="Requestors" size=40 value="<?php echo $_POST['Requestors']; ?>"></td>
</tr>
<tr>
<td class="requestformlabel" align="right"><label class="required">Confirm Your E-mail Address:</label></td>
<td align="left" class="requestformtd"><input name="Requestors_2" size=40 value="<?php echo $_POST['Requestors_2']; ?>"></td>
</tr>
<tr>
<td class="requestformlabel" align="right"><label class="fields">Cc:</label></td>
<td align="left" class="requestformtd"><input name="Cc" size=40 value="<?php echo $_POST['Cc']; ?>"></td>
</tr>
<tr>
<td align="right"><p> <br/> </p></td>
<td align="right"><span class="ccnote">(Separate multiple email addresses with commas.)<br/> </span></td>
</tr>
<tr>
<td class="requestformlabel" align="right"><label class="required">Short Problem Summary:</label></td>
<td align="left" class="requestformtd"><input name="Subject" size=40 maxsize=100 value="<?php echo $_POST['Subject']; ?>"></td></tr>
<tr>
<td class="requestformlabel" align="right"><label class="required">Decribe the issue below:</label></td>
<td align="left" class="requestformtd"><textarea
class="messagebox" cols=35 rows=15 wrap="hard" name="Content"><?php echo $_POST['Content']; ?></textarea>
</td>
</tr>
<?php
//if session has attachments
if($_SESSION['attach'] != '') {
?>
<!-- row for existing attahcments -->
<tr>
<!-- column that states these are the current attachments, and tells the user what to do if
they wish to remove an attachment. -->
<td class="requestformlabel" align="right">Current Attachments:<br/>
<span class="ccnote">(Check box to delete)</span>
</td>
<!-- coulmn that lists the attachments -->
<td class="requestformtd" align="right">
<?php
// Go through each file in $_SESSION['attach']
while (list($key, $val) = each($_SESSION['attach'])) {
// Get the name of the file
$attName = $val['name'];
// Create a checkbox to mark the file as needing to be removed from the list
echo "<input type='checkbox' name='DeleteAttach-$attName' value='1'>$attName<br/>";
} // end while loop
?>
</td>
</tr>
<?php // end if for attachments
}
?>
<tr>
<td class="requestformlabel" align="right"><label class="fields">Attachments:</label></br>
<span class="ccnote">Max. attachment size: 50MB.</span></td>
<td align="right" colspan="2" class="requestformtd">
<input type="file" name="Attach">
<br/>
<input type="submit" name="AddMoreAttach" value="Add More Files">
</td>
</tr>
<tr>
<td align="left"><input type="submit" name="submit" value="Submit Request"></td>
<td> </td>
</tr>
</table>
</form>
Edit 2:
Thanks. Using the documentation and code from this repo I created a new file called new_ticket.php with the following content:
<?php
if($_POST['action'] == 'call_this') {
require_once 'RequestTracker.php';
$url = "www.test.com/rt/REST/1.0/";
$user = "user";
$pass = "password";
$rt = new RequestTracker($url, $user, $pass);
$content = array(
'Queue'=>'9',
'Requestor'=>'test#example.com',
'Subject'=>'Lorem Ipsum',
'Text'=>'dolor sit amet'
);
$response = $rt->createTicket($content);
print_r($response);
}
?>
I also made of copy of RequestTracker.php from the same Github repo.
In the file where the form is located, I added the following script and added create_ticket() as an action to the onclick property of submit button. But this doesn't seem to be working. I tried logging something to the console to see how far the code gets, the create_ticket() function is being called properly but anything that comes after $.ajax({ ... above will not appear to the console. I also tried putting some console logs in my new_ticket.php file but that doesn't log anything either, so what am I doing wrong?
<script>
function create_ticket() {
$.ajax({
url:"new_ticket.php", //the page containing php script
type: "POST", //request type
data:{action:'call_this'},
success:function(result){
alert(result);
}
});
}
</script>
PS: I'm using ajax because I need to run the PHP code onclick and this can't be done directly as it would in Javascript.
Probably the easiest approach is to look at the PHP examples in the REST documentation on the Request Tracker wiki. You don't mention the version of RT you are using, but the REST interface has been stable so this should work with most versions.

