1144 comments found.
Hi loshMiS. I adapted your auth system to MSSQL using sqlserv driver for PDO. If you wanna add MSSQL support I can send you all changed files includes as.sql with tables creation. I changed only SQL requests. Bought your product yesterday night
Purchase Code: 6e908c38-2716-49d3-beef-9a59b5bbafe5
Hi loshMis,
I’m using your script to manage the content on my site and I found an issue!
My site is multi language and I’m using SEO urls for different pages in different languages. The problem happens with the crawling of facebook and other social sharing.
My default language is Portuguese and for this it works, but I get a server response 206 “Partial Content”.
But if i’m enter a url from another language, for example English, I use “setLanguage” function for set the correct language. This generates a 302 “Redirect” response code with an infinite loop for the crawler! How do I resolve these issues? Is it possible to set the language without an http redirect?
Thank you!
Hey,
Well, in that case, you will need to customize the setLanguage method inside ASLang class and remove the redirect part of it. You can also customize it to look for different parameters depending on if it should redirect or not. For example, you can make it to check if your url looks like following http://yourwebsite.com?lang=es&refresh=0 and in that case it should just update the language and render the page, without refreshing it.
Regards,
Milos
Hi,
Thanks for your response.
I understand the logic, but how do I change your script to update the language without refresh the page?
Hey,
I’m not sure that I understand your question exactly but the page has to be refreshed if you want to change the language. Basically, when you click on that flag to change the language it has to refresh the page so the server can render the page in a different language and send the response to the browser…
But, as I explained in my previous post, you can extend it so it only do the redirect back to the original page if there is no “refresh=0” parameter inside the url, which you can use for sharing on social media and stuff.
Regards,
Milos
Hi,
Already understood!
I then removed the redirect for the pages I want but there is a problem. When I access a url that is not in the cookie language, it renders the page with the language it had previously. Only after I refresh the page does it give me the correct content!
If I solve this, I have the solution I want. How do I resolve this issue without redirect?
Thanks for your help!
Hey,
Well, you can unset the cookie and just use session for those pages. If you check the “getLanguage” method inside ASLang class, you will see that it first checks for the cookie and if the cookie is not present it then tries to fetch the language from the session and, if session value does not exist then it will return the default language.
This means that you can disable (or remove) cookie for some pages (for example if refresh=0 parameter is present) or you can maybe modify “getLanguage” method to check if the language identifier is available inside the session before it checks the cookie. There are really a lot of options on how you can implement it and it’s up to you how you’ll make it work. 
Regards,
Milos
Hi,
Can your script be used on Wordpress theme?
I have bought a wordpress theme which allows me to create specific users’ roles which can be seen in Settings—> General in Wordpress Admin panel after I create them using built in features of the theme.
Can I create registration based on one of those users’ roles?
Cheers Thon
Hey Thon,
Unfortunately no, this script cannot be used with Wordpress, at least not with some huge modifications inside the source code and the structure.
Regards,
Milos
Hey LoshMis i found when my session is destory problem when i load multiple query in same . But i don’t know how i fixed it please can you help me . And one more problem when i try to login on mobile chrome browser it not working bt when i stop Data Saver on chrome setting it working but how i fixed it with Data Saver is on
Hey,
Can you please explain what exactly you mean when you say “when i load multiple query in same .”? Please also provide some code examples so I can see what exactly you are doing.
About the login on mobile, I really have not idea what can be a problem. Do you have the same issues with the demo website available at https://as-php.com ?
Regards,
Milos
I like your login program so far. I had a question and you may have answered it in the comments. Is there a way to get your login program to redirect a person back to the same page. Meaning if I protect the page event.php?ID=2
I want them to be redirected to that page right after they log in.
Thanks so much.
Hey,
Yeah, I already answered it in the comments but it’s not a problem to answer it again. Here is the original answer I posted few months ago:
Well out of the box there is no such option, however, it is pretty easy to implement. Here is how you can implement that:
Let’s say that when users click on your login link, you implement your login link to look like following: login.php?to=about.php
1. On top of login.php file, right after you require AS.php file and check if user is logged in, you can add this
$redirectPage = isset($_GET['to']) ? $_GET['to'] : get_redirect_page(); // get redirect page will return default redirect page for current user according to his role
ASSession::set('redirect', $redirectPage);respond(array(
'status' => 'success',
'page' => ASSession::get('redirect')
));Regards,
Milos
Thank you for replying. I found that code and tried it. it sent me to localhost/www/null (which localhost/www/ is my wampserver)
so I wasn’t sure if i was implicating it correctly and when I change the code it causes the login form to look funny. The login/create login/forgot password all shows on the page. So I think i’m implicating it wrong.
