1144 comments found.
Hello, when I create a new user, by clicking on account creation, I have an error message “undefined” instead of “successful registration, please consult your mail.
Thanks
Hey,
That’s probably something related to the server setup. Can you send me the URL to the script so I can check it and see what can be an issue?
Regards,
Milos
Hey,
I’ve checked your installation and it looks like you have some issues with email sending which causes the script to timeout.
Basically, if you check the actual ajax request that is being sent to the server on registration (if you are not sure how to do it, check the docs: http://docs.as-php.com/developer-guide.html#debugging-ajax-requests ) you can see that the request is in “pending” state for a long time and then server just returns 504 response with “The page you are looking for is temporarily unavailable…” message. Now, I’m not sure why your server won’t send the emails properly, but it might be related to wrong credentials (if you are using SMTP) or to some incorrect configuration for mail transfer agent, if you are using regular php mail() function.
I would recommend you to use some external SMTP server that you are sure is working properly, since, as I explained above, the issue is most likely related to the email sending.
Regards,
Milos
I did tests and I diagnosed, the page login in English, it works, I have the message “Registration successful …...” but with the login page in French, I always this error message “undefined” ..
Regards
Hey,
Yeah, I see what you are talking about. Have you maybe edited that Lang/fr.php language file?
Regards,
Milos
Hey, Yes, I edited it
Hey,
Well, in that case, make sure that there is no blank line or even an empty space before open <?php tag, since that’s what is causing the script to return “Headers already sent…” response. Also make sure that there is no closing ?> php tag at the end of the file (that tag is not there in the original file, but I’m not sure if you have added it maybe).
Regards,
Milos
Hey, sorry
I think that the file fr.php is correctly configured because I have the translations and I have the view of the modifications that I made on this file (view in admin). this variable “success_registration_with_confirm” is on which files, apart from fr.php?
Hey,
“success_registration_with_confirm” exists in all language files from “Lang” directory…
Can you please send me the fr.php file to stojanovic.loshmi at gmail.com so I can check it and see how it looks?
Regards,
Milos
it’s done, I sent you the file
Hey I tested to avoid again the file fr.php from the source files, I always have this messafge of error during the creation of a user account, only in French language
Thank you Milos, I stop there in my investigations, I will use the language of Shakespeare. thanks again for the time spent
Hey,
No problem at all. That’s really strange since I tried the file you send me with a fresh installation of AS and it is working properly, so I’m really not sure why you have issues with it on your server.
Maybe if you have modified some other files across the AS that’s the reason why it’s not working as expected. However, since it is only happening with French language file it makes it even more strange… I’m afraid that the only way to find out what the issue is is if you start with a fresh install of AS, update fr.php file to the one you sent me and then proceed with those other changes you made, one at the time and test registration after each change. It can be a painful process but it looks like it is the only way to find out what’s causing the issue.
Regards,
Milos
Hi there, I can’t test the API calls of your demo
Hey,
You are probably talking about Vanguard, since that’s the script which has the API, not AS, right?
And yes, API is disabled for demo application, but you have complete API documentation with all the responses available, so that is more than enough to understand how it is working.
Regards,
Milos
if ($_SERVER[‘REQUEST_METHOD’] == ‘POST’ && ! ASCsrf::validate($_POST)) { die(‘Invalid CSRF token.’); }
This is preventing me from sending any post requests. Please sandbox it to only to AS System.
Hey,
Of course that it is preventing you to send any POST requests without valid CSRF token. That’s actually the whole point and making it working only for AS specific system will leave your application vulnerable to CSRF attacks.
Please check the documentation about how you can send the CSRF token on POST requests: http://docs.as-php.com/csrf-protection-and-forms.html
Regards,
Milos
Hi!! is it possible to have an input – example Id Number – in the registration form, that validate if this Id exist and then the user can continuous with the registration form? For example, if this Id exists in the system then the user can finish the register, if not, it couldn’t. Thanks!
Hey,
I’m sorry but your support for this item has expired. Please extend it if you have any questions.
In general, yes, you can extend the registration form and make it work like that, but you will need to do it manually of course, by editing some JavaScript, HTML and PHP files.
Regards,
Milos
Hi Iosh, how do I bypass the the “email and captcha field” for the registration form so that new registration just require a username and password?
Also, is there a way to obfuscate the registration area so that only users that pay can be directed to the registration area and become members? I want to prevent anyone from direct linking to the registration page and just becoming a member.
Hey,
You will need to modify the form manually to achieve that since it’s not possible to customize it like that from configuration parameters.