Adding a Logon message to pages

I'm looking to create a log in feature every time users go to various members only pages, which returns them to the original page after logging in. I've seen various answers to this question but none of them seem to include a check feature followed by a return to the original page. At the moment the code I have created doesn't seem to recognize that I have logged in and keeps returning me to the log in form. Any answers will be greatly appreciated. I realize I am using deprecated code but that is the only version my host provider's servers recognize.
Here's the code I am putting at the top of each members page
<?php
session_start();
if($_SESSION['login'] != "yes" )
{
header("Location: main_login.php");
exit();
}
?>
This then opens the main_login.php page
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
On clicking the login button the following code in checklogin.php checks the entries
<?php
$host='.....'; // Host name
$username='.....'; // Mysql username
$password='........'; // Mysql password
$db_name='....'; // Database name
$tbl_name='......'; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_start();
$_SESSION['myusername'];
$_SESSION['mypassword'];
header("location:entry_form_european_languages.php");
}
else {
echo "Wrong Username or Password";
}
?>
The last header location refers to the page I would like to return to, which seems to the repeat the process of opening up the login and check in files- as if to indicate that the return page doesn't recognize that the log in was successful.
I would need to add something that was relative to each page, but since I don't know where I am going wrong with the fixed page return, I can't move on to that stage of coding.
I did have an alternative header address which took it to the following page login_success.php which gave the impression that username entries had been accepted, but this doesn't allow me to return to the original page
<?php
session_start();
if(isset($_SESSION[$myusername])){
header("Location:entry_form_european_languages.php");
}
?>
<?php
include '........';//Formatting for the page
?>
<html>
<body>
Login Successful
</body>
</html>
Thanks in advance.
There are a few extra things I needed to add to make the session details work, as follows. This code needs to go ahead of any other code on the page including any html code that relates to character formatting. Although I have coded it out the error reporting line is handy for indicating which line is not being read by the php server, should you have continued problems.
<?php
//error_reporting(E_ALL); ini_set('display_errors', 'On');
session_start();
ob_start();
if(!isset($_SESSION['myusername'])){
header('Location:main_login.php');
}
else if (isset($_SESSION['myusername'])){
}
$myusername=$_SESSION['myusername'];
$Page_Title ='Members Profile';
?>