aslogin.php if (LOGIN_FINGERPRINT == true) { ASSession::set(“login_fingerprint”, $this->generateLoginString()); }
respond(array(
'status' => 'success',
'page' => ASSession::get('redirect')
));}login.php <?php include “ASEngine/AS.php”;
if (app(‘login’)->isLoggedIn()) {
$redirectPage = isset($_GET[‘to’]) ? $_GET[‘to’] : get_redirect_page(); // get redirect page will return default redirect page for current user according to his role ASSession::set(‘redirect’, $redirectPage); }
$token = app(‘register’)->socialToken(); ASSession::set(‘as_social_token’, $token); app(‘register’)->botProtection(); ?>
Thank you for your help and guidance.
Hey,
Well yeah, your code is wrong. Please check my comment again. You need to initialize this $redirectPage variable and stuff right after you include the AS.php file…
Of course, this will only allow you to pass the redirect page as “to” parameter, but you will need to actually pass that parameter when someone tries to access the protected page right before you redirect to login.php page. Of course, you can improvise it and store anything inside the session that you can use inside the ASLogin.php to determine the redirect page.
Regards,
Milos
Hello, I have an invalid token error.
I have included the following code within the form: <input type=”hidden” name=”= ASCsrf::getTokenName()” value=”= ASCsrf::getToken()” />
However I don’t understand how does ASCsrf.php has to be modified. Do I have to replace all of “private static function” or add to it?
Please advice how does ASCsrf.php has to look like.
Thanks
Hey,
You don’t need to modify ASCsrf.php file at all. All you need to do is to include the token field into the form, but you need to include it properly. The code you provided above is not correct since it does not have PHP echo tags. It should look like following:
<input type="hidden" name="<?= ASCsrf::getTokenName() ?>" value="<?= ASCsrf::getToken() ?>">Regards,
Milos
Hi. Just had a few queries about the advanced php login and user admin code. 1. Can i add my own fields about 10 to 15 to the profile?
2. Can i have different profile data form for different user roles?
3.how difficult is it to customise?
4. Would you yourself make one time code customisations for a fee? How much would that be?
Hey,
1) You can add any number fields you want if you are familiar with PHP.
2) Out of the box, all user roles have the same profile data form, but if you want you can customize it to fit your needs.
3) It is pretty easy to customize if you are familiar with object-oriented programming and PHP. I would recommend you to check the docs for more info about the app itself: http://docs.as-php.com/
4) Unfortunately, I’m not available for any custom work at the moment.
Regards,
Milos
How hard would it be to setup a Payment system in this?
Hey,
Well, it really depends on what exactly you would want to implement and how it will be used, but if you are familiar with PHP then there should not be any issues with integrating a payments system with it.
Unfortunately, as you know, AS does not have anything related to payment systems built-in at the moment.
Regards,
Milos
hi IoshMis,
I am having trouble with CSRF Token with my image upload xhr request…
var token_name = document.getElementById(“X-CSRF-tOKEN”).getAttribute(“name”); var token_value = document.getElementById(“X-CSRF-TOKEN”).getAttribute(“value”); var item_id = $(”#item_id”).val(); var xhr = new XMLHttpRequest(); var params = token_name+”=”token_value“&filename=”encodeURIComponent(file.name)“&item_id=”encodeURIComponent(item_id)“&path=”settings.path“&resize_to=”+settings.resize_to; var url = settings.path+”uploader.php?” + params; xhr.open(“POST”, url, true); xhr.send(file);
file is the image object
I will still get Invalid CSRF how can I include the CSRF token to the image file xhr.send(file) request?
Hey,
I’m sorry but your support for this item has expired. Please extend the support if you need it.
Regards,
Milos
How to stop Auto logout . its so embarrassing . please tell me how to stop auto logout fir random insert data or any changes
Hey,
Can you please explain how it is happening? Does it happen when you leave the website idle for some time and then try to perform some action or it just happens randomly while you are using the website?
It’s probably related to some server configuration issues and probably just changing the default directory where PHP stores the session files will do the trick, but I’m waiting for your response before I can give you some instructions on what you should update.
