1144 comments found.
I been using your script for over a year during different projects, and I love it. I am having a issue, which I can’t figure out. I know my support has expired so I understand if I don’t get an answer.
All my pages load and work as intended, but I keep getting this message in my error_log every time a page is loaded:PHP Notice: Undefined index: REQUEST_METHOD in /var/www/html/ASEngine/AS.php on line 123
Hi. I just bought your script and I really like the way it works. What I would like to know how to include in the registered persons, links to different pages I really need they see, not only post comments or see the profile. Thanks Ramon (polarwhite48@gmail.com) Purchase code is: 25e13167-d36d-4d91-b518-a36c5f3bbb2a
Hey,
I’m glad you like the script. 
You can edit the HTML files and add any links you want. For example, if you want to update the sidebar and add new links, you can do it by updating the templates/sidebar.php file.
Regards,
Milos
The Nav’s height is so big that covers the most of sidebar menus on mobile.
Hey,
Yeah, you are right. Thanks for letting me know. You can easily fix this by adding the following CSS at the bottom of ASLibrary/css/style3.css file:
@media (max-width: 768px) {
.bs-docs-sidenav {
margin-top: 100px;
width: 100%;
}
#form-details .form-group,
#form-changepassword .form-group {
width: auto;
}
}Regards,
Milos
I got a general question. I am learning programming. Although I succeeded to install it, the document was a little vague.
When I installed, I downloaded the zip file on my computer then unzipped and uploaded all of it to my ‘login’ folder. and I started installing on /login/install/index.php.
Is this the right way? Should I now delete the /login/install folder and its content? I would like to know what is not necessary like the document directory.
At last, Is there any uninstaller?
Hey,
Yes, that’s the correct way to install it.
You can remove the install and documentation folder after the installation. It’s not necessary to remove them, but you can if you want. All other files are required for app to work properly.
And no, there is no uninstaller. You will need to manually remove the files from the server.
Regards,
Milos
Hi! System seemed to install as it should, but when I try to log in form says “Logging In” but nothing happens. I tried to reinstall but that didn’t help either (I cleared the data from database before reinstalling).
Hey,
It’s probably because of some error on the server-side. Do you have the app installed somewhere online where I can check it and see what can be the problem?
Regards,
Milos
It’s on a test server https://www.panoraama.com/ruka_2018_04_18/login/login.php
Hey,
As you can see by monitoring the network requests (check http://docs.as-php.com/developer-guide.html#debugging-ajax-requests for more info), this is the error message returned by the server:
Catchable fatal error: session_regenerate_id(): Failed to create(read) session ID: memcache (path: tcp://172.xx.x.xxx:11211) in /home/u45243/public_html/ruka_2018_04_18/login/ASEngine/ASSession.php on line 69It looks like there are some issues with your memcache session handler when session_regenerate_id() function is called…
Regards,
Milos
I have several AJAX and normal forms to send POST. js-bootstrap.php loads alright but “Invalid CSRF token.” every where!
Hey,
Are you sure that js-bootstrap.php is loaded after the jQuery but before your own scripts? About the regular, non-ajax, forms, you need to include the CSRF token manually as it is explained inside the docs: http://docs.as-php.com/csrf-protection-and-forms.html
Regards,
Milos
O.K i got 2 php files to protect. the first one is my own admin-only page including a form and requesting Ajax. The second one does not have any HTML and does processing the request from first one by reading from and inserting into my DB. I put the code on both pages to protect them. include_once $_SERVER[‘DOCUMENT_ROOT’] . ’/advanced-login/ASEngine/AS.php’; if (! app(‘current_user’)->is_admin) { redirect(WEBSITE_DOMAIN.’/’); }
I found out ‘Invalid CSRF token’ message is from the second one. It just returns ‘Invalid CSRF token’ even if there’s only ‘hello world’ after the protecting code. What should I do? There’s no form on second file
Hey,
It doesn’t matter what’s inside the file. If it is a POST HTTP request you need to provide CSRF token for that request like it is explained inside the docs…
If you are using AJAX to send the request, make sure that you include js-bootstrap.php script as it is explained inside the docs.
Just in case you are serializing the form before you send it, the CSRF token might not be automatically appended there and you will need to add it manually by either appending it to the serialized form data or by adding the hidden input field inside the form so it can be properly serialized by jQuery. Again, this is only if you serialize the form. If you are sending a JSON object as a request body, you just need to have js-bootstrap.php file included.
Regards,
Milos
Alright, i found that it has no problem with another file processing a normal form, which has the protecting code. So, Ajax is the issue.