Magento core/email_template_mailer not send mail for a custom module

I have create a email template for a custom module.
For that case it have using core/email_template_mailer ( Mage::getModel('core/email_template_mailer');) and also it has html template .But it is not working;
Here define template html in config.xml
<template>
<email>
<vendor_create_account_email_template translate="label" module="vendor">
<label>New account</label>
<file>vendor_account_new.html</file>
<type>html</type>
</vendor_create_account_email_template>
</email>
</template>
favorite
i have create a email template for a custom module.
For that case it have using core/email_template_mailer ( Mage::getModel('core/email_template_mailer');) and also it has html template .But it is not working;
Here define template html in config.xml
New account
vendor_account_new.html
html
And Mail send code is
$vednor=Mage::getModel('vendor/vendor')->load(66);
/** #var $mailer Mage_Core_Model_Email_Template_Mailer */
$mailer = Mage::getModel('core/email_template_mailer');
$emailInfo = Mage::getModel('core/email_info');
$emailInfo->addTo($vednor->getEmail(), $vednor->getName());
$mailer->addEmailInfo($emailInfo);
// Set all required params and send emails
$mailer->setSender('amit#gmail.com');
$mailer->setStoreId(1);
$mailer->setTemplateId('vendor_create_account_email_template');
$mailer->setTemplateParams(array('vendor' => $vednor));
$mailer->send();
And code in vendor_account_new.html is
<!--#subject Welcome, {{var vendor.name}}! #-->
<!--#vars
{"store url=\"\"":"Store Url",
"var logo_url":"Email Logo Image Url",
"htmlescape var=vendor.name":"Customer Name",
"store url=\"customer/account/\"":"Customer Account Url",
"var vendor.email":"Customer Email",
"htmlescape var=$customer.password":"Customer Password"}
#-->
<!--#styles
body,td { color:#2f2f2f; font:11px/1.35em Verdana, Arial, Helvetica, sans-serif; }
#-->
<body style="background:#F6F6F6; font-family:Verdana, Arial, Helvetica, sans-serif; font-size:12px; margin:0; padding:0;">
<div style="background:#F6F6F6; font-family:Verdana, Arial, Helvetica, sans-serif; font-size:12px; margin:0; padding:0;">
<table cellspacing="0" cellpadding="0" border="0" height="100%" width="100%">
<tr>
<td align="center" valign="top" style="padding:20px 0 20px 0">
<!-- [ header starts here] -->
<table bgcolor="FFFFFF" cellspacing="0" cellpadding="10" border="0" width="650" style="border:1px solid #E0E0E0;">
<tr>
<td valign="top">
<img src="{{var logo_url}}" alt="{{var logo_alt}}" style="margin-bottom:10px;" border="0"/></td>
</tr>
<!-- [ middle starts here] -->
<tr>
<td valign="top">
<h1 style="font-size:22px; font-weight:normal; line-height:22px; margin:0 0 11px 0;"">Dear {{htmlescape var=$vendor.name}},</h1>
<p style="font-size:12px; line-height:16px; margin:0 0 16px 0;">Welcome to {{var store.getFrontendName()}}. To log in when visiting our site just click Login or My Account at the top of every page, and then enter your e-mail address and password.</p>
<p style="border:1px solid #E0E0E0; font-size:12px; line-height:16px; margin:0; padding:13px 18px; background:#f9f9f9;">
Use the following values when prompted to log in:<br/>
<strong>E-mail</strong>: {{var vendor.email}}<br/>
<strong>Password</strong>: {{htmlescape var=$vendor.password}}<p>
<p style="font-size:12px; line-height:16px; margin:0 0 8px 0;">When you log in to your account, you will be able to do the following:</p>
<ul style="font-size:12px; line-height:16px; margin:0 0 16px 0; padding:0;">
<li style="list-style:none inside; padding:0 0 0 10px;">– Proceed through checkout faster when making a purchase</li>
<li style="list-style:none inside; padding:0 0 0 10px;">– Check the status of orders</li>
<li style="list-style:none inside; padding:0 0 0 10px;">– View past orders</li>
<li style="list-style:none inside; padding:0 0 0 10px;">– Make changes to your account information</li>
<li style="list-style:none inside; padding:0 0 0 10px;">– Change your password</li>
<li style="list-style:none inside; padding:0 0 0 10px;">– Store alternative addresses (for shipping to multiple family members and friends!)</li>
</ul>
<p style="font-size:12px; line-height:16px; margin:0;">If you have any questions about your account or any other matter, please feel free to contact us at {{config path='trans_email/ident_support/email'}} or by phone at {{config path='general/store_information/phone'}}.</p>
</td>
</tr>
<tr>
<td bgcolor="#EAEAEA" align="center" style="background:#EAEAEA; text-align:center;"><center><p style="font-size:12px; margin:0;">Thank you again, <strong>{{var store.getFrontendName()}}</strong></p></center></td>
</tr>
</table>
</td>
</tr>
</table>
</div>
</body>
Can any one tell me,what are the issue...
use this..
for config.xml
<template>
<email>
<custom_payment module="paymentlink">
<label>Payment Link</label>
<file>custom_payment.html</file> <!-- this specifies the path where the custom template is located -->
<type>html</type>
</custom_payment>
</email>
</template>
for controller
try{
//load the custom template to the email
$emailTemplate = Mage::getModel('core/email_template')->loadDefault('custom_payment');
// it depends on the template variables
$emailTemplateVariables = array();
$emailTemplateVariables['order_id'] = $data['order'];
$emailTemplateVariables['logo_url'] = $logo;
$emailTemplateVariables['customer_name'] = $firstname;
$emailTemplateVariables['customer_info'] = $firstname.' '.$lastname;
$emailTemplateVariables['shipment_url'] = $data['link'];
$emailTemplateVariables['store_name'] = Mage::app()->getStore()->getName();
$emailTemplate->setSenderName($senderName);
$emailTemplate->setSenderEmail($senderEmail);
$emailTemplate->setType('html');
$emailTemplate->setTemplateSubject($firstname.' you forgot to choose shipping options for your product');
$emailTemplate->send($data['email'], $firstname . $lastname, $emailTemplateVariables);
$linker = mysql_real_escape_string(base64_encode($data['link'])); //print_r($linker);exit;
$model = Mage::getModel('paymentlink/paymentlink')
->setRelatedOrderid($data['order'])
->setCustEmail($data['email'])
->setPrice($data['price'])
->setReceived(0)
->setLink($linker)
->setLinkId($data['key'])
->save();
Mage::getSingleton('adminhtml/session')->addSuccess("Link has been Generated successfully & Email has been sent ! </br>".$data['link']."");
}
catch (Exception $e) {
$errorMessage = $e->getMessage();
Mage::getSingleton('adminhtml/session')->addError("We cannot send generated link . There must be some error occurs.");
return $errorMessage;
}
After a long fight with code , i have got it solution.Main, issue was the code format and it variable system format.
Here the code And steps:
Step1:Get current store id.
$storeId=Mage::app()->getStore()->getId();
Step2: Sender() parameters should be in array format array('email'=>(string) $senderemail,'name'=> (string)'$sendername);
....
Full code is
$storeId=Mage::app()->getStore()->getId();
$Vendor=Mage::getModel('vendor/vendor')->load(57);
/** #var $mailer Mage_Core_Model_Email_Template_Mailer */
$mailer = Mage::getModel('core/email_template_mailer');
$emailInfo = Mage::getModel('core/email_info');
$emailInfo->addTo((string)$Vendor->getEmail(),(string) $Vendor->getName());
$mailer->addEmailInfo($emailInfo);
// Set all required params and send emails
$mailer->setSender(array('email'=>(string) 'dev.amitbera#gmail.com','name'=> (string)'Bal ta'));
$mailer->setStoreId($storeId);
$mailer->setTemplateId((string) 'vendor_account_create_template');
$mailer->setTemplateParams(array('vendor'=>$Vendor));
$mailer->send();

