ajay138

ajay138 supports this item

Supported

This author's response time can be up to 2 business days.

99 comments found.

Hi, I’d like to ask if this one includes a documentation wherein there are a few pointers on how to integrate this with other PHP applications?

It only has simple documentation of installation

I like your module, can I request, I want use it for my reseller

When they login, is there live edit / something else, to put someting that I want in leftside bar, like “Stock”, File Download,

1. I want my reseller can know how many stock realtime according database web mangprangstore.com, just list code item & quantity.

2. I want to put file download like image / something else

If you can help me, how much i must to pay beside $13 from codecanyon

Thanks

Could you please email me

Hi i love your product but i need you to add some few this for me. The ability to add more Register/profile filed. The ability for the admin to send a private message to a selected user. and for a user to send back a message to admin. Next for a user to click “Message received confirmed button” that will send a green or red notification back to the admin. Also the ability for the admin to send time count to click that above button and send back to the admin notification by just a click of a button. can you added it please.

Hi i love your product but i need you to add some few this for me. The ability to add more Register/profile filed. The ability for the admin to send a private message to a selected user. and for a user to send back a message to admin. Next for a user to click “Messge received confirmed button” that will send a green or red notification back to the admin. Also the ability for the admin to send time count to click that above button and send back to the admin notification by just a click of a button. can you added it please.

Thank you fabnoz.But for now, we are not planning for the above update. We may think this in the future

after login then redirect to a page? how the script add to a website. Thanks

Adding script is very simple. You can simply copy the files. You can add a 3 line of code to protect the page

i can not find an example, how to protect a page with user name and password. Thanks

add

Simply add the below lines to the php pages that you want to protect. Only logged in users can see the page. If the user is not logged he gets redirected to the index page. Please Be specific to the path currently it is index.php <?php // SESSION CHECK SET OR NOT if (!isset($_SESSION[‘name’])) { header(‘location:index.php’); } ?>

yegary

yegary Purchased

hi, just purchased the script, after installed, when try to login to admin, the screen keep redirecting back to the login page, it show “login successful, redirecting…” after click login, what is wrong with that, please help.

Please email me @ajay138@gmail.com

Please email me to ajay138@gmail.com

it would be great if you can add fields or personalise it, changing tables names and so on, I just want it only to have a list of all user, and in the backend to add user

Please check my Knap – advanced user management. It has custom fields feature. You add extra fields for the users.

ngicin

ngicin Purchased

i can able to login with same user id and password in multi system at a time. but i want to logout, if i login by another system/mobile. what changes do i made in this script.

Hi Contact via support for this.

Hi i have questions, can i import a db on the script? how can i import? is it possible that? i have a database on my computer and i want to import, is possible and how? csv? sql?

Sorry but import feature is not availble

Hello, is there any data validation (server side) against XSS, SQL Injections, etc, because I don’t see any?

The script is build using PDO. So PDO helps in preventing SQL Injection.

I don’t think that PDO is enough, you should at least sanitise user input var and also prevent session hiijacking, unless SSL is used

It prevents SQL injection but not XSS. Thanks. I will make changes and upload in next update

ferelmm

ferelmm Purchased

Im install the system and say: A server side error occurred. Please try again after sometime. The recaptcha is ok, and all others config too… i dont understen. Can you help me please? thanks!

Contact me via support

davmac

davmac Purchased

when will the XSS issue be fixed?

When admin edits a user, if password field is left blank then column “password” in “users” table shouldn’t be updated.

Yes, you are right. Sorry for the comment

Hello again, I just tested it with my installation as well as your demo installation too. If you edit a user without entering a password, then password becomes null. User can login with just his user name.

We will rectify it and fix it.

Correct me if I am wrong but in admin/users.php you check if Session exist via that code:

if (!isset($_SESSION[‘username’])) { header(‘location:index.php’); }

That gives any user with a username (so every user) full access to the admins dashboard when entering that url. Not good.

Contact me via support

Change this to if (!isset($_SESSION[‘name’])) { header(‘location:index.php’); }

Hello a query: it is possible to put a timeout when a user closes the session, to make a new login has to wait 1 hour

You can ask for the customisation. Inbox me via support page

is there any reason that user name doesn’t “understand” the diferrence between upper and lower case characters?

We can change if need. Contact me via support

You should update the script. It is a matter of security. By the way, I have reported to you a “huge” security bug more than a month ago and still no answer or update. When I report a problem here you suggest I contact you via support. When I contact you via support I get no response. Maybe “support” is an unknown word to you.

I am working on it and will be updated in 1-2 days

Security issue!!! As user “demoncleaner” reported a few posts above, any valid user can easily get admin access. I have reported that problem via support more than a month ago but still no answer or update. Till the problem is solved (if script’s author decides to provide support as he should provide), I came up with the solution of renaming the /admin directory.

Thank for contacting. The team just came back from vacation and it will be resolved in one or 2 days. Thank you

Change this to if (!isset($_SESSION[‘name’])) { header(‘location:index.php’); }

I am uploading the new content

I would like to buy it, I tried the demo. If you try to reset the password there is an error because doesn’t works. Also, is possible to give the access to the user who activate the e-mail? because I was able to register and enter without any e-mail. Thank you

Yes it is possible

This script and protected against?

BRUTE FORCE LOGIN , CROSS-SITE REQUEST FORGERY (CSRF), CROSS-SITE SCRIPTING (XSS), SQL INJECTION

I found one big BUG in section “changepassword” its possible change password for all users xD

by
by
by
by
by
by