Login script

Issues related to the Login tools of WYSIWYG Web Builder.
Forum rules
PLEASE READ THE FORUM RULES BEFORE YOU POST:
viewtopic.php?f=12&t=1901

MUST READ:
http://www.wysiwygwebbuilder.com/login_basics.html
http://www.wysiwygwebbuilder.com/login_tools.html

TIP:
A lot of information about the login tools can be found in the help/manual.
Also checkout the demo template that is include with the software.
trenoweth
 
 
Posts: 63
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: Login script

Post by trenoweth » Fri Apr 20, 2018 2:55 am

I did respond yesterday but for some reason it isn't showing.

Right, I have now gone back to exactly where this whole thing started.

I have used Signup to create a completely new file, exactly as saved out by the program. No extras.

When using it the following messages are sent:

1. When the page with the script loads an email is sent with just 'Values submitted from web site form:' in the body of the message, no data. This will happen for every time the page is loaded or refreshed despite no data being entered

After entering data and clicking on 'Create User':

2. A message is sent to the applicant with:
A new member has signed-up.
Username: xxx
Password: zzz

3. The same message is sent to me:
A new member has signed-up.
Username: xxx
Password: zzz

4. A fourth message is sent to me with the applicant's email as the 'from address' containing all the data:
Values submitted from web site form:
form_name : signupform
fullname : nnnn
username : xxx
password : zzz
confirmpassword : zzz
email : eee
captcha : RA54X
signup : Create User

It is 1. above that I am trying to get rid of. It is obviously nothing to do with any additional script (that was added a couple of years ago from a suggestion by you or on your site, I don't recall which now) as there is no additional script. This is purely and simply the output from my project 'New user sign-up Apr18.wbs' uploaded to "www.sirnigelgresley.org.uk/New_user_sign-up_Apr_8.wbs" and the output of which may be viewed at: "https://www.sirnigelgresley.org.uk/Memb ... ign-up.php"

and as below:

<?php
$mailto = "xxxxxxx";
$subject = "A Members only area sign-up";
$message = "Values submitted from web site form:";
$header = "From: ".$_POST['email'];
foreach ($_POST as $key => $value)
{
if (!is_array($value))
{
$message .= "\n".$key." : ".$value;
}
else
{
foreach ($_POST[$key] as $itemvalue)
{
$message .= "\n".$key." : ".$itemvalue;
}
}
}
mail($mailto, $subject, stripslashes($message), $header);
?><?php
if (session_id() == "")
{
session_start();
}
$database = 'usersdb.php';
$success_page = './User_sign-up.php';
$error_message = "";
if (!file_exists($database))
{
die('User database not found!');
exit;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['form_name']) && $_POST['form_name'] == 'signupform')
{
$newusername = $_POST['username'];
$newemail = $_POST['email'];
$newpassword = $_POST['password'];
$confirmpassword = $_POST['confirmpassword'];
$newfullname = $_POST['fullname'];
$code = 'NA';
if ($newpassword != $confirmpassword)
{
$error_message = 'Password and Confirm Password are not the same!';
}
else
if (!preg_match("/^[A-Za-z0-9_!@$]{1,50}$/", $newusername))
{
$error_message = 'Username is not valid, please check and try again!';
}
else
if (!preg_match("/^[A-Za-z0-9_!@$]{1,50}$/", $newpassword))
{
$error_message = 'Password is not valid, please check and try again!';
}
else
if (!preg_match("/^[A-Za-z0-9_!@$.' &]{1,50}$/", $newfullname))
{
$error_message = 'Fullname is not valid, please check and try again!';
}
else
if (!preg_match("/^.+@.+\..+$/", $newemail))
{
$error_message = 'Email is not a valid email address. Please check and try again.';
}
else
if (isset($_POST['captcha'],$_SESSION['random_txt']) && md5($_POST['captcha']) == $_SESSION['random_txt'])
{
unset($_POST['captcha'],$_SESSION['random_txt']);
}
else
{
$error_message = 'The entered code was wrong.';
}
$items = file($database, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
foreach($items as $line)
{
list($username, $password, $email, $fullname) = explode('|', trim($line));
if ($newusername == $username)
{
$error_message = 'Username already used. Please select another username.';
break;
}
}
if (empty($error_message))
{
$file = fopen($database, 'a');
fwrite($file, $newusername);
fwrite($file, '|');
fwrite($file, md5($newpassword));
fwrite($file, '|');
fwrite($file, $newemail);
fwrite($file, '|');
fwrite($file, $newfullname);
fwrite($file, '|0|');
fwrite($file, $code);
fwrite($file, "\r\n");
fclose($file);
$subject = 'New Members only area sign-up';
$message = 'A new member has signed-up.';
$message .= "\r\nUsername: ";
$message .= $newusername;
$message .= "\r\nPassword: ";
$message .= $newpassword;
$message .= "\r\n";
$header = "From: xxxxxxx"."\r\n";
$header .= "Reply-To: xxxxxxx"."\r\n";
$header .= "MIME-Version: 1.0"."\r\n";
$header .= "Content-Type: text/plain; charset=utf-8"."\r\n";
$header .= "Content-Transfer-Encoding: 8bit"."\r\n";
$header .= "X-Mailer: PHP v".phpversion();
mail($newemail, $subject, $message, $header);
mail('xxxxxxx', $subject, $message, $header);
header('Location: '.$success_page);
exit;
}
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>User sign-up</title>
<meta name="generator" content="WYSIWYG Web Builder 12 - http://www.wysiwygwebbuilder.com">
<link href="New_user_sign-up.css" rel="stylesheet">
<link href="User_sign-up.css" rel="stylesheet">
</head>
<body>

