loshMiS

loshMiS supports this item

Supported

This author's response time can be up to 1 business day.

856 comments found.

Hey There!

I am having difficulty getting Facebook login working (one of the reasons why I bought this). Social uri is set and so are the keys and app id. But whenever I click the facebook button I get:

Authentication failed! Facebook returned an invalid user id. I’ve been doing some research and I think it might be due to the app using an old version of hybrid auth. I would update, except it wouldn’t work on my php 5.3 server as the new hybrid auth uses newer syntax.

Purchase: 7f22cd39-99a2-4fe8-828f-20caff356524

unfortunately I cannot update my webserver as my hosting provider hasn’t done that yet. the product was advertised with social login (which I need) and compatibility with php 5.3. if I can’t use the product I would like a refund so that I can find one that will fit my needs. kind regards, alex

Hey Alex,

Of course, you can request the refund here and I’ll be glad to approve it: https://codecanyon.net/refund_requests/new

Just a friendly advice, you should definitely consider changing the hosting provider since PHP 5.3 is getting really old and it is not supported and maintained for a while now.

Regards,

Milos

I know I know haha (I mean php 7 is out). I’ve been on their a** for a while about it. But I’ve got another year in my contract so nothing much I can do. I did like your script otherwise ;)

Hello, I bought AS today, I have some questions, my website will use an api (it’s a simple .php file) and I’m wondering where should I include that .php file? knowing that I’ll need to use functions from that api almost everywhere in my website even inside the register() function in asregister.php

Hey,

Well I’m not sure how your .php file looks like, but if you want the functions you have inside of it to be accessible inside all AS classes, just include it at the top of AS.php file.

Regards,

Milos

Hello,

This is the API I want to use https://github.com/BlockIo/block_io-php/blob/master/lib/block_io.php , basically what I want to do is that when a user register it’ll generate a new bitcoin address that will be associated with his account, I already have a “bitcoin_address” column in my as_users table, I did as you said I included the block_io.php in the top of AS.php and I did this edit in the register function in asregister.php :

$block_io = new BlockIo(APIKEY, PIN, VERSION);
$this->db->insert('as_users', array(
         "email"     => $user['email'],
         "username"  => strip_tags($user['username']),
         "password"  => $this->hashPassword($user['password']),
         "bitcoin_address" => $block_io->get_new_address(array('label' => 'test1')),
         "confirmed" => $confirmed,
         "confirmation_key" => $key,
         "register_date" => date("Y-m-d")
     ));

But when I try to register I’m getting an “undefined” error in the login page and the user is not added in the database, I don’t understand what did I do wrong, I’ll be very grateful if you could help me solve this issue.

Thanks.

Hey,

Well you should enable debug mode as it is explained inside the docs http://docs.as-php.com/developer-guide.html and fix the errors you are getting. It is related to BlockIo and how you integrated it into the app, so I cannot really help much in such situation. I believe that when you enable debug mode and see the actual errors you are getting it will help you to easily solve the problem.

Regards,

Milos

nofko

nofko Purchased

Hello,

I just bought the regular license and need to make an app based on AS. Since I do all my development on a cloud (c9), I just want to check is it okay to have just one license because what I develop on the cloud is accessible only to me, and after I’m done I’ll install it again on a server for the site and transfer the rest.

Thanks

Hey,

Yeah, if source code is accessible only to you then that’s fine. :)

Regards,

Milos

rsaraga

rsaraga Purchased

8fd530ea-dd41-4ee0-bd70-7457d19ba991 – 19 Apr 2017 REGULAR LICENSE

cnltzn

cnltzn Purchased

hi Iosh, I’m an happy user of your beautiful script, I have one question for you…. I need an exclusive access with an url script, indipendent from the users password. How can I make this work with AS security? I was thinking to pass with the url a long custom string that identify the user and make him to login. Naturally the URL will be stored inside an application and it will never be visible to the user or shared with others.

Regards Tiziano

PS: Let me know only if you think that you can help me, if you can I will immediately renew the support for the script!!!

thanks

Hey,

Well that’s not ideal solution because if that string never changes, it will be easy for someone to access the url if he figure out (or somehow see) the string. If you want to make it like that, then you probably should regenerate the string every time when someone use it. But again, keep in mind that it is not the best solution from security standpoint and that it’s better to ask users to log in with their username and password.

Regards,

Milos

cnltzn

cnltzn Purchased

thank you for your reply! In your opinion can I make the cookie never expire if I logon from another page? (not the domain.com/login.php page, but domain.com/login2.php)

Hey,

Well having never expire cookies is not the best idea from security standpoint, but it is one of possible solutions.

Btw, as you know, your support has expired so please extend the support if you have any questions.

Regards,

Milos

I can’t find in the documentation how to actually add the script to an existing php document, forcing the user to login to see the page. How do I accomplish this?

Also, how can I disable account creation from the login page?

Hey,

Ah, I’m sorry, I’ve just noticed that I somehow forgot to add that inside the documentation. So, to protect some website page, you just add the following PHP code at the very top of your PHP file for that page:

<?php

include 'ASEngine/AS.php';

if (! app('login')->isLoggedIn()) {
    redirect("login.php");
}

This code will prevent users that are not logged in to access the protected page and automatically redirect them to the login.php page if they are not logged in.

About disabling the registration, you will have to manually remove the HTML from that login page (login.php file) and then to remove the “registerUser” case from ASEngine/ASAjax.php file.

