1144 comments found.
Hi Milos, I need a login script that will allow levels, for example…. any user with level 5 or high can access this page and I need to sometimes check the level within the page. Thanks for your response
Hey,
Well you can use AS to accomplish that. In as you can create 5 different roles (you can name them however you want) and then do exactly what you have described above by checking the role for currently authenticated user.
Regards,
Milos
I can’t find in the documentation how to actually add the script to an existing php document, forcing the user to login to see the page. How do I accomplish this?
Also, how can I disable account creation from the login page?
Hey,
Ah, I’m sorry, I’ve just noticed that I somehow forgot to add that inside the documentation. So, to protect some website page, you just add the following PHP code at the very top of your PHP file for that page:
<?php
include 'ASEngine/AS.php';
if (! app('login')->isLoggedIn()) {
redirect("login.php");
}This code will prevent users that are not logged in to access the protected page and automatically redirect them to the login.php page if they are not logged in.
About disabling the registration, you will have to manually remove the HTML from that login page (login.php file) and then to remove the “registerUser” case from ASEngine/ASAjax.php file.
Regards,
Milos
hi Iosh, I’m an happy user of your beautiful script, I have one question for you…. I need an exclusive access with an url script, indipendent from the users password. How can I make this work with AS security? I was thinking to pass with the url a long custom string that identify the user and make him to login. Naturally the URL will be stored inside an application and it will never be visible to the user or shared with others.
Regards Tiziano
PS: Let me know only if you think that you can help me, if you can I will immediately renew the support for the script!!!
thanks
Hey,
Well that’s not ideal solution because if that string never changes, it will be easy for someone to access the url if he figure out (or somehow see) the string. If you want to make it like that, then you probably should regenerate the string every time when someone use it. But again, keep in mind that it is not the best solution from security standpoint and that it’s better to ask users to log in with their username and password.
Regards,
Milos
thank you for your reply! In your opinion can I make the cookie never expire if I logon from another page? (not the domain.com/login.php page, but domain.com/login2.php)
Hey,
Well having never expire cookies is not the best idea from security standpoint, but it is one of possible solutions.
Btw, as you know, your support has expired so please extend the support if you have any questions.
Regards,
Milos
8fd530ea-dd41-4ee0-bd70-7457d19ba991 – 19 Apr 2017 REGULAR LICENSE
Hello,
I just bought the regular license and need to make an app based on AS. Since I do all my development on a cloud (c9), I just want to check is it okay to have just one license because what I develop on the cloud is accessible only to me, and after I’m done I’ll install it again on a server for the site and transfer the rest.
Thanks
Hey,
Yeah, if source code is accessible only to you then that’s fine. 
Regards,
Milos
Hello, I bought AS today, I have some questions, my website will use an api (it’s a simple .php file) and I’m wondering where should I include that .php file? knowing that I’ll need to use functions from that api almost everywhere in my website even inside the register() function in asregister.php
Hey,
Well I’m not sure how your .php file looks like, but if you want the functions you have inside of it to be accessible inside all AS classes, just include it at the top of AS.php file.
Regards,
Milos
Hello,
This is the API I want to use https://github.com/BlockIo/block_io-php/blob/master/lib/block_io.php , basically what I want to do is that when a user register it’ll generate a new bitcoin address that will be associated with his account, I already have a “bitcoin_address” column in my as_users table, I did as you said I included the block_io.php in the top of AS.php and I did this edit in the register function in asregister.php :
$block_io = new BlockIo(APIKEY, PIN, VERSION);$this->db->insert('as_users', array(
"email" => $user['email'],
"username" => strip_tags($user['username']),
"password" => $this->hashPassword($user['password']),
"bitcoin_address" => $block_io->get_new_address(array('label' => 'test1')),
"confirmed" => $confirmed,
"confirmation_key" => $key,
"register_date" => date("Y-m-d")
));But when I try to register I’m getting an “undefined” error in the login page and the user is not added in the database, I don’t understand what did I do wrong, I’ll be very grateful if you could help me solve this issue.
Thanks.
Hey,
Well you should enable debug mode as it is explained inside the docs http://docs.as-php.com/developer-guide.html and fix the errors you are getting. It is related to BlockIo and how you integrated it into the app, so I cannot really help much in such situation. I believe that when you enable debug mode and see the actual errors you are getting it will help you to easily solve the problem.
Regards,
Milos
Hey There!
I am having difficulty getting Facebook login working (one of the reasons why I bought this). Social uri is set and so are the keys and app id. But whenever I click the facebook button I get:
Authentication failed! Facebook returned an invalid user id. I’ve been doing some research and I think it might be due to the app using an old version of hybrid auth. I would update, except it wouldn’t work on my php 5.3 server as the new hybrid auth uses newer syntax.
