1144 comments found.
I’d like to know which the minimum set of files I have to copy in the server for a full functional login system
Hey,
You need to copy all files except documentation and install folders for the application to work properly.
Regards,
Milos
Thanks, well copied.
hi,
could you give me quick hints on how to add custom fields to user_details :
i edited the html form on ‘profile.php’,
i edited the jquery ajax “profile.updateDetails()” in ‘ASEngine/js/profile.js’
i think i am missing the php mysql file to talk to db… 
am i close or is there much to do yet ???
sorry to ask directly, but i didn’t find anything in the comments or the doc about it..
thx raphael.
answering to myself : i edited also “ASengine/user.php” => i can now save a custom field from the profile page to the db
one problem remaining : the profile page doesn’t show the new value (that is stored in the db)...
speaking alone for one more time 
:
last file to edit : ASEngine/AS.Php
and voilà !! it looks like it is working i do some testing and add another custom field in user details and i ll try to let you know !!
Hey,
I’m glad that you figured it out. It is actually pretty simple, you just need some time to figure which parts of the application should be modified, but when you figure it out once it’s much easier next time. 
Regards,
Milos
- add a new field in as_users_details in your db
- in profile.php : add the form field with correct name and id
- in ASLibrary/js/profile.js : edit “profile.updateDetails” function
- in ASEngine/user.php :
- in the “add()” function, edit the Array : ” $this->db->insert(‘as_user_details’, array( edit_here ))”
- in the ” updateUser()” function, edit the array : ” $this->updateDetails($userId, array( edit_here )) “
- in the “getDetails()” function , edit the array returned if no user found
- in ASEngine/AS.php : edit the returned array in : ”$container[‘current_user’] = function ($c) { .... return (object) array( edit_here ) }
in case it helps someone
Also ASConfig file is missing in the download
Hey,
Of course that ASConfig.php file is missing. That’s how it should be since that file is generated after successful installation.
Regards,
Milos
Hi, the latest update you have remove isValidRequest in ASCsrf. What is the reason for that. Any issues if i keep the old code?
Hey,
You can keep the old code if it works on your server, however I’ve removed it since a lot of users reported issues with it on different servers and it doesn’t really improve the CSRF protection, so there is no reason to keep it there.
Regards,
Milos
Hi loshMiS,
I did the upgrade from 2.3 to 2.4 and there is a small problem.
The path to the “PHPMailerAutoload.php” file has changed and generates an error on the login page. I easily resolved by changing the folder path, but I think you should fix it.
The problem comes from “ASEngine/ASEmail.php”.
At line 10 you would be calling the path ”/../vendor/phpmailer/PHPMailerAutoload.php” and after the update you should call the path ”/../vendor/phpmailer/phpmailer/PHPMailerAutoload.php”.
I also noticed that you in version 2.4 no longer call this file. Should the change be made, or did you forget to ask for some more change in the new documentation?
Thank you.
Hey,
That line should be completely removed. It looks like I forgot to add it inside the docs that are packed with the application, but it added in online documentation that you should upgrade ASEmail.php file to the latest version: http://docs.as-php.com/upgrade-guide.html#upgrade-2-4
Btw, always check the online documentation since it is more up to date.
Regards,
Milos
Hi,
I have purchased this app lately and when I try to login through facebook, it redirects me to http://localhost:8000/login.php#_=_. It does not save any info on the as_users as well. The error that I receive on the debug file is “Authentication failed! Facebook returned an invalid user id.”. I have checked my app id and secret id’s and they are all correct.
Please suggest a solution to this.
Hey,
Thanks for getting back to me. I’ll check and let you know how to proceed as soon as possible.
Few questions I have about your setup:
1) How does your callback url looks like?
2) Which Facebook API version does your application use? Is that the newest version v2.10? You can get that info from developers.facebook.com where you have created the app.
Regards,
Milos
Hi Milos,
Thanks for your prompt reply.
My callback URL is set as http://localhost:8000/vendor/hybridauth/ and the API version is v2.10.
