PHP - authorization system

[Gosforth]

Slightly out the subject but can you recommend some ready to use scripts (some "framework') easy to implement in F3 (or just PHP) that does all this login creation, e-mail account confirmation, password reset... jobs?

Regards,

G.

[Uwe Wagner]

There ist https://www.userfrosting.com/ ,it is based on the slim framework, so i guess it is not possible to implement it in F3. 

U.W.

[v.]

Hi,

I have just shared a login script that is based on an application I created:https://github.com/fatfreelogin/Fat-Free-Login

You can let users create an account which they have to confirm by clicking on a link with hash, sent to their email.

Users can change password, request a new password.

There is a simple admin section that will let you see all users, deactivate them (they can reactivate themselves for the moment, that should still be handled) and change the password for a user.

There may be some obsolete code left in the files.

[Gosforth]

Thank you very much! I'll try

[Gosforth]

It does not work.

Whatever u do it display:

There has been a problem

It's not you, it's us. Something went terribly wrong and we should fix that.

Not possible to log in, no way to register user.

For some reson it just emulates that it has connection with DB. Being not logged in it saves session(!).

Connection to DB is OK (although F3 should verify connection to DB is OK before script starts - no such point currently in your index).

On Wednesday, March 27, 2019 at 4:04:35 PM UTC+1, v. wrote:

[v.]

What do the log files tell you?

[Gosforth]

"logs" directory was not present.

F3 could not write log to file and did display undefined error.

Good job!

I'd add such features:

- same e-mail address cannot be used twice

- Create User form caches 'username' if there is an error (like too short password or username already in use).

[PJH]

On Thursday, May 23, 2019 at 9:33:47 AM UTC+1, Gosforth wrote:

 

I'd add such features:-

same e-mail address cannot be used twice

Define 'same email address.'

For example (to pick GMail as the victim here,) all of these three go to the same inbox:

1) exa...@gmail.com

2) examp...@gmail.com

3) exa...@googlemail.com

Technically, 1+2 are (i.e. could be) different though (certainly, they can be for another provider - yahoo uses a hyphen for the tag separator), along with the following, which is likewise technically different from both of them:

4) ExA...@gmail.com

[Gosforth]

There is still one problem. When you click on user in 'show all users' there is an error:

There has been a problem

400 - Page not found

what log says is:

Thu, 23 May 2019 08:47:29 +0000 [::1] 404: HTTP 404 (GET /admin/admin/users/2) trace: [C:/wamp64/www/test/Fat-Free-Login-master/lib/base.php:1706] Base->error()
Thu, 23 May 2019 08:47:29 +0000 [::1] [C:/wamp64/www/test/Fat-Free-Login-master/index.php:22] Base->run()

On Thursday, May 23, 2019 at 9:22:39 AM UTC+2, v. wrote:

[Gosforth]

Example of same addresses:

1. te...@test.com

2. te...@test.com

Currently app does not check if exactly same address exists.

test...@google.com or te...@google.com are both different addresses (first one is alias but different address).

On Thursday, May 23, 2019 at 10:51:07 AM UTC+2, PJH wrote:

On Thursday, May 23, 2019 at 9:33:47 AM UTC+1, Gosforth wrote:

 

I'd add such features:-

same e-mail address cannot be used twice

Define 'same email address.'

For example (to pick GMail as the victim here,) all of these three go to the same inbox:

1) exa...@gmail.com

2) exa...@gmail.com

[v.]

the script does check on duplicate email addresses, it should not be possible to reuse an email or username.

Check files controllers/UserController (function create) and models/User, line 45:

//check if email already exists in db
$this->load(array('email=?',$data['email']));
if(!$this->dry())
{
    return 11;
}

[v.]

On Thursday, May 23, 2019 at 10:51:14 AM UTC+2, Gosforth wrote:

Thu, 23 May 2019 08:47:29 +0000 [::1] 404: HTTP 404 (GET /admin/admin/users/2) trace: [C:/wamp64/www/test/Fat-Free-Login-master/lib/base.php:1706] Base->error()
Thu, 23 May 2019 08:47:29 +0000 [::1] [C:/wamp64/www/test/Fat-Free-Login-master/index.php:22] Base->run()

That is the wrong url, it should point to  /admin/users/2, not to /admin/admin/users/2

Please check if changing app/views/admin/users.htm, line 16:

                    <tr onclick="window.document.location='admin/users/{{ @user.id }}';" style="cursor: pointer;">

to

                    <tr onclick="window.document.location='/admin/users/{{ @user.id }}';" style="cursor: pointer;">

fixes it

[PJH]

On Thursday, May 23, 2019 at 11:45:25 AM UTC+1, Gosforth wrote:

Example of same addresses:

1. te...@test.com

2. te...@test.com

Currently app does not check if exactly same address exists.

test...@google.com or te...@google.com are both different addresses (first one is alias but different address).

Covers most of the cases I presented; what about Te...@test.com? (Technically different - local part is case sensitive, though *most* services treat it as the same. )

[Gosforth]

Try to create facebook account with same address (whatever it is; reall address or alias) - u'll get in second what I mean.

