loshMiS

loshMiS supports this item

Supported

This author's response time can be up to 1 business day.

820 comments found.

Hi loshMiS,

I finished installation without any error, but failed to login using admin account. It said “Wrong user/pass combination”. What should I do next?

Thanks for the hint Milos!!! I got 500 Internal Error message, and the process stops at ASAjax.php in ASEngine folder. Thanks for your very fast response btw!

Milos, I figured it myself. It’s about improper folder and file permission. Logged in admin panel now. Thanks for your great help!

Hey,

Great! I’m glad that it is working now. :)

Regards,

Milos

Hi There, I am having an issue installing the Advanced Security PHP Register/Login System. I have gone through the installation process but after clicking install the button continues to keep saying installing with an icon rotating. For more than one hour now.

I get this erros message in the debugging console of the browser

SCRIPT5007: Unable to get property ‘message’ of undefined or null reference install.js (129,21) SCRIPT5007: Unable to get property ‘message’ of undefined or null reference

Hey,

There is some error with it, installation should not take more than a second or two.

Please check this section on how to debug ajax requests: http://docs.as-php.com/developer-guide.html#debugging-ajax-requests

Now, when you open Chrome Dev Tools, and you are monitoring the Network tab, run the installation again and let me know which errors you get on request that is being sent when you click “Install” button.

Regards,

Milos

OK sorted it out, install folder was not accesable

Hi Milos,

Recently I couldn’t add new user in the admin panel. After filling info sot the new user such as email, username and pass, I press ADD. I received no error, but the new user didn’t appear in the user list.

Please advise, Thanks so much

Hey,

AS uses MySQL auto-increment fields for such things, and it does not take such things into account. Thats really something you should not worry about, since it don’t affect how application works at all.

Regards,

Milos

Milos, Thanks so much for your help so far. I have another thing arose when developing my application using your very great framework. I saw in the documentation that we can perform methods such as $db->insert for INSERT, $db->update for UPDATE etc. My question is that could In perform ALTER and other standard SQL queries by using the ”$db->” syntax? Yes because I need more tables in the database and I love the way you code to query. Many thanks!

Hey,

Of course you can. ASDatabase class extends PDO, and you can use any PDO method you want. Check http://docs.as-php.com/database-queries.html#database-queries, there is link to PDO documentation available on that page.

Regards,

Milos

Hi. As an admin, I would like to receive an email each time a new user registers.

I tried hacking “ASRegister.php” file, inserting a php mail function at the end of “public function register($data)”, but had no success.

Can you show me how to do it? In the future, I will need to post a request to Slack after each registration as well, so I need advice.

Thanks!

UPDATE: 1) Nevermind the first question. I inserted the mail() function after the “return” statement…so dummy!

Hey,

I don’t have any update planned for near future, except if it has to be released in case of some security fix or something. But even if I release it, there won’t be a lot of modifications inside the source code for sure.

Regards,

Milos

Hey,

I don’t have any update planned for near future, except if it has to be released in case of some security fix or something. But even if I release it, there won’t be a lot of modifications inside the source code for sure.

Regards,

Milos

Hey,

I like your source code.I bought it But can only be downloaded to version 2.3 Can you give me the old version?(Version 1.1 、1.2、1.3、2.0、2.1 2.2)

My Email:bcsdue1982@gamil.com

Thank you very much。

Regards,

penguin563

Hey,

You can only download the latest version of the script, which is what I recommend too. I can probably pull the older versions from VCS, by it’s really not recommended to use them instead of the latest version.

Is there any particular reason why you would want those versions?

Regards,

Milos

Hey, because 1.Completely new installation wizard→style and vue.js(More than the scope of my ability),but vue.js is good 。 2.Minimum PHP version required is now PHP 5.3z

3.new versions installation wizard has a problem. in new versions chrome or ie

maybe Ajax… The installation can not display the error

Regards,

penguin563

Hey version 2.3,Form serialization does not work。 Installation tips are not available This is my installation encountered problems。 Thank you very much。 Regards,

penguin563

Hey, I offer you a link to my test. Installation step2,No tips,chrome v57.XXX http://50.6.180.171/install/index.php

Thank you very much。 Regards,

penguin563

Hey,

It has nothing to do with AS version. There are problems with your server configuration, and older AS versions won’t work there too. Are you sure that your permissions are properly set for PHP, js and other files and that they are executable?

You should also check your server log, since the HTTP request which is responsible for fetching server info from your server is returning 500 server error.