<div id="wb_Signup1" style="position:absolute;left:316px;top:37px;width:292px;height:494px;z-index:1;">
<form name="signupform" method="post" accept-charset="UTF-8" action="<?php echo basename(__FILE__); ?>" id="signupform">
<input type="hidden" name="form_name" value="signupform">
<table id="Signup1">
<tr>
<td class="header">Sign up for a new account</td>
</tr>
<tr>
<td class="label"><label for="fullname">Full Name</label></td>
</tr>
<tr>
<td class="row"><input class="input" name="fullname" type="text" id="fullname"></td>
</tr>
<tr>
<td class="label"><label for="username">Membership Number</label></td>
</tr>
<tr>
<td class="row"><input class="input" name="username" type="text" id="username"></td>
</tr>
<tr>
<td class="label"><label for="password">Password</label></td>
</tr>
<tr>
<td class="row"><input class="input" name="password" type="password" id="password"></td>
</tr>
<tr>
<td class="label"><label for="confirmpassword">Confirm Password</label></td>
</tr>
<tr>
<td class="row"><input class="input" name="confirmpassword" type="password" id="confirmpassword"></td>
</tr>
<tr>
<td class="label"><label for="email">E-mail</label></td>
</tr>
<tr>
<td class="row"><input class="input" name="email" type="text" id="email"></td>
</tr>
<tr>
<td style="text-align:left;height:34px"><img src="signup1_captcha.php" alt="" style="border-width:0;width:100px;height:34px;"></td>
</tr>
<tr>
<td class="label"><label for="captcha">Verification</label></td>
</tr>
<tr>
<td class="row"><input class="input" name="captcha" type="text" id="captcha"></td>
</tr>
<tr>
<td><?php echo $error_message; ?></td>
</tr>
<tr>
<td style="text-align:center;vertical-align:bottom"><input class="button" type="submit" name="signup" value="Create User" id="signup"></td>
</tr>
</table>
</form>
</div>
</body>
</html>

User avatar
Pablo
 
Posts: 12587
Joined: Tue Mar 28, 2006 12:00 pm
Location: Europe
Contact:

Re: Login script

Post by Pablo » Fri Apr 20, 2018 6:10 am

I am 100% sure the manually added script is still somewhere on the page. This code is not added by the software.
Maybe you have added the code in Site HTML or the master page, so it will be added to all pages?

Once again I would like to note that if you share your project then I can help you more efficiently, then I can tell you exactly what to do.