Regards, Monil.
Hey Monil,
Thanks for your reply. The problem is actually with HybridAuth version that is being used by the app for social authentication. New version of AS is ready to be uploaded to CodeCanyon and in this version those bugs will be fixed, but if you cannot wait for it just contact me via contact form on my CodeCanyon profile page and I’ll send you the zip file.
Regards,
Milos
Hi Milos. Sent you a PM
Hi Milos, I upgraded to the new version you emailed me. However, every time I create a new user, it comes up with an “undefined” error. The info does get added to the table but I do not receive a confirmation email. If you could help me fixing this.
Hey,
Hmm, that’s strange. Is that clean installation or you have modified something inside it?
Btw, version 2.4 is now official since it is released on CodeCanyon too, so it is the same as the one I sent you back then.
Regards,
Milos
Fresh installation..I did download the one on codecanyon as well but I still get the same error.
The social media login works perfect now. Creating a new user is giving the above error though
Hey,
Can you send me the url so I can check how it works? Also, don’t forget to enable debug mode so I can properly see the errors.
Regards,
Milos
Hi Milos..I am currently working on a localhost. But below are the errors I am getting for the create user and password reset page.
”/ASEngine/ASAjax.php – Uncaught exception ‘Exception’ with message ‘E-Mail could not be sent. Info: Invalid address: (punyEncode) noreply@localhost:8000’ in /Applications/MAMP/htdocs/PhpProject3/ASEngine/ASEmail.php:45 Stack trace: #0 /Applications/MAMP/htdocs/PhpProject3/ASEngine/ASRegister.php(102): ASEmail->confirmationEmail(‘monil83@gmail.c...’, ‘dad6656ea6d9c40…’) #1 /Applications/MAMP/htdocs/PhpProject3/ASEngine/ASAjax.php(13): ASRegister->register(Array) #2 {main} thrown in /Applications/MAMP/htdocs/PhpProject3/ASEngine/ASEmail.php on line 45 Stack trace: #0 /Applications/MAMP/htdocs/PhpProject3/ASEngine/ASRegister.php(236): ASEmail->passwordResetEmail(‘monil83@gmail.c...’, ‘7979de9ab55b19b…’) #1 /Applications/MAMP/htdocs/PhpProject3/ASEngine/ASAjax.php(21): ASRegister->forgotPassword(‘monil83@gmail.c...’) #2 {main} thrown in /Applications/MAMP/htdocs/PhpProject3/ASEngine/ASEmail.php on line 72
/ASEngine/ASAjax.php - Uncaught exception 'Exception' with message 'E-Mail could not be sent. Info: Invalid address: (punyEncode) noreply@localhost:8000' in /Applications/MAMP/htdocs/PhpProject3/ASEngine/ASEmail.php:72Hey,
Well it’s clear enough what the issue is from the error that you are getting. You should update the MAIL_FROM_EMAIL constant inside the ASConfig.php file to some email that has valid domain name, something like “noreply@localhost.dev” or just “noreply@localhost”.
You are getting this error because your mail server is refusing to send an email when the “from” email address is invalid, and in your case it is invalid because there is a port number inside of it and it looks like “noreply@localhost:8000”.
Regards,
Milos
Awesome..worked!!!
I purchased your “PHP Register / Login System” last week. I am trying to use it to recreate a front end use system where they kick off scripts that query a database and display results using Lazy_Mofo. The Lazy_Mofo script is fairly simple, just query the table and display the results in a pretty grid. I have that working on two different platforms with pretty much zero configuration. But, when I try it on the server with your login system it is like the lazy_mofo script does not even execute. I have verified other PHP scripts work, like phpinfo, the user can access mysql, the database and table.
Any idea if there is something in this System that prevents another PDO/PHP script from running?
Is there something in your system that prevents another PDO/PHP script from running?