Purchase: 7f22cd39-99a2-4fe8-828f-20caff356524
Correction: now the error code is: Authentication failed! Facebook returned an invalid user id. I’ve been doing some research and I think it might be due to the app using an old version of hybrid auth. I would update, except it wouldn’t work on my php 5.3 server as the new hybrid auth uses newer syntax.
Hey,
Hmmm it may be the issue with hybridauth. Do you use the latest version of AS available on CodeCanyon?
Regards,
Milos
Indeed I am (version packaged with hybridauth 2.4.1). I read in a discussion that facebook changed their api a few months ago, and that the newer versions of hybrid auth have this resolved (I can’t test due to my server version). maybe check on your version to see if it is working just to rule out my ineptitude as a possibility.
Hmmm if you cannot update it I’m afraid that there won’t be an easy way to fix it. It will mean that you will have to edit the hybridauth source and fix it yourself, which is not recommended. You should consider upgrading to some newer PHP version.
I’ll fix this issue and release the update as soon as I can, but it will probably require some newer version of PHP.
Regards,
Milos
unfortunately I cannot update my webserver as my hosting provider hasn’t done that yet. the product was advertised with social login (which I need) and compatibility with php 5.3. if I can’t use the product I would like a refund so that I can find one that will fit my needs. kind regards, alex
Hey Alex,
Of course, you can request the refund here and I’ll be glad to approve it: https://codecanyon.net/refund_requests/new
Just a friendly advice, you should definitely consider changing the hosting provider since PHP 5.3 is getting really old and it is not supported and maintained for a while now.
Regards,
Milos
I know I know haha (I mean php 7 is out). I’ve been on their a** for a while about it. But I’ve got another year in my contract so nothing much I can do. I did like your script otherwise 
One thing, 2 days ago I finished making my site interactive and sent a mass email to the 150 users who signed up for it. Is there maximum for logins?
Here’s some of the the error log (it’s really long, so and all there errors are the same, so here’s the end). Could my server have deleted a file?
[29-Jun-2017 15:09:12 UTC] PHP Warning: session_start(): open(/var/cpanel/php/sessions/ea-php70/sess_300a4c7f7f1beabed10bd7cf1c4bcff4, O_RDWR) failed: No such file or directory (2) in /home/goodcyte/public_html/fiendcollectors.com/ASEngine/ASSession.php on line 34 [29-Jun-2017 15:09:24 UTC] PHP Warning: session_start(): open(/var/cpanel/php/sessions/ea-php70/sess_300a4c7f7f1beabed10bd7cf1c4bcff4, O_RDWR) failed: No such file or directory (2) in /home/goodcyte/public_html/fiendcollectors.com/ASEngine/ASSession.php on line 34 [29-Jun-2017 15:16:53 UTC] PHP Warning: session_start(): open(/var/cpanel/php/sessions/ea-php70/sess_300a4c7f7f1beabed10bd7cf1c4bcff4, O_RDWR) failed: No such file or directory (2) in /home/goodcyte/public_html/fiendcollectors.com/ASEngine/ASSession.php on line 34 [29-Jun-2017 15:40:25 UTC] PHP Warning: session_start(): open(/var/cpanel/php/sessions/ea-php70/sess_300a4c7f7f1beabed10bd7cf1c4bcff4, O_RDWR) failed: No such file or directory (2) in /home/goodcyte/public_html/fiendcollectors.com/ASEngine/ASSession.php on line 34
OK, problem solved. The server updated the PHP to 7.0. Can AS be updated for 7.0/7.1 php?
Hey,
Sorry for a bit late response. I’m glad you solved the problem.
Well the latest AS version available on CodeCanyon is already working properly on PHP 7.0 (demo site runs on PHP 7.0) so you should not have any issues with it. It is not tested on PHP 7.1 but it should work perfectly fine there too.
This error from above clearly says that session cannot be started because the folder used for storing session files (which is set in php.ini file) does not exist. You should make sure that it uses some folder that exists on your system.
Regards,
Milos
Hi there,
Congratulations on the success of your system. Well done. Unfortunately, I’m having the same problem another user had about 9 months ago. I can’t make it past the installation.
I have my own server on GoDaddy under my own domain. I follow all the instructions, but they leave me with questions. (I’m a technical writer who’s been writing installation instructions for decades.) Do I still indicate the “Host” as “localhost” even though this is a web server and not an xampp installation? Even after changing all the permissions to 777, I get the same error every time:
“SQLSTATEHY000 Access denied for user ‘dlrenny’@’localhost’ (using password YES)”
What am I doing wrong? I don’t understand why everyone else seems to have an easy time installing.