Regards

On Thursday, May 23, 2019 at 2:39:29 PM UTC+2, PJH wrote:

On Thursday, May 23, 2019 at 11:45:25 AM UTC+1, Gosforth wrote:

Example of same addresses:

1. te...@test.com

2. te...@test.com

Currently app does not check if exactly same address exists.

te...@google.com or te...@google.com are both different addresses (first one is alias but different address).

[v.]

I do not want to create a facebook account to figure out what you need help with.

The system checks for duplicate email addresses, not for aliases.

If you want to check for aliases as well you are welcome to change it according to your needs.

[Thomas Steindl]

Yes, same here, just followed all instructions as posted on github.

It doesn´t work and can´t find the error. Everything seems fine but all I get is the fatfree homepage with this big error message

"There has been a problem. It's not you, it's us. Something went terribly wrong and we should fix that."

Has this code been tested before publishing it?

Is there anybody who had success with implementing it?

[v.]

Go to file app/views/error.html and remove the <exclude> on line 31 and </exclude> on line 37

Try again and post the error message you get here.

"it doesn't work" is just about as useful as going to doctor and saying "i'm sick". You can't expect someone to offer help if you can not describe the symptoms.

[Thomas Steindl]

Thanks for your prompt reply!!

I know, just telling "I´m sick" is not helpful, just don´t know where to start / what to change.

Did all once again, in a new project.

<?php

$f3=require('lib/base.php');

This throws a warning / fatal error:

Warning: require(lib/base.php): failed to open stream: No such file or directory in C:\wamp64\www\Fat-Free-Login-master\index.php on line 3

Fatal error: require(): Failed opening required 'lib/base.php' (include_path='.;C:\php\pear') in C:\wamp64\www\Fat-Free-Login-master\index.php on line 3

I changed to:

<?php

// $f3=require('lib/base.php');

require 'vendor/autoload.php';

$f3 = \Base::instance();

This gives me the homepage now:

And I´m stuck again here.

And I changed, as you said, these lines:

<!-- <exclude> -->

for debugging only

 ({{ @ERROR.code }}): {{ @ERROR.text }}

  {{ print_r(@ERROR) }}

  SESSION:

  {{ print_r(@SESSION) }}

<!-- </exclude> -->

But nothing changes.

If I click on login or change the url to /login..... nothing changes.

[v.]

The error clearly states that the lib folder is not available.

I have never tried this in wamp (which you seem to be using). Apparently it looks for the lib folder in the wrong path.

The vendor autoload can not work unless you have installed f3 with composer, but the project assumes you just upload everything as is.

Also: I have noticed there is no logs folder in the project. Maybe that could be the issue., try to create it as a subfolder in the root of the project.

[Thomas Steindl]

created logs folder

refreshed page

logs folder got filled with:

Fri, 24 Jan 2020 10:03:42 +0000 [::1] 404: HTTP 404 (GET /favicon.ico) trace: [C:/wamp64/www/Fat-Free-Login-master/vendor/bcosca/fatfree/lib/base.php:1760] Base->error()

Fri, 24 Jan 2020 10:03:42 +0000 [::1] [C:/wamp64/www/Fat-Free-Login-master/index.php:25] Base->run()

haven´t touched the routes, all as was delivered.

click on 1760 gets me to: base.php

        }

        if (!$allowed)

            // URL doesn't match any route

            $this->error(404);

        elseif (!$this->hive['CLI']) {

            if (!preg_grep('/Allow:/',$headers_send=headers_list()))

                // Unhandled HTTP method

                header('Allow: '.implode(',',array_unique($allowed)));

            if ($cors) {

                if (!preg_grep('/Access-Control-Allow-Methods:/',$headers_send))

                    header('Access-Control-Allow-Methods: OPTIONS,'.

                        implode(',',$allowed));

                if ($cors['headers'] &&

                    !preg_grep('/Access-Control-Allow-Headers:/',$headers_send))

                    header('Access-Control-Allow-Headers: '.

                        (is_array($cors['headers'])?

                            implode(',',$cors['headers']):

                            $cors['headers']));

                if ($cors['ttl']>0)

                    header('Access-Control-Max-Age: '.$cors['ttl']);

            }

            if ($this->hive['VERB']!='OPTIONS')

                $this->error(405);

        }

        return FALSE;

    }

I have installed f3 with composer, so did I with phpmailer

thanks anyway!

[v.]

Did you follow the installation instructions on the github page?

1. Install the Fat Free Framework (https://fatfreeframework.com/3.6/home), then copy all the files of this script to same folder.

2. Copy the access.php file from https://github.com/xfra35/f3-access/tree/master/lib to the lib folder

3. Copy PHPMailer to the lib folder (https://github.com/PHPMailer/PHPMailer/tree/master/src)

4. Install the mysql database using /db/create_db.sql

5. Set the /config/config.ini file:

• DEBUG (0, 1, 2 or 3)
• ssl (http:// or https://)
• auto_logout time (automatically log out user after so many seconds of inactivity)
• database settings
• mail smtp settings

Active login is admin:fatfree123

I have just done a clean install followin this and everything works fine