Regards,
Milos
when i update big data or load multiple data it will be automatically logout please . i need my session always active , when i click logout then session will be destroy . How i active session always
Hey,
From your response it looks like it has something to do with your PHP configuration since your session should not be terminated before it expires.
I would recommend you to do the following:
1) Create some folder somewhere on your server which will be used for storing the session files generated by PHP. Make sure that this folder is NOT accessible via HTTP and that your app can write to that folder.
2) Modify the “startSession” method inside ASSession class and add the following line right before “session_start();” function call, like following:
//...
session_save_path('/path_to_your_newly_created_folder_here');
session_start();This will tell the PHP to store session files into a folder that you can control instead to store it to /tmp folder (which is the default config) where your server can delete it to save space or something.
Regards,
Milos
Sorry LoshMis its still automatically destroy . When i load big data it will be session destroy .Not working . i need my session active what ever i do .
Hey,
Sorry for a bit late response, I’m currently on vacation and my responses are a delayed.
If you have implemented everything properly then there should not be any issues with it.
Can you please send me some temporary FTP/SSH credentials as well as the app URL so I can check and see what can be a problem? You can send the credentials via the contact form on my CodeCanyon profile page.
Regards,
Milos
hey there i wanna get this, but my question is can i add something to my prev pages so that they have to logged in, like members.mysite.com they sign in but then when they click a link that goes to reportbot.mysite.com they need to be logged in to view. Even if they just type Reportbot.mysite.com comes up with you need to login?
Hey,
Yes, of course. You just need to add one code snippet at the top of your page to allow access for logged in user only. It is explained inside the docs: http://docs.as-php.com/protect-your-pages.html
Btw, since you want to protect different subdomains, you will need to make the session cookie be available on subdomains too. The process is also explained inside the docs: http://docs.as-php.com/working-with-session.html#session-multiple-subdomains
Regards,
Milos
Hey,
It’s most likely because there are some conflicts with your code and the code from AS.
I would recommend you to move the include 'ASEngine/AS.php'; line at the top of your file and to enable debug mode (http://docs.as-php.com/developer-guide.html ) so you can see the errors on the screen while you are developing. When you see the actual errors, you will then be able to figure out what the issue is and to resolve it.
Also, in the code you pasted above you have 2 open <?php tags without closed php tag in between, so that’s most likely causing the issue…
Regards,
Milos
include ‘ASEngine/AS.php’; <?php
if (! app(‘login’)->isLoggedIn()) { redirect(“login.php”);
} require_once “recaptchalib.php”; require(‘mysql.php’); if (isset($_SERVER[“HTTP_CF_CONNECTING_IP”])) { $_SERVER[‘REMOTE_ADDR’] = $_SERVER[“HTTP_CF_CONNECTING_IP”]; ?> <!DOCTYPE html> <html lang=”de”> <head>
So Like this? also the login files are in members.mysite.com and this code is in members.mysite.com/projectupload/ is there anything i need to change?
Hey,
Not exactly. include ‘ASEngine/AS.php’; is PHP code, so it should be inside the PHP tag. Like I said in my previous post, you should only move this include line at the top, not the whole snippet. Your code should look something like this:
<?php
include 'ASEngine/AS.php';
require_once "recaptchalib.php";
require('mysql.php');
if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
$_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_CF_CONNECTING_IP"];
}
if (! app('login')->isLoggedIn()) {
redirect("login.php");
}
?>
<!DOCTYPE html>
<html lang="de">
<head>If your code is not at the same level as the as files, the only thing you need to update is the path to the AS.php file. So, if it the code from above is inside projectupload folder and the AS code is a level above, then your path to AS.php file should be something like
include '../ASEngine/AS.php';Regards,
Milos
i could kiss you right now! why didnt i think of that, chirst its like linux, Thanks my friend. sorry for asking so much, so say i want them to have a user level say “gold” to access this page i can do that right? and like “trail” cant access it
also for the path of the asengine/as, how do i set that up for a sub domain,
so my code above is now in reportbot.mysite.com and the login codes are in members.mysite.org i changed the setting in session config to .domain, what would the path be to talk to it.
Hey,
Yeah, you can allow users with “gold” role to access the page and restrict access for users with “trial” role. Check the docs for more info: http://docs.as-php.com/authorization.html#role-specific-content
In the case from above the path will depend on your server configuration and it’s something that I cannot help you with. But, in general, you need to find out the path to your root folder for “members.mysite.org” subdomain and the path to the root folder for “reportbot.mysite.com”. When you know the paths, you should be able to setup the include path properly.
