Jump to content

dlc3172

Members
  • Posts

    13
  • Joined

  • Last visited

dlc3172's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. Thank you Jessica. I am assuming php.ini is a file that lives somewhere in my account on my host's server?
  2. I thought Yahoo was saying that I needed to add "usr/sbin/sendmail" to my php code. No??
  3. Hey guys, I decided to purchase a login/registration script, because it lets me redirect users to whatever specific page I want. I confirmed with the author that it's compliant with the latest security standards (encryption, salting, etc.). In the meantime, even with this new script I'm having trouble sending email with php (you may remember that this was my original reason for posting! ). I posted a new thread in this forum, if you're interested in checking it out.
  4. Hi All - I'm not a programmer whatsoever. Just trying to implement a login/registration system into my web site. I've purchased a script that does what I need. However, after installing the script, I'm finding that it refuses to send email like it should (i.e., send confirmation email to new users; send forgotten password email, etc.). My hosting service is Yahoo. Yahoo's help section says this about sending email with PHP: "You will also need to indicate the path to the Yahoo! mail program, Sendmail. The path to Sendmail is /usr/sbin/sendmail." I honestly have no idea where or how I'm supposed to put this into the code. I'm hoping someone can help me. I've attached two files, one is the sign-up.php file. The other is called signup.class.php, and I think this is where the mail gets sent from. But I'm not positive. Can anyone help? Much appreciated!!! sign_up.php signup.class.php
  5. Thanks, Christian and SocialCloud. I'll check out both these scripts. I appreciated your help!!!!
  6. Here's the forum and thread if you want to reply to him: http://www.webhostingtalk.com/showthread.php?t=1076907
  7. I don't think he's going to post here, but here's what he told me: The script hashes all logins via am md5 function, granted MD5 hashes can be reverse engineered, but this would require direct access to the database (and if that happens, you have bigger problems to worry about). As I said above, the script is meant as a foundation to build your site on top of. It is very easy for a user with minimal knowledge of PHP to add some sort of salt to the script to make the passwords even more secure). Even with salted values, if someone gains access to your datacbase, you still have problems
  8. Hey guys - I found one of the original developers on another forum. I'm going to ask him to reply on this forum. Interested in hearing your thoughts about what he has to say about security of the script.
  9. ok - in the meantime, I'm going to keep looking around for a login/redirect script that is secure. I think I may have found one that might work for me (lets the admin assign user groups for redirection purposes, and maybe I can give each user their own unique usergroup). I'll see if I can install it and try it out, and I'll let you know how it goes.
  10. Thanks SocialCloud, I would appreciate that. As long as it will also redirect the user to their own html page that I can modify manually. That's the critical part of the script that I need. I know there are lots of php login scripts available, but the insecure one has been the only one I've found that will let the admin put in a unique redirect for each user. Christian, I need a ready-to-use script with an installer (or at least easy installation instructions). I'm not a programmer and don't have the knowledge to modify a script. Thanks guys!!!
  11. ok, you've convinced me. I won't use this script, which I guess makes my original question moot now. But, seriously, why does't the original programmer take the script down if it's dangerous? People with no programming knowledge like me would have no clue that it's not secure. All that being said, can anyone recommend a SECURE php/mysql script that will register/login a user and also redirect them to whatever page I want upon login?
  12. Thanks for the feedback, but I think we're getting a little off topic here. First, as I noted in my post, I'm not a programmer. I won't be able to write my own script. Second, I'm not too concerned with how secure the script is because I'm not storing any personal information in the user accounts. Third, as for finding another script that IS secure, I specifically need a user login script that redirects the user to their own account page; that's why I decided to use this particular script. In response to SocialCloud: Yes, I have the emailpass.html and emailpass.php files installed. Everything looks like it should be working, but emails never get delivered. I included the emailpass.php code because that's the file that send the email. I was hoping somebody might notice something that looked wrong and could be preventing the email from being delivered.
  13. Hello - First off, I just want to note that I'm not a programmer whatsoever. Also, I'm hoping I posted this question in the right place. I found a pretty nice PHP script that I've installed. It lets users register for accounts, and then when they login, it redirects them to whatever page I've indicated for their account via an admin system. The script can be found here: http://www.mpdolan.com/#downloads - but I think this is a defunct site. Nobody has responded to my emails there. Anyway, I've been able to set everything up and it all works very nicely, but now I'm having a problem. There is a "forgot your password" function, but I can't get it to send the email to the users who request their login. Would anyone mind looking at the following code? This seems to be the file, emailpass.php, that sends the email. Do you see anything that may be causing the email not to be sent? I'm hoping someone can help me. I've spent some time installing the script and getting it to work the way I want, but I can't really use this on my site if there's no way for users to request their passwords. THANKS!!! Here's the emailpass.php file: <? //prevents caching header("Expires: Sat, 01 Jan 2000 00:00:00 GMT"); header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); header("Cache-Control: post-check=0, pre-check=0",false); session_cache_limiter(); session_start(); //require the config file require ("config.php"); //make the connection to the database $connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error()); $db = @mysql_select_db($db_name,$connection)or die(mysql_error()); //build and issue the query $sql ="SELECT * FROM $table_name WHERE email = '$_POST[email]'"; $result = @mysql_query($sql,$connection) or die(mysql_error()); //get the number of rows in the result set $num = mysql_num_rows($result); //If match was found, get username and email from database if ($num != 0) { while ($sql = mysql_fetch_object($result)) { $email = $sql -> email; $uname = $sql -> username; } //Update database with new password $newpass = rand(10000000,99999999); $chng = "UPDATE $table_name SET password = password('$newpass'), pchange = '1' WHERE email = '$email'"; $result2 = @mysql_query($chng,$connection) or die(mysql_error()); //create message to user $msg = "<p>Your username & temporary password has been emailed to you.</p>"; $msg .= "<p>You must change this password immediately after your next login.</p>"; $msg .= "<p></p>"; $msg .= "<p><a href=\"login.html\">Login</a></p>"; //create mail message $mailheaders = "From: www$domain\n"; $mailheaders .= "Your username is $uname.\n"; $mailheaders .= "Your password is $newpass.\n"; $mailheaders .= "http://url.com/login.html"; } else { //If no email was found in the database send a notification to the admin $email = $adminemail; $msg = "<p>Your email address could not be located</p>"; $msg .="<p>The Website Administrator has been emailed, you should contacted by them shortly.</p>"; $mailheaders = "From: www$domain\n"; $mailheaders .= "A user with the email address of $_POST[email] has requested a username and password reminder.\n"; $mailheaders .= "$_POST[email] could not be located in the database.\n"; } //Email the request $to = "$email"; $subject = "Your Username & Password for www$domain"; mail($to, $subject, $mailheaders, "From: No Reply <$adminemail>\n"); ?> <HTML> <HEAD> <TITLE>Username and Password Request</TITLE> </HEAD> <BODY> <? echo "$msg"; ?> </BODY> </HTML>
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.