About allowing access to the registration page only for paid users, you will need to implement that too, since payment system does not come out of the box with AS. Basically you will need custom registration form (more like a wizard) where you can have multiple steps where first one will be for them to pay the fee and then be redirected to next step which is picking their username and password.
Regards,
Milos
Hi, How can i use my own class? I want to add Template engine. But I can’t find any instruction for that…. I tried to add (vendor/composer/autoload_classmap) but system doesn’t read my class . And also I added it to AS but no solution.
Hey,
Well if you want to add your classes you need to be familiar with composer and how it autoload files. This means that your autoloading must be configured through composer.json file.
For example, if you place your class inside ASEngine directory and run composer dump-autoload your class will be accessible across the project. This is because in composer.json file it is configured to autoload all classes from ASEngine directory. You can configure it for any other folder too.
If you don’t want to use composer autoloading (which I would not recommend), then you can always require your class directly at the top of ASEngine/AS.php file.
Regards,
Milos
Hi,
I am liking your app, but there needs to be a way to increase the session timeout, without messing with php.ini. Also would be nice if you can add a remember me option to keep the user logged in always.
Thanks
Hey,
Of course there is a way to do it. Please check the following section inside the documentation: http://docs.as-php.com/working-with-session.html#session-lifetime
Unfortunately “Remember me” feature won’t be added soon, but I have it in plan for some future releases.
Regards,
Milos
Hi thanks for the last question answered it worked perfectly. Now my web site after login goes to a page same as the unlogged in page but with all the options a member gets. I would like to add welcome back (user name) to the top of this logged in page only is this possible within your scripting. Best regards Mike
Hey Mike,
As it is explained inside the docs ( http://docs.as-php.com/current-user.html ) you can get the currently authenticated user by using app('current_user'). When you get the info about currently authenticated user, you can easily display his first name, last name, and other available info.
Regards,
Milos
We currently use uLogin PHP Authentication Library, http://ulogin.sourceforge.net/, when we started testing for PHP 7.0 & 7.1 I found problems. uLogin has not been updated since 2013 so I guess it’s time to move on. before I buy your product I have some questions.
have it been tested with PHP 7.0 and 7.1
our user profiles are extended compared to examples I see in your demo/docs. I expect that I have to write a wrapper around your user profile where I can call your routine and then add insert/update of our extra fields (sitting in a separate table)
Our site doesn’t (yet) use bootstrap, from your docs it sounds like that should not be a problem. ie we can plug-in your routines, replace existing function calls with calls with yours (in principal) Thanks /P
Hey,
Yes, it is tested and working on PHP 7.0 and 7.1 (demo website is running on PHP 7.1).
You should be able to easily wrap/modify any AS code you need to make it fit your needs. And yes, bootstrap is used just for design, and with some small modifications you should be able to make it work with your design.
Regards,
Milos
First, great job Iosh! This pack serves me almost perfecly, altough, I’m looking for a way to autorize Multi-role. Can you point me to the right direction on how to do it? Eg. a SalesManager user has a role SalesManager but it also it will need temporarely access to role MarketingManager (covering holiday leave for eg).
Alternativelly, I could instead of autorizing Roles to my sections, autorize permitions, and each role would have certain permitions. Eg User > Role > Role Permition
Which one would be easier? Any help is appreciated.
Thanks
Hey,
Thank you, I’m glad you like the app. 
In Vanguard one user can have only one role, but multiple permissions. So, in your case, I would recommend to add permissions that you want to have and then assign them to specific roles whenever you want.
Regards,
Milos
Hi Milis. I havent realized you have an upgraded version, the vanguard. Its exacly what I want! Is there a way to upgrade my license from AS to the Vanguard? Or surender my current AS licence in order to buy a Vanguard license? Im very happy to find the exact functions I need on this upgraded login system Thanks
Hey,
You can purchase Vanguard and request refund for this item, and I’ll be happy to approve it.
Regards,
Milos
I am having an error. I am not using Ajax at all and I have this in all my forms. <input type=”hidden” name=”<?= ASCsrf::getTokenName() ?>” value=”<?= ASCsrf::getToken() ?>”>
The user gets this Invalid CSRF token when they have been idle for a short time and then they try to load a page or submit a for. Here is my session information from ASSession.php. I do not think the session is timing out but I cannot figure it out. I did buy your product any help would be most appreciated.
session_set_cookie_params( 32400, $cookieParams[“path”], $cookieParams[“domain”], SESSION_SECURE, SESSION_HTTP_ONLY );
Hey,
Well it looks like for some strange reason session is timing out. Let’s figure out what the issue is.