Thank you in advance.
Hey,
Thanks! Ok, I’m here to help. Lets see what can be a problem here.
You should set the Host to “localhost” if your database server is on your local server. If not, you should set it to where your database is located. If you are not sure about the db credentials, you should contact your GoDaddy support and they will let you know your exact database credentials.
From this error message you get it’s clear that your database credentials are correct. Either your host value is not correct or it is username/password.
Regards,
Milos
Thanks, I’ll look into that. What is “interesting” is that I get the exact same error even on my localhost (xampp on my C: drive). So it’s happening on any installation I’ve tried. I’m not supposed to create the MySQL database first, am I? I enter new usernames, passwords, and database names. Nothing works with always that error:
SQLSTATE[[HY000]] [[1045]] Access denied for user ‘name’@’localhost’ (using password: YES)
Hey,
That is really really strange. Do you have some other app that is using your database which you can use to test database connection? If not, here is an example PHP script that you can use to test database connection:
<?php
$hostname = "localhost";
$username = "your_username";
$password = "your_password";
try {
$dbh = new PDO("mysql:host=$hostname;dbname=mysql", $username, $password);
echo "Connected to database"; // check for connection
}
catch(PDOException $e)
{
echo $e->getMessage();
}Create new php file and paste the content from above into it. After that just update those variables at the top with your username and password and access this php file from a browser. You should get “Connected to database” if PHP is able to connect to your db.
Let me know.
Regards,
Milos
Hi,
I bought this script today and tried to follow the documentation. I am stuck while connecting to the database. I tried the following script and it says connected successfully. On mine, it doesn’t show all the system requirements checkboxes. And on the database info page, it says Connecting but never connects, even after half an hour, it is still trying to connect.
Can you please help?
My URL is: http://www.aspenresources.com.au/asprx/install/index.php<?php
// enable error reporting error_reporting(E_ALL); ini_set(“display_errors”, 1);
// database variables $DB_TYPE = ‘mysql’; $DB_HOST = ’’; $DB_NAME = ’’; $DB_USER = ’’; $DB_PASS = ’’;
try { $db = new PDO ; echo ‘Connected successfully.’; } catch (PDOException $e) { echo (‘Connection failed: ’ . $e->getMessage()); }
Hey,
It looks like there is something wrong with your server configuration (probably files permissions). Can you make sure that install/check.php file is actually executable and that you can access it directly via following url: http://www.aspenresources.com.au/asprx/install/check.php?action=requirements
Let me know if it fixes the problem.
Regards,
Milos
Hi Mate,
I’m using this product as a framework,I was wondering how I would go about adding a page that didn’t require a login, while keeping the members parts valid?
Thanks, Brad.
Hey Brad,
Well you can add any page and just omit the logic which is checking if user is logged in. So, you include the “AS.php” file at the top of your page and then you can do things like
<?php if (app('login')->isLoggedIn()): ?>
<p>this is visible to authenticated users only</p>
<?php else: ?>
<p>this is visible to non-authenticated users only</p>
<?php endif; ?>Regards,
Milos
hi I am having issue with CSRF Token. reading through the previous comment and trying different ways I still cant figure out a way to work.
I have 2 files
1. (edit_something.php) – a form that post xhr requests (not using jquery ajax) the url already has the token I am sending the TOKEN like this
include_once(’../ASEngine/AS.php’); var dataString = ’<?= ASCsrf::getTokenName() ?>=<?= ASCsrf::getToken() ?>’ + ‘&item_id=’ + item_id; var xhr = new XMLHttpRequest(); var params = dataString + images_order_string; var url =’./post.php?’ + params;
2. (post.php) – the php that receives the xhr url string and process some data into database and this php also needs to retreive the $userid for some processing of data.
include_once(’../ASEngine/AS.php’); $userid = ASSession::get(“user_id”); ...... some other code for processing that requires the $userid
post.php will process fine if i remove
include_once(’../ASEngine/AS.php’); $userid = ASSession::get(“user_id”);
and have $userid=3; hard coded.
but when it is included like this, it is giving me error
Uncaught SyntaxError: Unexpected token I in JSON at position 1 at JSON.parse (<anonymous>)
how can post.php get the $userid without getting the CSRF Token error? I am already sending the token across to post.php
thank you. (I didnt have this issue using the Vanguard Login System) but I need login system with PHP instead so I can modify it. but not much experience with CSRF and not sure how ur codes work together. is include_once(’../ASEngine/AS.php’); checking the CSRF?
ar dont worry I actually figured it out adding
if (self::isValidReferer()) {
return true;
}but I am interested which is the code that grabs the CSRF and valid it? isValidReferer() doesnt seems to be grabbing the CSRF code?