Regards,

Milos

Does the Advanced Security – PHP Register/Login System allow an administrator to approve a registration before it is approved?

Hey,

As you can see in demo, there is no such thing built into the app out of the box. You will have to implement that additional step yourself.

Regards,

Milos

Hi, Milos. How are you?

Well, I have a problem here. I have a file with a form. I am sending this form through AJAX. I have other file that receives this form data to send an email with it. The email function is inside ASemail class (ASemail.php file). I wrote it, based on the confirmationEmail function that was already there.

The file where the form and the jquery AJAX function are has the template/header.php file. I tested sending the form and echoing an “OK” string whithout refreshing the page and everyting went fine.

Then I placed the mail function on it, including first the /ASEngine/AS.php file. Now I get Invalid CSRF token as a response from the AJAX function.

Here´s the file that is processing form data:

include_once dirname(__FILE__) . '/ASEngine/AS.php';

if(!isset($_POST['mailuser']) || 'sim' != $_POST['mailuser']) {
    echo "No way";
    return;
}

if(empty($_POST['titulo']) || empty($_POST['mensagem'])) {
    echo "No way";
    return;
}

$titulo = trim($_POST['titulo']); //title
$mensagem = trim($_POST['mensagem']); //message

$mailer = app('mailer');            
$mailer->userEmail('xxxxx@gmail.com', 'Joe', $titulo, $mensagem);
echo "Mensagem enviada!"; //message sent
exit;

BTW, I tested this mail function, placing it at another file and calling it directly on loading the file (with harcoded values) and the email was sent.

So I guess the problem is, the file that processes form data receives the CSRF token but do not send it to the ASEmail.php file. Is that correct? How to solve this?

Thanks for any help.

Regards,

Mauro

Hey,

It’s not a good idea to remove CSRF protection.

Can you please provide me the url to your script so I can take a look and see why CSRF token is not being sent?

Regards,

Milos

“It’s not a good idea to remove CSRF protection.”

But it is a protected page, that can only be seen by admin (me). With this form I am sending messages to registered users.

I would need to give you access as admin to see that…

How would you check that? I can do it and show you the results.

Hey,

In that case it’s not a big deal, but just make sure that only you can submit the ajax request, since from above code anyone can submit the ajax request (check ASAjax.php file since there is “onlyAdmin” method that you can use).

Regards,

Milos

squidraj

squidraj Purchased

I have purchased the register/login system. I understand that this is specially designed to use with ajax. But I was wondering if there is any way to use without ajax like just a normal form submission. One more question that is how can I send email in my local. I have installed in my local and now when I am using forget password thing it gives me an error message. (Fatal error: Uncaught exception ‘Exception’ with message ‘E-Mail could not be sent. Info: Could not instantiate mail function.) Many thanks.

Hey,

Of course that you can use it without ajax, just in that case don’t forget to include the csrf token in each form you create, like following:

<input type="hidden" name="<?= ASCsrf::getTokenName() ?>" value="<?= ASCsrf::getToken() ?>" /> 
. There is one more thing that you need to edit, and that is the ASCsrf class itself. You need to modify isValidRequest method there to look like following:
private static function isValidRequest()
    {
        return self::isValidReferer();
    }

About emails, you will have to use some external SMTP server to send emails from localhost.

Regards,

Milos

BlvdHome

BlvdHome Purchased

I am not seeing a sample in the documentation on how to secure a page. Please help. I have only 1 page to secure with 2 users.

BlvdHome

BlvdHome Purchased

I got it figured out

BlvdHome

BlvdHome Purchased

Trying to add an item to the navigation if user is logged in. Found this code in the docs

$role = app(‘current_user’)->role;

<?php if($role != ‘user’): ?>

Leave comment
<textarea id=”comment-text”></textarea> <button class=”btn btn-success” id=”comment”>Comment</button> <?php else: ?>

You can’t post comments here until admin change your role.

<?php endif; ?>

but where do I put it, and does it need to be in some sort of container?

Hey,

Which navigation exactly? If it is sidebar, then check templates/sidebar.php file and you will see how those sidebar items are being rendered. If you want to modify the header, check templates/header.php file.

The code you posted above is just an example of how you can render something according to the user’s role. If you want to check if user is logged in, then just use app('login')->isLoggedIn() which will return true if user is logged in.