Can you provide me the link to your script installation so I can take a look? If you don’t want to share it here, you can send me the link through contact form on my CodeCanyon profile page.
Regards,
Milos
Hi, I have a problem with invalid CSRF token and Ajax.
I have created a very simple test setup. The AS package is installed in folder ‘login’ under the site root. Installation went smoothly.
On succesfull login, the user is directed to a new page, main.php, in the site root. This also works perfectly.
In the main.php page, I do a Ajax call to a simple php script, get_text.php, that simply returns a json-encoded string. The call is done from the $(document).ready() event. This also works.
This is the ajax call:
$.ajax({ url: “get_text.php”, type: “post”, contentType: ‘application/json; charset=utf-8’, data: JSON.stringify({test:”test”}), dataType: “json” }).done((text) => { alert(text) }).fail((xhr, status, errorThrown) => { alert(“main.php: ” + errorThrown); });
The main.php and the get_text.php files has the include statement at the top: include ‘login/ASEngine/AS.php’;
I also have the this in the main.php file:
<script src = “cdn/jquery.min.js”></script>
<script src = “login/ASLibrary/js/js-bootstrap.php”></script>
After login, the user is directed to main.php, which all works, and the ajax call to get_text.php is made.
However, the response to the ajax call is: Invalid CSRF token.
What am I doing wrong?
Hey,
Well I guess that the issue is because you stringify the data you are sending. I would recommend to either send data as
data: {test:”test”}data: JSON.stringify({test:"test", "_as_csrf_token": _data['_as_csrf_token']})P.S. This _data is defined inside js-bootstrap.php file, and that’s the reason why you will be able to use it like I explained above.
Regards,
Milos
Thanks for quick response.
I copied your code to stringify the token, but I still get the same error.
I can see that the token is send to the server as part of the JSON-encoded data, but it is still not recognised by the server:
_as_csrf_token d8ddd85464f78992f96188ff58dae3c5ae088743test testIs there anything else I need to do on the server? I am using PHP.
On the server side, I decode the data in my scripts using this statement: $post = json_decode(file_get_contents(‘php://input’), true);
Should I do anything with the token?
I have tried the other option to not stringify the data, but I still get the same error.
I have also tried without any data in my ajax call and only the CSRF token is send to the server, but I still get the invalid CSRF error.
I am lost now, anything else I can try?
This is what I have now:
$.ajax({
url: "get_text.php",
type: "post",
contentType: 'application/json; charset=utf-8',
dataType: "json"
}).done((text) => {
alert(text)
}).fail((xhr, status, errorThrown) => {
alert("main.php: " + errorThrown);
});
Hey,
Hmmm I’m really not sure why you have such problems. Can you try to remove “contentType” and/or “dataType” attributes from that JSON call and see if it will work properly?
If not, please provide me some temporary FTP account and send me the credentials through contact form on my CodeCanyon profile page, so I can take a look and see what is causing the problem here.
Regards,
Milos
The problem was : contentType: application/json.
Once I removed that, everything is working.
Thanks for your help
Hi there, great script just a couple of questions, 1. how do I make it return to login page and not go to comments wall unless requested. 2 Is it possible to add a payment method to the login page before users can login. Regards Mike
Hey Mike,
I’m glad you like the script.
1) You can setup redirect pages per role (or default redirect page) inside ASConfig.php file. Check the following link for more info: http://docs.as-php.com/configuration.html#login
2) You will need to add payment method to the login page by yourself, since something like that does not come with the script out of the box.
Regards,
Milos
Had problems with creating table. But it was related to permissions. I was to quick with applying role-based permissions on the DB…
hello dear milos, we can use this script on php 7.xx? thanks
Hey,
Yes, latest version of AS available here on CodeCanyon will work properly on PHP 7.x.
Regards,
Milos
Hello,
I know it’s possible to forward a new user to a specific URL using REDIRECT but is this possible to redirect everytime the user to the specific URL without showing the homepage?
Thanks
Hey,
I’m sorry, I’m not sure that I understand your question exactly. Do you mean to actually disable access to the home page for specific user role?