I don’t really know javascript so I only got the Ajax code from somewhere with which I have to build the url parameters and its values on my own. I guess that is the cause. your document does not describe how to build the ASCSRF token. What to do in my case?
<input class="url-input" type="text" id="app-to-search" name="app-to-search">
<input type="button" id="app-search-btn" value="search" />//JS
document.querySelector(’#app-search-btn’).addEventListener(‘click’, function(event){
var xhr = new XMLHttpRequest();xhr.open('POST', './get-app-info.php');xhr.onreadystatechange = function(){var result = xhr.responseText;document.querySelector('#app-info').innerHTML = result;}xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");var _data = '';_data += 'app='+document.getElementById('app-to-search').value; /* ?app= */xhr.send(_data);});
Hey,
Well, since you are not using jquery you will have to manually append the token to the data you are sending.
You can do it like following:
//...
var _data = '';
_data += 'app='+document.getElementById('app-to-search').value;
_data += '&_as_csrf_token=' + _data._as_csrf_token;
//...Of course, you need to include js-bootstrap before any of your code to actually make it work.
Regards,
Milos
js-bootstrp.php has always been loaded. no problem with loading it.
O.K it kinda works. However, I got two input fields and js script codes like above on a page actually. those codes request to the same file ’./get-app-info.php’, which gets a different parameter selectively depending on which input button.
I put the code on both script code.
data += ‘&_as_csrf_token=’ + _data._as_csrf_token;
but only the first input field works. the second input field still gets “Invalid CSRF token.” message. Even though I put the code snippet only inside the second script, it never works.
oh, never mind. it works now
Why ASEngine Folder (writable) folder gets ‘x’ on 775? I uploaded with my ubuntu user so it owns the folder. Why did I have to set it 777. Why?
Hey,
It’s not absolutely required to have 777 permissions. You just need to have that folder writable so script can be installed properly. After the installation you should change permissions so the folder is not writable, for security purposes.
Regards,
Milos
Hello, how is it possible to disable the Add User/Registration? that is to remove it form the panel, it is a must while developing an application. Thanks!
Hey,
Check my response to your previous comment. Basically, you will need to remove or comment out the HTML and PHP code for those parts that you don’t need inside the app.
Regards,
Milos
Hello, how can I disable User Registration? It is needed while under development of application.
Thanks
Hey,
The only way to disable it is to actually remove the HTML for it. Basically, just edit the login.php file and remove the HTML related to the user registration. Also, you will need to remove the “registerUser” case from ASAjax.php file, to make sure that it’s not possible to submit the registration request manually. And that’s all you need to do.
Of course, if you want, you can add one variable/constant in AS.php file which you can then use to determine if registration is enabled or not and to render the HTML accordingly.
Regards,
Milos
dear friend, i have been trying to update a database via your database query but it only gives me this error:
ile is an image – image/png.The file krita.png has been uploaded. Notice: Undefined variable: user_id in blablabla on line 98
Fatal error: Uncaught PDOException: SQLSTATE[42S02]: Base table or view not found: 1146 Table ‘zeroBitMarket.as_users_details’ doesn’t exist in ASDatabase->update(‘as_users_detail…’, Array, ‘user_id = :id’, Array) #2 {main} thrown in
im trying to put a file address to the database with the user id as reference. Thanks.
Hey,
Well, as the error message says, the table “as_users_details” does not exist. There is an “as_user_details” table if that’s the one that you want to use.
Regards,
Milos
Wow, 4 hours of sleep a day doesn’t help, an “s”... thanks a lot. It works!.
Hey.
I get always an error in my ajax from: Invalid CSRF token. Without including the protection in the edit.php it works, of course. What i am doing wrong?