Regards,
Milos
okay awesome great i got that, when i get too reportbot.mysite.com it goes to the members sign in page, but now that when i sign in, it keeps looping back to members area and wont go to the reportbot.mysite.com page it just keeps looping back to the members.mysite.com area. any thoughts on why this is?
is it caused by a redirection or something?
Hey,
Yeah, it is most likely caused by redirect because session cookie is not visible on reportbot.mysite.com. For it to be visible you need to update the ASSession as it is explained inside the docs: http://docs.as-php.com/working-with-session.html#session-multiple-subdomains
It means that, if your domain is “mysite.com”, then your startSession method should look like following:
public static function startSession()
{
//...
session_set_cookie_params(
7200,
$cookieParams["path"],
".mysite.com",
SESSION_SECURE,
SESSION_HTTP_ONLY
);
//...
}Regards,
Milos
Awesome! Thanks milo i appericate all the help, another thing sorry. The Nav Bar i added some things to it but i cant seem to find where i can make it seen by other users, also is it possible to make it seen by select user groups, like Usergroup Gold can see everything but usergroup silver can only see select things?
iv tried everything i looked in comments too and everything i try i get an error or internal 500 error. im using the same code above that you sent me, again im trying to rescrict the role “user” that isnt role “gold” from accessing that page. and i cant seem to get it to worl
Hey,
Well if you get 500 error it means that you are doing something wrong. I would recommend you to enable debug mode (check the docs) and to see what the error is about, so you can fix it.
About the navbar, it is pretty simple to filter things for specific user groups. If you check the templates/sidebar.php you will see how some things are filtered to display for admin role only. The same logic can be applied to any role, as it is described inside the docs: http://docs.as-php.com/authorization.html#role-specific-content
Regards,
Milos
Good morning, I just purchased your php register login system and am very happy with it so far! I just need to make a few changes, I want to get rid of the address and phone for users, both when adding users and also when they edit their profile. I only need their name, email, username and password stored.
I tried to remove the html code in the corresponding pages which seems to work fine for the admin user but when a normal user logs in I get errors. How should I remove those options?
Thanks! Luke
Hey,
Well removing those fields from HTML is not the only thing that you need to do. You will need to update the following files too:
1) Update ASLibrary/js/users.js file and remove address and the phone from there so they don’t get sent back to the server.
2) Update ASEngine/ASUser class and remove all occurencies related to address and phone.
3) Update the database tables and remove address and phone from there.
Of course, whenever you are doing some customization work on the app, I would recommend you to enable debug mode so you can see the errors on the screen: http://docs.as-php.com/developer-guide.html
Regards,
Milos
Hi, Milos. Facebook is saying:
In 35 days, we’re making a security update to Facebook Login that will invalidate calls from URIs not listed in the Valid OAuth redirect URIs field of your Facebook Login settings…
And it is also saying that https://xxxxxxx.com/vendor/hybridauth/?hauth.done=Facebook url will be invalidated.
Please, let me know what should I do. Thanks.
Hey,
Well just add the URL above to the list of “Valid OAuth redirect URIs” inside your facebook application settings and there is nothing to worry about.
Regards,
Milos
Ok. Done. Thanks! Regards.
hey , I want to make a session destroy , but I have no idea to write the code in ASSession, but I have a code on laravel.
Auth::login($user); $newSessionId = \Session::getId(); //get new session_id after user sign in
How to I transform this code to ASSession , I have try so hard but still failed , can you help me ?
if ($user->session_id) {
if (\Session::getHandler()>destroy($user>session_id)) {
// session was destroyed
}
}$user->session_id = $newSessionId;
$user->save();Auth::login($user); $newSessionId = \Session::getId(); //get new session_id after user sign in
if ($user->session_id) {
if (\Session::getHandler()>destroy($user>session_id)) {
// session was destroyed
}
}$user->session_id = $newSessionId;
$user->save();Hey,
I’ve just replied to your email.
Regards,
Milos
No 2 Factor?
Hey,
Unfortunately, as you can see from the documentation and the demo, there is no 2FA integrated into this script.
Regards,
Milos
Hi there, I am trying to delete some data from a table but can’t get it to work. I think there is a problem with my syntax, but I can’t see where.
Can you help?