Regards,
Milos
Yes, that it. for example: http://mysite.be is my website with the login page i have multiple user that access to external website after logged but when they comeback to http://mysite.be they have access to a home page, but this is useless for them. They need to be forward to the external url after going back on http://mysite.be
Thanks
Hey,
Well it is pretty easy to accomplish actually. All you need to do is to add some checks at the top of index.php page (or basically at the top of templates/header.php file, which is a part of all pages in admin area) which will redirect the user to some external website whenever he access the page. For example, you can add the following code at the top of header.php file (right below the code it checks if user is logged in):
// We will redirect users with role "user" to
// some external website defined inside the ASConfig file.
if (app('current_user')->role == 'user') {
redirect(get_redirect_page());
}Regards,
Milos
Hello, thanks for your reply but if i add this code inside index.php or header.php, i have a blank page showing when i go to: http://mysite.be
Hey,
The above code is just an example. I assumed that you want to redirect users with role “user” to some redirect page defined in SUCCESS_LOGIN_REDIRECT array. If that’s not the case then of course that it won’t work for you, but you can apply the same logic to any other situation and user role.
Btw, don’t forget to enable debug mode http://docs.as-php.com/developer-guide.html#debug-mode while you are developing since it will allow you to see all the errors on the screen.
Regards,
Milos
Milos, I am about to install a SSL certificate on my website/domain. Can you tell me what changes should I need on the script?
Hey,
Well all you need to do is to update the ASConfig file and replace http://yourdomain.com with https://yourdomain.com and everything should work as expected.
If you want to have the whole website be accessible through HTTPS only, then you might consider setting SESSION_SECURE to true inside ASConfig file. More info about this parameter is available inside the documentation: http://docs.as-php.com/configuration.html#session
Regards,
Milos
Hi Milos.
I just switch host and now users cannot create account or reset password. Console is showing: “(...)ASEngine/ASAjax.php 500 (Internal Server Error)”.
I checked permissions and it is 755 for ASEngine folder and 644 for ASAjax file.
Any guess?
Thanks
And the strange thing is that login works well, and it also uses ASAjax.php file, right? I cannot understand why…
Found the issue. Log says:
“Fatal error: Uncaught Exception: E-Mail could not be sent. Info: SMTP connect() failed. in (...)/ASEngine/ASEmail.php:74”
So, after I moved to Godaddy from Bluehost, smtp stopped working. I even switch from sparkpost to Amazon SES (verifying domain again) , and nothing.
If I configure script to use ‘mail’ instead of ‘smtp’, everything works well.
Any hint?
Hey,
Well it looks like there are some issues with your SMTP credentials. Are you 100% sure that the credentials are correct?
When you configure it to use “mail” instead of “smtp” it will rely on your server configuration for sending emails (it will use standard php mail() function), which means that email sending will work only if you server is properly configured.
Regards,
Milos
It seems that Godaddy doesn’t like external smtp services. Any way to resolve that? I don’t want to rely on php mail…
Hey,
Well unfortunately there is no way to resolve it if your hosting provider does not allow you to connect to external SMTP servers. I would recommend you to contact GoDaddy support and ask them about this issue, maybe they can help you with some configuration for external SMTP services.
Regards,
Milos
Hi Milos,
When I’ve been trying to upload files to server using send() of XMLHttpRequest(), I got CSRF token error. Can you teach me how I could use the function sending CSRF token correctly? I have no issue to use Ajax and html form applying your guideline, but don’t know how to do with this send() function.
function sendFile(file) { var uri = “test_page.php”; var xhr = new XMLHttpRequest(); var fd = new FormData();
xhr.open("POST", uri, true);
xhr.onreadystatechange = function() {
if (xhr.readyState 4 && xhr.status 200) {
alert(xhr.responseText); // handle response.
}
};
fd.append('myFile', file);
// Initiate a multipart/form-data upload
xhr.send(fd);
}Thank you.
Hey,
Well you can easily send the CSRF token value just like you would do with any other value. And you can get the actual CSRF token like following:
var csrfToken = _data._as_csrf_token;Of course, this will only work if you have included <script type="text/javascript" src="ASLibrary/js/js-bootstrap.php"></script>
Once you have the CSRF token, you can easily send it to the server by appending it to the formData object, like following:
fd.append('_as_csrf_token', csrfToken);If you are not sure why you need to include js-bootstrap script and how it exactly works, just check the ASLibrary/js/js-bootstrap.php file itself and you will understand how the things are being done since it is pretty simple file.
Regards,
Milos
How to make password input more complicated? Consists of uppercase and small letters and numbers.
Has every AJAX transaction been prevented for SQL injection?
Hey,
You can update the validation by modifying the register.validateRegistration function inside ASLibrary/js/register.js file to make it work however you want.
AS uses PDO parameterized queries for interacting with DB, so all database queries are being “escaped” to prevent SQL injection and it doesn’t matter if the query comes from AJAX request or maybe if you don’t use AJAX in your project by you just utilize the ASDatabase class that comes with the script.
Regards,
Milos
