New release :: access_user Class

[activate_account()]

date: 2006-05-04
There was a bug inside the example file, check row 14 must be:

Code:

<?php
if (isset($_POST['profile_data'])) {
$update_profile->save_profile_date($_POST['id'], $_POST['language'], $_POST['address'], 
$_POST['postcode'], $_POST['city'], $_POST['country'], $_POST['phone'], $_POST['fax'], 
$_POST['homepage'], $_POST['notes'], $_POST['field_one'], $_POST['field_one'], 
$_POST['field_two']."##eu_date"); // note the laster trailing string, this used to optimize the value as a date.
}  

date: 2006-05-01
somthing went wrong during a update in the past, if the autoactivation was set to false a mail was send without subject and message this is fixed inside the method activate_account() row 376

Code:

<?php 
if ($this->send_mail($this->admin_mail, 40, 39)) { 
?>

version 1.89
date: 2006-04-26
RN: Until the last version there was a small bug inside the messages method, while sending a confimation the login of the administrator shows up. This wrong login is replaced with the value real name field (or a default if empty). $msg[37] is changed to get the right name inside the conformation e-mail and also the method send_confirmation(). I added also the missing $msg[24] for several languages. Thank you Dan for your question which points me to this not gentle bug!

[Free WordPress Themes]

version 1.90
date: 2006-06-20
RN: Something went wrong during a update in the past, if the autoactivation was set to "false", in this case an e- mail was send without subject and message body. This is fixed inside the method activate_account() on row 376. There was also a small bug inside the update_user_profile example file at row 14, inside the arguments of the function there was an error for the last argument. The variable $send_copy has no function in older versions. If this var is set to "true" after account activation a blind copy is send the site's admin e-mail address.

[Free WordPress Themes]

The variable $access_level is removed, if someone needs the access level value the method get_access_level() must be called. The method returns the access level from a user, the method access_page() is modified to handle this. Inside the example to update the users profile is more example code to show how the different date formats are optimized and processed. The method "create_form_field()" inside the update profile extension is an extra test if a euro-date field is not empty. There was somthing wrong if the class is used to activate the account by admin only. The system was sending the e-mail  to the new user. This is fixed inside the register_user() method, rememember to use the variable $auto_activation in the page where the email verification will happen.

[Free WordPress Themes]

 There are two important changes in this version: 1. It's possible now to store the session data in your database (this is much safer if you use sessions on a shared hosting server); 2. the password is alsways MD5 encoded now. For the last one there are several methods changed (check this thread for details, a link is located on the right site of the access_user class website). Further (small) changes: added session_destroy() to the logout method; the links used in the e-mail messages are double md5-encoded now (check the messages with URL's in the messages() method). This is a bigger update, I tried my best to test all changes if something is wrong please let me know (post to the forum).

[Free WordPress Themes]

There was a smal bug inside the login_user() method since the last update, a password stored with the cookie doesn't work after teh first logout, this is fixed. Next Sean informed me that inside the access_page() method that there is no exit command after the redirection code. This could be a problem if inside the portected script some code will be executed after the user check. This is fixed and also the logout method got some exit function after the redirection code. If the the sessions are stored inside the MySQL database you need an object free log-out page to remove the session data from the database. Check the logout example and also the new setting for the logout page inside the config file.

[Free WordPress Themes]

In the previous version there was a change to remember an encrypted password and use this value also in the login form. Because the login method needs to accept the raw and the encrypted the password check is less save then in versions before. Because of some complains via the forum I decided to change the cookie bases login process. In this version is the user automatically logged in if a valid cookie exists on the client side. User of this class can disable this feature by setting the variable "save_login" to "no" during the login process. Both login examples are changed and also the methods Access_user(), set_user(), login_reader() and log_out(). Please note also the new created session variable "logged_in", this can be used on pages with conditional content (if a user is logged in or not).

[Free WordPress Themes]

I removed some default variable definitions from the constructor method because sometimes the variables need different values. In previous version you need to define the vars $user and $user_pw with some extra code, in this version they are automatically declared if the session exists. The new argument $redirect inside the constructor is used for the modified method set_user(), this is used to redirect while using the automatic login function. That will say only if the Boolean inside the method is true the redirect will be processed. The test for the existents of the session vars is removed because it’s not necessary anymore. Inside the profile extension is a constructor now, this has the functions from main class constructor and some extra functions make it easier to use the profile extension. Check also the improved example file update_user_profile.php, the complete process is more compact now. To test if there is am existing profile a new example is used "profile_example.php", if there is no profile record the user is redirected to the update profile page (check the new constant variable inside the config file). This feature is useful if the user profile is required inside an application.

[Free WordPress Themes]

Today a user reported (thanks John Doe 3rd) that for a lot of database queries the class is not safe against SQL injections if magic_quotes_gpc = off. I checked all possible string values and added the function ins_string() to these values. This validation method is not new and was used before for several methods. All users where magic quotes is not configured should update this class or changing the methods where the values entered by the Internet user are send to a database query.

[Free WordPress Themes]

There was a small bug inside the constructor method of the user_profile extension, this is fixed now. In previous versions with auto-activation enabled it was possible to activate an account via the activation email after the admin has de-activated an account. The method activate_account() is changed to activate only non-active accounts. The user table need to get updated to use that features (check the SQL statement above the modified method). It's possible now to use a third state "blocked" via the admin panel (the method activation_switch() is modified).

[Free WordPress Themes]

 This is an important (security related) update, in previous versions hackers can guess common and repeating passwords from user. While the "forgotten password" function was based on the password and the user id, it could be possible to change the password for some user (if the hacker knows the users id and the right password). The risk is not very high for most installations but could be work out some trouble. The new version doesn't use the password for validation anymore. The login name (encrypted) is used together with some "secret" secret string. AU class user can replace the class file but need to update the method calls in the activate password script. You need to add the constant variable SECRET_STRING to the config file.

[Guest]

[36.906]

Yahoo crawler, Googlebot, adsense, Baidu Spider, Msnbot