Hey,
I’m glad you figured it out.
At the bottom of AS.php file you will see how ASCsrf::validate() method is called when request type is POST. That’s where the validation happens.
Regards,
Milos
Hi Mate,
I got this as a framework to try build a site from..
I’ve added some additional pages which submit data to my database, and I am getting ‘Invalid CSRF token.’ when trying to submit.
How can I stop this?
Thanks, B
Hey,
Do you use ajax for submitting the forms or not? If you are using AJAX, then AS comes already configured to send CSRF token with each AJAX request. The only thing you need to do in that case is to include the following two javascript files before your javascript code:
<script src="assets/js/jquery.min.js"></script>
<script src="ASLibrary/js/js-bootstrap.php"></script>However, if you are not using AJAX, then you will need to add CSRF token to each form you create so it can be properly sent to the server. Check my response here for more info: https://codecanyon.net/item/advanced-security-php-registerlogin-system/5282621/comments?filter=all&page=41#comment_16062833
Regards,
Milos
Hey, thanks for the reply.
hi dear i was order the form may html website not wordpress it dos work thank you
Hey,
I’m sorry but I’m not sure that I understand your question, but if you are asking if you can use AS on your HTML website, then yeah, you can if your server supports the AS script itself. The only thing you need to do is to change the extension of your files from ”.html” to ”.php” and to add following php code at the very top of any page that you want to protect:
<?php
include 'ASEngine/AS.php';
if (! app('login')->isLoggedIn()) {
redirect("login.php");
} Regards,
Milos
disregard this comment. thanks
Is there a way to disable the lock out with multiple password failures? We will have many people using the same user and password, and can’t have them locked out if someone else errors 3 times or 3 people error once.
Hey,
There is no way to disable it completely, but you can set it to some high number (like 100 or 200 for example) which should still be there to protect you from brute force attacks, but it will allow much more “password failures”. This number is defined as LOGIN_MAX_LOGIN_ATTEMPTS constant inside ASEngine/ASConfig.php file.
Regards,
Milos
Milos—One other question, too – thanks. Is there an admin page where user accounts can be managed? I didn’t see this with the screenshots. Thanks.
Hi, IoshMis — I want to purchase your Secure Login product - but I have one question. I understand the PHP-side install. However, do I add HTML code that is provided in the PHP application TO THE WEB PAGE? I’m not sure how I link the web page to the PHP application.
Would this be correct? 1. I create a blank web page with buttons like: “Register” and “Login” 2. I link each of these buttons to the PHP Applicatoin 3. In the PHP Application I designate the Follow-thru Page. 4. The User—if they enter the right UN/PW, goes to the designated page.
I saw your install materials—they are very clear but I don’t know how to create the LINK from my web page.
Thanks! Karl
Hey Karl,
The process you have described is correct, you can link to the AS login page and when use click on “Login” link he will be redirected to the login page. After he provides the username/password, he will be redirected to any other protected website page.
Now, to protect some website page, you just add the following PHP code at the very top of your PHP file for that page:
<?php
include 'ASEngine/AS.php';
if (! app('login')->isLoggedIn()) {
redirect("login.php");
} This code will prevent users that are not logged in to access the protected page and automatically redirect them to the login page if they are not logged in.
I hope that I explained how the system works a bit more clearly now.
You should always check the demo to see the app in action: https://as-php.com/login.php
As you can see on item description page, demo credentials are:
username: admin password: admin123
Regards,
Milos
Hi
I now bought the Advanced login Script. I have looked into the code and added 3 columns in the user details table. Also forms are updated and js scripts.
However there is some problems and I hope you can hint about what I can have forgotten. The update of user details work as it should. Strangely one column does not get updated as the others. It is called town and I cant see any difference in the code.
The insert of new customers does NOT insert the new fields at all. Where can I have missed. Please a hint and I will find the problem
Regards
Anders
Hey Anders,
I’ve just replied to your email. Just turn the debug mode on and you should be able to easily debug it and see what is causing the issue.
Regards,
Milos
Hi, Milos. Is there a simple way to migrate my Advanced Security system – with almost 1k users – to Vanguard? Please, describe the process, if possible.
Hey,
Well Vanguard is completely different application, with completely different database and code structure. So it means that you will basically have to rewrite most parts of your application, and to force your users to reset their passwords when you complete the rewrite process and when you import your users from AS.
So basically, if you are familiar with Laravel and you want to rewrite your app, you will have to do everything manually, page by page, and once everything is ready you will need some small php script to import users from your current app.
Regards,
Milos