Envato Marketplace purchase code: b9c44077-0514-47ee-82f7-e2fb797bb012
Just to follow up, The “PHP Register / Login System” is working fine. Got everything installed with no problem. Verified PDO is installed using ‘php -m | grep -i pdo’. Just having this one unusual issue. Not sure if it is related to the ASdatabase class or not.
Hey,
Nope, there is nothing inside the system which prevents another PHP script with PDO from running. There is probably something else related on how you have integrated your platform with AS. To be able to see the issues, make sure that you enable debug mode inside AS so you can see the errors on the screen, since that will help you to figure out what the problem is: http://docs.as-php.com/developer-guide.html#debug-mode
Regards,
Milos
Looks like my install script failed when installing mbstring. Enabling debug in AS allowed me to see the error. Problem solved. Thanks for your help!
Just replying here to limiting connections to one per user.
Is that something that you could customize for a fee?
I referenced this article but have not gone any further yet.
https://dba.stackexchange.com/questions/35183/mysql-maximum-number-of-connections-on-a-per-user-basis-possibleWould “Grant” provide the solution?
Thanks,
Tim
Hey Tim,
I’m really sorry but I don’t have time for any custom development work at the moment.
About this link you are sharing, this has nothing to do with application users. It is explaining how to limit number of connections for database users, which is completely different thing.
In a nutshell, what you would need to do is to implement database session handler (something like it is described here http://culttt.com/2013/02/04/how-to-save-php-sessions-to-a-database/) and then whenever a user logs in you check if there is already active session for that user and allow him to log in only if there are no active sessions. Hopefully this will help you to implement what you need.
Regards,
Milos
Quick question on limiting user logins in the software as I could not find anything mentioned anywhere.
Is there a way to limit user login to ensure only one user at a time is logged in at a time?
Thanks,
Tim
Hey Tim,
Unfortunately no, there is no way to limit user to only one active session at the time with AS.
Regards,
Milos
Imam pitanje vezano za ovaj library. Koji je najispravniji nacin da se doda jezik (nemacki)? Koji folderi su nakon instalacije nepotrebni (mozda documentation, install)?
Pozdrav
Zdravo,
Sto se tice dodavanja jezika, taj postupak je opisan u dokumentaciji: http://docs.as-php.com/localization.html
I da, documentation i install su folderi mozes da obrises nakon instalacije.
Pozdrav,
Milos
hi before buying, i d like to know how easy it can be to import existing users from a previous login script. could it be as easy as populating the db with existing user/email pairs and requesting users to use the “forgot password” link ?
also, how easy is it to get rid of the social logins (fb, googl, etc.) ??
thx raphael.
Hey Raphael,
You will just need to populate the db with existing user details and, since their passwords won’t be valid anymore, you will need to send them an email to let them know that they should reset their password by using forgot password feature.
And yes, you can easily get rid of social logins just by removing the HTML from login form and by removing one file responsible for handling social authentication callback.
Regards,
Milos
Hello, Is it able to disable the brute force login attemps check. thank you
Hey,
Nope, you cannot disable it without modifying the source code. Btw, your support for this item has expired. If you need my help or have any questions related to the item, please extend your support.
Regards,
Milos
Dear loshMiS! Please delete all my posts for the security of my site. Posts were intended for correspondence by email, and not for a forum. Thank you
Hey,
I’ve removed your comment where you pasted your sensitive information.
If your posts should not be public then you should not post them here inside the comments sections at all (since, as you know, that is public and visible to all users), and you should be using the contact form on my CodeCanyon profile page: https://codecanyon.net/user/loshmis#contact
Regards,
Milos
Дорогой loshMiS!
Убери, пожалуйста, все мои сообщения в целях безопасности. В дальнейшем я хочу получать support по емейлу, а не на колонке.
Почему такое неудобство с support?
Hello dear author, some days ago I purchased your Login System Script. Everything works fine, except one issue I cannot find the reason / solution.