Regards,

Milos

Hi,

I recently purchase your app (my code is 5b5fb876-e65b-49fc-a445-bd6aedfedde5) , but the facebook login is not working (is the first that i tried and and did not try the other social login) The error message is “Wrong social auth token!”

Tell me if you need more log/test.

Regards.

Hey,

Can you provide the link to your application so I can see what can be a problem with it? Are you able to log in as administrator?

Regards,

Milos

Hi Milos.

Here is the code:

    <?php include 'templates/footer.php'; ?>

    <script src="assets/js/sha512.js" type="text/javascript" charset="utf-8"></script>
    <script src="ASLibrary/js/asengine.js" type="text/javascript" charset="utf-8"></script>
    <script src="ASLibrary/js/index.js" type="text/javascript" charset="utf-8"></script>
    <script src="ASLibrary/js/profile.js" type="text/javascript" charset="utf-8"></script>
    <script src="https://gitcdn.github.io/bootstrap-toggle/2.2.2/js/bootstrap-toggle.min.js"></script>

    <script>  

    $( document ).ready(function() { 
      //Tratando do formulário de opções
      $('#form-zera-options').submit(function(e){
        e.preventDefault(); // Prevent Default Submission
        $.ajax({
          url: 'edital-user-options.php',
          type: 'POST',
          data: $(this).serialize(), // it will serialize the form data
              dataType: 'html'
        })
        .done(function(data){
          $('#op-atualizadas').fadeOut('slow', function() {
            $('#op-atualizadas').fadeIn('slow').html(data);
           });
        })
          .fail(function(){
          alert('Ajax falhou...'); 
        });    
        //this.reset();
      });

    });

    </script>

Well, the answer is “Invalid CSRF token.”

Console shows no CSRF being sent. I this related to the jquery function that serialize form data? If not, why?

Thanks.

Hey,

Thanks for providing the code here. Yes, it looks like when you send serialized form it doesn’t append CSRF token to the data being sent to the server.

One easy solution for you is to add the following hidden input field inside your ”#form-zera-options” form, like following:

<form>
//...
<input type="hidden" name="<?= ASCsrf::TOKEN_NAME ?>" value="<?= ASCsrf::getToken() ?>" />
//...
</form>

This means that once form is serialized, CSRF token will be serialized too and sent automatically to the server.

Regards,

Milos

Great idea! Thanks.

Hi Milos,

Today I tried to include the AS.php to a php file created by myself, let say upload.php. Any time I include by

include ’../ASEngine/AS.php’;

then my upload.php script stops at the include statement, and the error is file not found.

Because I am 100% sure that the include path is correct, I tried to comment the last 2 lines of AS.php, then my code runs well without error. The last 2 lines of AS.php read:

if ($_SERVER[‘REQUEST_METHOD’] == ‘POST’ && ! ASCsrf::validate($_POST)) { die(‘Invalid CSRF token.’);

Could you please explain why I comment these IF, then everything is fine?

I include AS.php many places in other php files, but this is the first time I face this error when trying to include in upload.php? Does that mean there is a bug in the upload.php file that I write today?

Thanks so much!

Hey,

You are probably not sending the CSRF token while you are uploading the file, and since you probably don’t use AJAX for that, it is not being sent automatically.

Check my answer here to see what you need to do to fix it: https://codecanyon.net/item/advanced-security-php-registerlogin-system/5282621/comments?page=41&filter=all#comment_16062833

Regards,

Milos

Hi Milos,

Honestly I don’t really get your point in the link you provided. Do you have any link that has more details about CSRF in your app?

I also have a couple of questions:

1. In other php files that I developed, I used GET method and had no problem with CSRF. Should I change from POST to GET in this situation?

2. Do you have an example for a proper way of submit form and file using ajax combined with your app?

I am quite new to webapp so having a lot of questions! Hope you don’t mind and Thanks so much!

Hey,

Let me explain it a bit more. All POST requests to the application (those are requests that can change the application state) must contain valid CSRF token. If you are using ajax for sending requests it is automatically configured to send CSRF token on each request (check ASLibrary/js/js-bootstrap.php file to see how) so you don’t have to worry about sending it manually.

However, if you want to submit a form without using ajax, then you need to add the hidden input field which contains CSRF token, and to slightly modify ASCsrf class, like it is explained on the link I provided above.

About other questions,

1) You don’t have to change anything. CSRF token is required for POST requests only since those should be the requests that can change application state (update the database etc).