Regards,

Milos

caper58

caper58 Purchased

Hi Milos, I need a login script that will allow levels, for example…. any user with level 5 or high can access this page and I need to sometimes check the level within the page. Thanks for your response

Hey,

Well you can use AS to accomplish that. In as you can create 5 different roles (you can name them however you want) and then do exactly what you have described above by checking the role for currently authenticated user.

Regards,

Milos

Tombs

Tombs Purchased

The image file for the swedish flag has incorrect permissions, and therefore does not display correct. A simple chmod to add read permission resolves the issue.

Tombs

Tombs Purchased

I have a question regarding redirection. I saw this post https://codecanyon.net/item/advanced-security-php-registerlogin-system/5282621/comments?page=17&filter=all#comment_9628003, which talks about redirect to previos requested page after login, but post is over 2yrs old. Could you please describe the code needed to achieve this. Many thanks.

Hey,

The code looks almost the same as it is described on that post. So:

1. On top of login.php file, right after you require AS.php file and check if user is logged in, you can add this code


$redirectPage = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : get_redirect_page();
ASSession::set('prev_page', $redirectPage);

2. Inside ASLogin.php file, at the bottom of userLogin method, you will modify the redirect to look like following:


 respond(array(
    'status' => 'success',
    'page' => ASSession::get('prev_page')
));

And that’s all you need to do to redirect users to previous page after login. :)

Regards,

Milos

caper58

caper58 Purchased

 

caper58

caper58 Purchased

I purchased a different login script here on codecanyon a week ago from webfulcreations and after spending hours trying to make it work… it was a joke (even though the author made it sound great) so I was a little hesitant in trying this one out….. but what a great product. This guy has covered all of the bases, very well written, extremely organized, I was able to modify for my use quickly and the script has protection from every attack scenario I could think of…. what a fantastic script, I just wish I could write php code this well. GREAT JOB and thank you!!

Hey,

Thank you very much for your kind words! :) Don’t forget to rate the script too if you like it.

Thanks again,

Milos

Millefh

Millefh Purchased

I love the system so far. I am having a problem though. I am trying to send a form through AJAX. I have
<input type="hidden" id="token" name="<?= ASCsrf::getTokenName() ?>" value="<?= ASCsrf::getToken() ?>">

As some of my code is not working with assets/js/jquery.min.js I cant get it validated by it self. I have changed ASCsrf.php to

private static function isValidRequest()
    {
         if (self::isAjaxRequest() && self::isValidReferer()) {
            return true;
        }
        else {
            return self::isValidReferer();
        }
    }

My AJAX looks like this

    $('button').click( function() {
        var data = table.$('input, select').serialize();
        var token = $("#token").serialize();

         $.ajax({
        data:  token + data.substr( 0, 120 ),
        url: 'neworder.php',
        method: 'POST',
        success:function(response){
        console.log(response);
        console.log(data);
        } 
        });
        return false;
    } );

Yet I get “Invalid CSRF token.”

Hey,

Hmm lets see what can be a problem. :) Since AS is using ajax for communicating with backend scripts, there is no need to explicitly append the token to your request data as long as <script type="text/javascript" src="ASLibrary/js/js-bootstrap.php"></script> is included after jquery on the page you are working on.

However, your code from above should work too. If you can please send me the URL to your script so I can see what’s the issue and if the token is being sent to the server properly at all.

Regards,

Milos

Is it possible to write an “INSERT…ON DUPLICATE KEY UPDATE…” query using the db abstraction layer you provide on the script? If the answer is yes, how it would be?

The documentation does not come with much information about it.

Thanks!

Hey,

ASDatabase class extends PDO class, which means that you can do anything with it that you can do with PDO. Here you can learn more about PDO: http://php.net/manual/en/book.pdo.php

Btw, your support for this item has expired, so please extend it if you have any similar questions.

Regards,

Milos

Alexr03

Alexr03 Purchased

Hello,

I seem to be having an issue with my redirection after login, I am trying to make it return to the previous page where it got sent to login from, here is my php files; – ASConfig.php—https://gyazo.com/e9ff70c07823ea585c97650b4d792e5b – ASLogin.php—https://gyazo.com/875e26e2b6da272d0f7fbba207ad6dba – Login.php—https://gyazo.com/6dcda209b5bbb60d48c83cd438cdf90a

It always seems to redirect back to index.php

Hey,

Your code looks ok. Can you send me the URL to your script installation so I can try and see how it works?

Regards,

Milos

Alexr03

Alexr03 Purchased

Hi, I managed to fix it.

Suggestion Will it be possible to have a social login to sign in with steam?

Hey,

I’m glad you fixed it.

You can easily add any authentication providers to Vanguard, including Steam. Check the docs for more info: https://docs.vanguardapp.io/adding-social-auth-provider.html

Regards,

Milos

hi, I tried to do this

ASAjax.php?action=updatePassword&oldpass=hihihi&newpass=1000hihihihi

on the browser to see what ajax is returning, but I am getting

Notice: Undefined index: action in C:\xampp\htdocs\public\ASEngine\ASAjax.php on line 5

and I also tried adding alert(result) into profile.updatePassword = function() {} to see what it is returning but it doesnt alert anything?

just wondering why is that?

Hey,

That’s because you cannot send parameters like that. You have to use HTTP POST request instead of appending parameters to the url and executing GET request.

Regards,

Milos

hi, just want to ask, is the language always defaulted to English after you login? or is there a setting it can be set to a static language for different user in the db?

Hey,

The default language can be defined globally inside ASEngine/ASConfig.php file. If user changes his language when he access the app, a cookie will be added to users’ browser so the app can know which language user prefers. But there is no such thing as defining default language for user in database.

Regards,

Milos

by
by
by
by
by
by