// index.php Ajax form
include 'templates/header.php';
<div class="btn btn-primary" id="add-more" onclick="createNew();">Add</div>
<table>
<thead>
<tr>
<th>Name</th>
<th />
</tr>
</thead>
<tbody id="table-body">
<?php
$stmt = $pdo->prepare("SELECT * FROM table ORDER BY datum DESC");
$stmt->execute();
while($row = $stmt->fetch()) {
?>
<tr class="table-row" id="table-row-<?php echo $row->id; ?>">
<td contenteditable="true" onblur="saveToDatabase(this,'name','<?php echo $row->id; ?>')" onclick="editRow(this);"><?php echo $row->name; ?></td>
<td><a class="btn btn-xs btn-danger" onclick="deleteRecord(<?php echo $row->id; ?>);">Delete</a></td>
</tr>
<?php
}
?>
</tbody>
</table>
function saveToDatabase(editableObj,column,id) {
$.ajax({
url: "edit.php",
type: "POST",
data:'column='+column+'&editval='+$(editableObj).text()+'&id='+id,
success: function(data){
$(editableObj).css("background","#FDFDFD");
$("#status").addClass("success").html("Done").fadeIn().delay(1000).fadeOut();
}
});
}
include 'templates/footer.php';
/// edit.php
include 'ASEngine/AS.php';
if (! app('login')->isLoggedIn()) {
redirect("login.php");
}
$id = htmlspecialchars($_POST["id"]);
$editval = htmlspecialchars($_POST["editval"]);
$column = htmlspecialchars($_POST["column"]);
$stmt = $pdo->prepare("UPDATE table SET $column = ? WHERE id = ?");
$stmt->execute([$editval, $id]);
if($stmt) {
echo "ok";
}
Hey,
You need to provide the CSRF token when you submit the form. Please check the documentation for more info: http://docs.as-php.com/csrf-protection-and-forms.html
Btw, I would recommend you to post data as JSON object instead of appending it manually parameter by parameter, since it makes things a bit easier.
Regards,
Milos
Hi, I got this message when I move to another page “Invalid CSRF token.” using form action. the result page has your code above the page to protect the page.
Any aidea how to solve?
Hey,
You need to provide CSRF token while submitting the form. Please check the following documentation article: http://docs.as-php.com/csrf-protection-and-forms.html
Regards,
Milos
Hello. I have added some pages which add/edit custom tables and records in the database. It’s been a while since I did any serious coding, so I’m trying to familiarize myself with PDO statements. Your documentation on database queries has been helpful. But I’m having one problem.
When I go to edit a record, I can update every field in the record successfully except the “id” field that I’ve created. The field is not auto increment, it’s a value that is manually entered. Here’s my code:
$ui = $_POST[‘uu’]; <- hidden field recieved containing original id
$db = app(‘db’);
$db->update(‘instructors’,
array(‘id’ => $_POST[‘uid’],
‘name’ => $_POST[‘uname’],
‘address’ => $_POST[‘uaddress’],
‘mobile’ => $_POST[‘umobile’],
‘post’ => $_POST[‘upost’] ),
“id = :id”,
array(“id” => $ui) ); <- Is this the WHERE statement?
Every time I attempt to update the id field with a new value, it does not update. No errors, it simply retains the original value. I don’t think I grasp the syntax of the PDO statements for updating records well enough because I can’t identify the problem.
Your help is appreciated, thank you in advance.
Hey,
Hmm that is strange. It should update without any issues since your query seems correct.
Is the “id” the only field that is not being updated after you run the query or none of those fields are being updated? Also, are you sure that ”$ui” actually contains the value that you expect?
Regards,
Milos
Correct, “id” is the only field that will not update. All other fields will update. I’ll triple check my work on $ui to make sure it’s what I expect and I’ll get back to you.
Ok. I added
echo $ui;
after the line that established that value. Then below I added
if($db){ echo $_POST[‘uu’].’ to ’. $_POST[‘uid’]; }
In my test the original ‘id’ value was 355. I attempted to update it to 356. Once I clicked the update button, on the following page it displayed ‘355’ at the top, then a little further down it displayed ‘355 to 356’ so apparently all the values are getting passed through correctly.
Could it be because I have the ‘id’ field set as primary and unique that the updates aren’t being applied? I don’t think that would matter, but I’m just reaching at the moment.
Also here’s my test environment: MacBook Pro, macOS High Sierra 10.13.3, running MAMP 4.2, PHP 7.1.8, MySQL 5.0.12, checking work in Safari and Firefox.
One more thing… the tables for AS Login are sharing a db with Wordpress. The goal is to have a frontend public website for this company (Wordpress) and have this backend separate for their client base (AS). Just so you have your head wrapped around what I’m trying to do. The AS files are in their own subfolder.
This behavior is also true in other tables which have an ‘id’ field. Just reproduced the issue in a different table.
Hey,
Ah, I see what the issue is. The reason why it is not being updated is because of the same parameter name. For example, when you say
$db->update(
"instructors",
array('id' => $_POST['uid'] ),
"id = :id",
array("id" => $ui)
);"update" method call, it will create a PDO parameter named ”:id”. This is the same parameter that you are manually adding when you say "id = :id", and PDO won’t know which one to use. The solution is to just change the name of the parameter you use in WHERE part of the query to something else, for example: $db->update(
"instructors",
array('id' => $_POST['uid'] ),
"id = :idp",
array("idp" => $ui)
);Regards,
Milos
Thank you Milos! Works beautifully now.
author your demo not working please check n fix this problem
please fix problem when user forget username please cuz i forgot my username after register
Hey,
Can you please explain what exactly is not working? From what I’ve checked, everything is working as it should. If you forgot your username, I would recommend to login as admin and find it in a list of users.