Syntax is: $db->delete( “message”, “messageReceiverId = :uuid”, “messageFamilyId = :fuid”, array(“uuid” => $removeUserId, “fuid” => $removeFamilyId) );
I want to delete a record from the MESSAGE table where the messageReceiverId = uuid AND messageFamilyId = fuid
Hey,
Yes, your syntax is incorrect. The “delete” method accepts 3 parameters, and inside the example from above you have 4. It should look something like following:
$db->delete(
"message",
"messageReceiverId = :uuid, messageFamilyId = :fuid",
array("uuid" => $removeUserId, "fuid" => $removeFamilyId)
);Regards,
Milos
can i use it for multiple project and can i update it without any changes my customization
Hey,
One license of the script is for one end product only. To learn more about the licenses check: https://themeforest.net/licenses/standard
You will be able to update the script once a new version is released, and, since you will need to do it manually anyway, having it customized will just change the way how you update it, but the process is the same.
Regards,
Milos
while testing during development to incorporate AS into an existing site I on occasion get Invalid CSRF token. I don’t use ajax, and I do have the hidden input field on all forms.
I suspect that it happens when Iet a tab/window sit for a while and come back to it and the token has expired (?)
I see that last check in AS.php, and the die statement.
problem is that if it happens to a customer, all they get is a empty white screen with that message. Is there a way for me to capture that better in a page with a form and either regenerate token or display a message ?
Hey,
You get that message probably because your session expires, or something like that.
You should not regenerate the token for users and if you want, you can customize the message or redirect to some error page by replacing the “die” statement inside the AS.php file with a redirect or some other error message. Basically, you can do whatever you want there when invalid CSRF token is detected.
Regards,
Milos
Hi, I recently ported a project from another install of AS. I ran a clean install on the add-on domain, populated the database with the necessary fields for my project and began testing. However I have hit a wall -
Upon logging in I am presented with all the usual information I expect, but I am seeing many errors being printed to the page and logs.
[26-Jan-2018 09:40:58 America/Detroit] PHP Fatal error: Call to undefined function app() in /home/origins/public_html/crypto-huntr.com/initialise-database.php on line 3 [26-Jan-2018 09:40:58 America/Detroit] PHP Fatal error: Call to undefined function app() in /home/origins/public_html/crypto-huntr.com/get-votes.php on line 5 [26-Jan-2018 09:41:06 America/Detroit] PHP Fatal error: Call to undefined function app() in /home/origins/public_html/crypto-huntr.com/get-votes.php on line 5 [26-Jan-2018 09:41:06 America/Detroit] PHP Fatal error: Call to undefined function app() in /home/origins/public_html/crypto-huntr.com/initialise-database.php on line 3
When adding “include ‘ASEngine/AS.php’;” to initialise-database.php and get-votes.php I then get -
[26-Jan-2018 14:42:57 UTC] PHP Notice: Constant AS_VERSION already defined in /home/origins/public_html/crypto-huntr.com/ASEngine/AS.php on line 3 [26-Jan-2018 14:42:57 UTC] PHP Notice: Constant DEBUG already defined in /home/origins/public_html/crypto-huntr.com/ASEngine/AS.php on line 7 [26-Jan-2018 14:42:57 UTC] PHP Notice: A session had already been started – ignoring session_start() in /home/origins/public_html/crypto-huntr.com/ASEngine/ASSession.php on line 34
What could be causing this? There is no obvious issue that I can see, have I missed something somehow?
Another problem is that CONSTANTS set in the main parent PHP file are not returning as defined in the sub PHP files, despite them echoing correctly within the included php files.
The site has been migrated correctly and all the database entries are being pulled through okay something has failed massively though.
I might add that this was done on the latest version of AS, the demo site was hosted/ran on the version before that, but I haven’t copied any AS related files to the new install location. Have any functions changed/file locations?
Thanks
Debug mode defaults to on in 2.4, bah should have noticed! Ignore the above, turning off debug seems to have solved it
Hey,
Well turning off debug mode just means that the errors are not displayed on the screen, but they definitely still exist.
When you see “Call to undefined function app()” error it means that you don’t have the latest version of the ASEngne/AS.php file included at the top of your page.
An error which says “Constant AS_VERSION already defined …” means that you have included the AS.php file more than once.
Make sure that, if you are upgrading from an older version of AS, you have updated all files to be up to date and that there are no missing files since there are some new files inside the latest version of AS that were not there before.
Regards,
Milos