The sites show different languages to choose at the top. (‘language.php’ included) But when clicking a flag to change the language, a 404 site appears,- site not found. Then using the back-button of the browser, the site appears in the chosen language…
I know that this happens cause of a wrong path, but I can´t find out where to fix that. I have included the ‘language.php’ to the login site, too. You can see this at https://www.itrena.de/clients-area2/login.php
What do I have to do to fix this?
Thanks a lot, Thomas
Hey Thomas,
Let’s fix it. : )
What’s the value of WEBSITE_DOMAIN constant inside ASEngine/ASConfig.php file?
Regards,
Milos
Hello Milos,
I tried different entries for WEBSITE_DOMAIN, already… Actually the value is: define(‘WEBSITE_DOMAIN’, ‘https://itrena.de/');
Regards, Thomas
Hey Thomas,
That’s how it should look (you can remove the ”/” at the end too), however it means that something else is causing issues. If you can, please send me some temporary FTP/SSH credentials so I can log in to your server and see why it works like that, since it definitely should not. You can send me the credentials via contact form on my CodeCanyon profile page.
Regards,
Milos
Hi Milos,
thank you very much for your active support!
This is worth a good rating…!
Regards,
Thomas
Hey Thomas,
No problem at all!
Regards,
Milos
How to return the admin password if the site is hacked?
Thank You
Hey,
Well if your admin email is correct, you can use forgot password feature. If not, you should update the email directly in db first, and then use forgot password feature to reset your password.
Regards,
Milos
Dear loshMiS!
Explain to me how to completely disable CSRF checking. I do not need increased security, but I just need the site to work. Please write me a clear instruction.
Thank you.
Hey,
It is highly recommended to have CSRF checking, but if you want to disable it, just remove following code snippet from ASEngine/AS.php file:
if ($_SERVER['REQUEST_METHOD'] == 'POST' && ! ASCsrf::validate($_POST)) {
die('Invalid CSRF token.');
}Regards,
Milos
Love this security app!
However, I’m getting an “Invalid CSRF token” when submitting from a form I’ve created in my admin area (it’s not an ajax-based form). Can you help?
Hey,
I’m glad you like the app. I’ve just added new section to application documentation which should help you with adding non-ajax forms to your admin area: http://docs.as-php.com/csrf-protection-and-forms.html
Regards,
Milos
can this work as an sso/login bridge?
Hey,
Unfortunately, as you can see inside the features description, it cannot be used for SSO out of the box.
Regards,
Milos
Hi Milos,
I would like to ask your help. I’m trying to add my own comment system to back-end of my site. But when I click the submit button its give me back the following error: Invalid CSRF token.
Can you help me please? Cheers Gabriel
Hey Gabriel,
I’m really sorry but your support for this item has expired. Please extend your support if you need my help.
Regards,
Milos
Hi Milos,
Ok. I will renew the support. But after that, can you help me with that problem? Thanks Gabriel
Hey Gabriel,
Of course.
Regards,
Milos
Hi Milos,
I renewed the support. So can you please help me? Thanks
Hey,
Thanks for renewing the support.
Ok, so I guess that you are not using AJAX to send that form, since for all ajax requests are configured to send the CSRF token automatically.
In your case, since you are probably just submitting the regular form, you will need to add the CSRF token manually inside one hidden field which looks like following:
<input type="hidden" id="token" name="<?= ASCsrf::getTokenName() ?>" value="<?= ASCsrf::getToken() ?>">So, just add the hidden field from above inside a form you are submitting and CSRF validation should work without any issues.
Regards,
Milos
Hi,
Still same problem.
Can I send you my php?
It just a few lines of code.
Thanks
Hey,
Yeah, you can post it here. Or just provide me a link to your app so I can take a look and see what can be a problem.
Btw, in order to be able to properly add this hidden input field, you must include AS.php file at the top of your PHP file where the form is located. But I guess that you did that already.
Regards,
Milos
I write you a PM.
Hey Milos,
Just would like to ask if you received my PM?
Thanks & Cheers
Gabriel
Hey Gabriel,
Yup, I received your email. Will get back to you as soon as I can.
Regards,
Milos