Regards,
Milos
want to buy this , if it gives session username to logged in users and prevent multiple login for the same user account if enabled
Hey,
Unfortunately, you cannot prevent multiple login for the same account with AS. For that to achieve, you will need to customize it and modify session handler to use database for keeping session information instead of files.
Regards,
Milos
Hi, I love your script but I need the login be from Email instead username. Is there any way I can change the script to login using email. ? If don’t please tell me how much would cost for you do this customization.
Thank you
Hey,
Unfortunately, I’m not available for some custom work at the moment. About using email instead of the username, I’ve already answered that few comments above. Here is the link to the comment: https://codecanyon.net/item/advanced-security-php-registerlogin-system/5282621/comments?page=49&filter=all#comment_18995863
Regards,
Milos
Facebook login.. “Can’t Load URL: The domain of this URL isn’t included in the app’s domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings.”
https://mentaldev.amazoserv.com/login.phpMy App ID & secret are right, amazoserv.com and mentaldev.amazoserv.com are in app domains. https://mentaldev.amazoserv.com/socialauth_callback.php is in valid Redirect URI’s in the Facebook login settings. My website URL is set as https://mentaldev.amazoserv.com/. Please help! 
I can’t turn off strict mode for redirect URI’s looks like this has come in this month, could this be the issue? Does this need an update to work?
Hey,
It looks like your configuration is correct. Can you try to set the redirect URI in Facebook login settings to https://mentaldev.amazoserv.com/socialauth_callback.php?hauth_done=Facebook and let me know if that solves the issue?
Regards,
Milos
That’s done the trick, thank you Milos! When there is an auth error though or something goes wrong, the FB secret key is leaked in the error. Is there any way to stop that printing out?
Hey,
No problem. For production, you should always turn off the debug mode: http://docs.as-php.com/developer-guide.html#debug-mode
When debug mode is turned off there won’t be any errors displayed to your users.
Regards,
Milos
Brilliant, thank you very much! Awesome script.
One of my customers was asking whether his current internal admin system (developed by myself) could automatically copy some selected data to the internet (also no problem for me) to be accessible by his customers. Meaning :
Customer A logs in and will automatically routed to his directory “CUSTOMERA” for instance Customer B logs in and will automatically routed to his directory “CUSTOMERB” for instance Customer C logs in and will automatically routed to his directory “CUSTOMERC” for instance …and so on
So each customer can only look at his own data on his own directory (data that exists of webpages, files, documents,… that I can provide automatically )
So I am looking for a user login script that redirects the user to his own data.
Per customer more than one user of the same company should be able to login. An admin section to check which customers have been logged in
Can your php-script manage this situation ?
Thanks ! Jan
Hey Jan,
Unfortunately, you cannot protect the whole directory with AS. You can protect the pages only and make it so only specific group can access a specific page.
Although you can modify the app to fit your needs, I would recommend you to try to find something that is a better fit from the start for your project.
Regards,
Milos
I’m writing a accounting system and I would use login system. My question is:
We have 4 levels of users. Admin can do everything but the others can usage a part of the program every user level will use different section or can add but cannot delete.
Can we do this. For each level we will be restrict some parts?
Hey,
Yes, of course, you can easily restrict parts of the application based on the user role/level, as it is explained in the docs.
Regards,
Milos
Hi, I just bought your product and it looks really neat. I am however in need of a configuration tweak. My system does not use a username for login, we require email and password. What’s the easiest/fastest way you recommend we go about doing this?
Thank you in advance
Hey,
Here are the modifications that you need to make in order to use email instead of the username for login:
First, you need to update the HTML for login form inside login.php file.
If you decide to change the name of username text input to “email” (and change its id from ”#login-username” to something else), then you will have to edit ASLibrary/js/login.js file and update it accordingly.
After that, just go to ASEngine/ASLogin.php and update userLogin method to check for user’s email instead of username, and you should be good to go.
One more thing, don’t forget to update “checkLogin” case inside ASAjax.php file to actually pass $_POST[‘email’] instead of $_POST[‘username’] to ”$login->userLogin” function call (of course, do this only if you have changed the name of the field in HTML and login.js).
Regards,
Milos
Thank you. I had to make a lot more modifications so I went a slightly different route but I have to say this module is very pluggable and I like it very much as a component of an existing project.