Problem with ajax using symfony 1.4

I have a very strange problem when I using ajax in symfony 1.4. I've used the jobeet example (day 18) but it doesn't work
This is my indexSuccess.php
<script type="text/javascript" >
$(document).ready(function(){
$('#buscador').keyup(function(key)
{
if (this.value.length >= 3 || this.value == '')
{
$('#per').load( $(this).parents('form').attr('action'),
{ query: this.value + '*' });
}
});
});
</script>
<h1>Lista de personas</h1>
<p>Busque o cree registros de personas en el sistema (Estudiantes, funcionarios, docentes).</p>
<form action="<?php echo url_for('personas/index')?>">
<table>
<tr>
<td><input type="text" name="buscar" id="buscador"/></td>
<td><img src="/images/iconos/Search.png"/></td>
</tr>
</table>
</form>
<p style="font-size: 11px;color: gray;">Digite un nombre, apellido o número de identificación para buscar</p>
<div class="per" id="per">
<?php echo include_partial('personas/buscaPersonas',array('personass'=>$personass)); ?>
</div>
The jquery script detects characters in the input, when I write 3 or more characters it should load the div with id='per'. Here is my personasAction.class.php
public function executeIndex(sfWebRequest $request)
{
$this->personass = array();
if($request->isXmlHttpRequest())
{
$this->personass = $this->getRoute()->getObjects();
return $this->renderPartial('personas/buscaPersonas', array('personass'=> $personass));
}
}
When I load the page I dont want to see any result. So, when I do a ajax call, I should reload the partial "_buscaPersonas.php" with all results (just for try), but I load the _form.php partial.
This is my partial:
<table>
<?php foreach($personass as $personas): ?>
<tr>
<td colspan="5" class="tituloTD"><?php echo $personas->getNombre(); ?></td>
</tr>
<tr>
<th>Numero identificación: </th><td><?php echo $personas->getNumeroid() ?></td>
<th>Email: </th><td><?php echo $personas->getEmail(); ?></td>
<td> <img src="/images/iconos/editar.png"/></td>
</tr>
<?php endforeach; ?>
</table>
I've trying to find where is the problem but I not get it. When I use the button for normal search it works, load the correct partial but whit ajax load other partial.
Please somebody knows what is my error.
thanks
I think this due to the path of your load ajax function:
$('#per').load( $(this).parents('form').attr('action'),
{ query: this.value + '*' });
$(this).parents('form').attr('action') is certainly a wrong value.
Try this :
url_for('personas/index')
Finally I find the error. I dont know what happen but if I send data with the load function I have and error. So I had to send the data using the url, and is works:)
if (this.value.length >= 3 || this.value == '')
{
$('#per').load( "<?php echo url_for('personas/index')?>"+"?query="+this.value);
}

Resources