2) Unfortunately I don’t have such example, but it should not be a problem since that request should be the same as any other ajax file upload request. Don’t forget to turn on the Debug mode (http://docs.as-php.com/developer-guide.html) while you are developing some new features and, if you have problems with ajax requests and CSRF, make that CSRF is being sent properly.

Regards,

Milos

webheinie

webheinie Purchased

Hello, i just bought your script. I Can query install page, on second step it only shows 500 requirements ok. But i can not see any text. On third step it is not installing the database, i can also not see the db failure only a red container. Can you help? Thanks.

Hey,

Does you server meet the requirements in terms of PHP version? If it does, can you please provide the URL to where you have uploaded your script so I can take a look and see what can be a problem?

Regards,

Milos

why cant i use datepicker in a form?

Hey,

Well it probably has nothing to do with AS script. Just make sure that you include your datepicker plugin after jQuery is included and everything should work.

Regards,

Milos

Hi there,

I’m encountering issues on the demo, logging in with Twitter. After authorizing the app on Twitter, I get redirected to the demo and immediately get this error:

Wrong social auth token!

Hey,

Thanks for letting me know. Will check it ASAP.

What about other social auth providers (Facebook and Google+), do you have the same issues with them?

Regards,

Milos

lenamtl

lenamtl Purchased

If I want to save and load the user language preference to DB what would be the best way to do it?

Also before the login we don’t know the user preference, so he need to select a language or use the cookies to show the form in proper language, so is there any good reason to save the value to BD?

Hey,

Well you will add new column into as_users table where you will save the language, and then fetch it on every request and set the interface language by calling ASLang::setLanguage() method.

However, as you said, if user is not logged in then you won’t be able to see which language he has selected, and you will have to rely on language cookie if it exist. If cookie does not exist, then you will have to display him default language.

Since this is the default behavior of the AS script (it will set the cookie whenever user change the language), I don’t see any good reason on modifying it and storing the language inside the DB.

Regards,

Milos

Freakj

Freakj Purchased

Hey, Thanks for developing this script.

I have a question regarding the csrf protection. When i do an ajax call to a custom script, the csfr token is applied in the GET query – eg. xxx.php?_as_csrf_token=9f072a7d9c82c5aea9e7e53dce8d253f3eb5eb67&q=MYQUERY

I didnt see any entry in the database in relevance of this token. Can this token be used to secure ajax responses from the same host, ord do you prefer to make use of an custom nonce function?

Best, Jeffrey

Hey Jeffrey,

CSRF token is automatically set on each AJAX request you make to the server. It is not stored inside the db and it is generated per user session, which means that if you log out and log in again your CSRF token will be different.

It’s not the same as API tokens that you would use to secure your API, if that is what you are asking. You can learn more about CSRF protection here: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet

Regards,

Milos

Hi, this is urgent for me. I have purchased again another license of the login system, and I followed all the instructions and when I finished the installation the program said everything was ok. But the tables in the database were not created so I cannot login nor register… What can I do?

Please help me

Thanks in advance!

I installed again with full granted privileges for my database user and it installed the tables correctly but, now I cannot login nor register, what can it be?

Same as phungoctran, I just figured it out

Thank you anyway

Hi, I need help,

I have an SSL certificate, my website runs under HTTPS protocol, how can I work with that? right now, only some https pages work, others don’t, and if I write http instead of https it works,

Any ideas?

What happens if I re-install everything and do all the process from scratch? can I do that? I believe I messed it all up

Ok, I re-installed everything and configured it and I get this error when I try to login:

ReferenceError: CryptoJS is not defined[Saber más] login.js:46:5 login.loginUser https://www.mydomain.com/ASLibrary/js/login.js:46:5 <anónimo> https://www.mydomain.com/ASLibrary/js/login.js:26:13 dispatch https://www.mydomain.com/assets/js/jquery.min.js:3:8497 add/r.handle https://www.mydomain.com/assets/js/jquery.min.js:3:5235

Hey,

CryptoJS is defined inside js file called assets/js/sha512.js, which is included at the bottom of the login.php page.

Now, the only possible reasons why it doesn’t work for you are:

1) It is not being loaded since your server configuration (or files/folders permissions) does not allow that file to be loaded. You can easily see that inside the browser’s console when you access the login page.

2) You have removed the script code from the bottom of login.php page.

So, make sure that all javascript files are loaded properly and that you haven’t removed any code from original AS script.

Regards,

Milos

by
by
by
by
by
by