User avatar
BaconFries
 
 
Posts: 3885
Joined: Thu Aug 16, 2007 7:32 pm

Re: Login script

Post by BaconFries » Fri Apr 20, 2018 7:38 am

Just as Pablo please provide a copy of the .wbs (project file) file. The reason for this is so it can be opened in the software and viewed for any stray PHP that you may have added previously. When viewing the source by the url doesn't really help as it only shows the HTML, CSS, and any scripts like jQuery or javascript as the PHP gets hidden by the server and only can be seen if you have the .wbs or if you were to open the page on the server through your Cpanel or viewing the page HTML after you publish locally on your PC.

It may also be that there is still old files on the server I only mention this because if I remember correctly you had saved the PHP as a external file named feedback.php if this is still on the server then it will still run. Please check and remove all old files and try again.

trenoweth
 
 
Posts: 63
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: Login script

Post by trenoweth » Fri Apr 20, 2018 8:30 am

This is all getting so confusing!
I am 100% sure the manually added script is still somewhere on the page
Well, if it is I don't know where it came from. If I could I'd attach the file, or email it, but I can't so I have been giving you the URL for it.

I have just gone back to square one yet again and, just in case there was a problem with my browser cache 'remembering' the old file, even though I'd cleared the cache, I have uploaded it to a completely different server. It is from the same project though without the Captcha to make testing a bit quicker.

Now I have the two messages arriving, one to myself and one to the applicant, with the text:

A new member has signed-up.
Username: xxxxx
Password: yyyyy

No message with the full details that were added. This data only arrived from the files with the "offending text" at the top.

Once again I would like to note that if you share your project then I can help you more efficiently, then I can tell you exactly what to do.
You have said this several times and every time I have given you the link where you may find it. This latest file is at:
http://www.trenoweth.co.uk/Sign_up_test ... _Apr_8.wbs

How else can I share it with you? There's no facility to attach files to postings.

User avatar
Pablo
 
Posts: 12587
Joined: Tue Mar 28, 2006 12:00 pm
Location: Europe
Contact:

Re: Login script

Post by Pablo » Fri Apr 20, 2018 9:02 am

Now I have the two messages arriving, one to myself and one to the applicant, with the text:

A new member has signed-up.
Username: xxxxx
Password: yyyyy
Correct! This is how is is suppose to work.
No message with the full details that were added.
Correct, no other data will be sent. if you need different behavior then you will need to modify the script yourself (see my previous reply).
The reason why you get all submitted data when you add the form script from the tutorial is because this script simply takes all input and emails it. However, the script was designed to be used on another page. If you add it tot the same page as the form then it will not check whether the form was actually submitted.

In other words:
- the login script only sends the username and password, no other values. That is how it was designed to work.
- the script from the tutorial cannot be used for the login script, because it was designed to be used on a separate page (also known as the 'action' page).

Unfortunately, the provided link in this reply is not valid.
Please send the file to support@pablosoftwaresolutions.com
Or upload the file to your website or another public server and share the (valid) link.

trenoweth
 
 
Posts: 63
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: Login script

Post by trenoweth » Sat Apr 21, 2018 7:21 am

Thanks for your comments as well BaconFries (I just love that!) but......
Just as Pablo please provide a copy of the .wbs (project file) file.
I have done this several times. I've provided a link to the .wbs file. How else can this be done? I can't add it, or copy and paste it, to here. It is at: http://www.trenoweth.co.uk/Sign_up_test ... 0Apr18.wbs
It may also be that there is still old files on the server I only mention this because if I remember correctly you had saved the PHP as a external file named feedback.php if this is still on the server then it will still run. Please check and remove all old files and try again.
I cleared out all the old files from the server before I uploaded any new ones.

I just went back to square one yet again and, having ensured all the previous files were deleted, uploaded again.

Once again there were four messages generated, one to the person signing up quoting user name and password, the same to me with user name and password, a full one to me with all the data entered and the usual blank one that started off this thread in the first place.

On checking the page User_sign-up.php I saw the "offending" text was at the top of the file, saved to my hard drive using Publish. I didn't add it, it was generated by Login/Signup in the Toolbox. I then uploaded the files by FTP.

When I then strip out the offending text all I receive is the one email with user name and password, also sent to the person registering. Nothing else, no mail with the full data, nor the blank message. All I want is for these two messages to be sent PLUS the one with all the input data.


I think I've come to the end of the road with this. I've put up with these blank messages for more than two years now and will just have to continue to do so.

I may not have much knowledge of PHP but I am well versed in HTML so will see if I can find some way round the problem myself, if not then as I said, I'll just have to put up with it. The rest of the login scripts all run perfectly and I am very impressed with the program, so I'll not be looking around for another. Especially as less than a month ago I paid for the upgrade to v12! ;-)

User avatar
Pablo
 
Posts: 12587
Joined: Tue Mar 28, 2006 12:00 pm
Location: Europe
Contact:

Re: Login script

Post by Pablo » Sat Apr 21, 2018 10:07 am

Thanks for sharing the project.

The code is definitely on the page:
- right click the page
- select: Page HTML -> Start of Page
- this is where you have added the code. This is not correct. It should be removed.
This script was designed to be used on another page as action for a standard form. It should not be used in combination with a login sign up form like this.
Once again there were four messages generated, one to the person signing up quoting user name and password, the same to me with user name and password, a full one to me with all the data entered and the usual blank one that started off this thread in the first place.
Correct, that is because you have added the script to the page.
I didn't add it, it was generated by Login/Signup in the Toolbox.
I'm sorry, but the login tools do not add this script. You have added this yourself via Page HTML.
The code even has your own email address! There is no way for the software to know this!
When I then strip out the offending text all I receive is the one email with user name and password, also sent to the person registering.
Correct! This is how it is suppose to work!
Nothing else, no mail with the full data, nor the blank message.
Correct!
All I want is for these two messages to be sent PLUS the one with all the input data.
Then you will have to modify the script yourself. The built-in script was NOT designed to sent all info, it only sends username/password.
Nothing is wrong here, this is is how it is suppose to work.
There is no mistake in the code. it works as designed.

So, here is what you can do:
- remove the script via Page HTML, then you will have the normal behavior. No, empty messages will be sent.
or
- modify the script so if does not get triggered when you load the page.
For example by adding:

Code: Select all

<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
   $mailto = "youremailaddress";
   $subject = "A Members only area sign-up";
   $message = "Values submitted from web site form:";
   $header = "From: ".$_POST['email'];
   foreach ($_POST as $key => $value)
   {
      if (!is_array($value))
      {
         $message .= "\n".$key." : ".$value;
      }
      else
      {
         foreach ($_POST[$key] as $itemvalue)
         {
           $message .= "\n".$key." : ".$itemvalue;
         }
     }
  }
   mail($mailto, $subject, stripslashes($message), $header);
}
?>
However, it would be better if you modify the signup script to sent all data from one place.
- Right click the signup form
- select 'convert to form'
Now can modify the script to suit your needs.
Of course, this will require some PHP knowledge. This is not something I can teach you.

trenoweth
 
 
Posts: 63
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: Login script

Post by trenoweth » Sun Apr 22, 2018 12:05 am

Hello Pablo,

Well, this seems to be the solution, thank you. I've now recalled that the problem I contacted you for a couple of years ago was to do with the Captcha, not the blank email, which IIRC was produced using v10, though I now have v12.

I know you don't believe me but the file with the offending script was generated, somehow or other, when I used the Publish command. Where it was picking it up from is anyone's guess. As BaconFries wrote, maybe from the previous file that had been created using the Feedback form?

However, this Feedback form was created last week whilst the problem I've been having goes back more than two years. Additionally, and what triggered the present thread, a couple of weeks ago I was setting up a new login script for a completely different site and the file that was generated for that had the other script at the beginning, just as the two-year old one has.

This was a totally separate operation using a quite different directory and uploaded to a completely different server, yet had the same problem.

Anyway, all is well now, which is what matters, so thank you.

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests