Problems in Access User 1-92

Dear Olaf,
Please check the following items in Access_User_Class-1.92:

1- Fatal Error:
when you login to the system, if you check the "Remember

Login" Check box, you can't login again.
since an MD5 form of Password will save in the session or
cookie, so you can not login again unless you enter the MD5
format of Password! that is saved in the "users" table of
database in the password fields.

2- Session management.
when we put: use_mysql_session=true
there is no method in that class to session management.
for example, if a user close the browser or leave it
without click on the "log out" link, "_destroy" function
will not be executed so all records will remain in the
sessions table and after a short time, we will have many
useless records in the sessions table of database.

3- HTML tag Prevention
isn't it better to add an option to ins_string function to
prevent users against typing HTML tags in the fields?
I tried to use "htmlentities()" function. but regarding
some reasons, I'll be glad to have your opinion about the
best way of doing that.

4- old bug
after user registration while auto_activation=true,
the user receives 2 email for verification! (one email will be enough)

[Free WordPress Themes]

this sounds like a existing user ...

I will check the other things laster...

3- HTML tag Prevention

use this class to validate entries:
http://www.finalwebsites.com/snippets.php?id=15

1- Fatal Error:

Are you using the class scripts within an old application? (maybe you have an old cookie in you browser)

thanks for your reply,

regarding that Fatal Error,
No!
i had not this problem in earlier version, just in 1.92 version!
i should delet the cookies till i can login using the original password
every time i check the "Remember Password" check box, i will not be able to login with the oroginal password. i should enter the MD5 form of password in the Password filed!

[Please pass the following steps:]

dear olaf, i installed the AU-1.92 again,
the problem exist.

Please pass the following steps:
1- delete all cookies on your PC <this step is not necessary, but it's better to do!>
2- check the "Remember Login" Check box, then login to AU using original User name & Password in login.php
3- in example.php, just Log out!
4- in the login page, you will see more characters in the password filed. if you click on the login button, you will enter successfully!
but if you delete the characters in the password filed and
enter the password manually, wow you will receive the
"Invalid user name or password" message and can't enter!

also after user registration while auto_activation=true,
the user receives 2 email after account activation (one email will be enough)

[Please pass the following steps:]

dear olaf, i installed the AU-1.92 again,
the problem exist.

Please pass the following steps:
1- delete all cookies on your PC <this step is not necessary, but it's better to do!>
2- check the "Remember Login" Check box, then login to AU using original User name & Password in login.php
3- in example.php, just Log out!
4- in the login page, you will see more characters in the password filed. if you click on the login button, you will enter successfully!
but if you delete the characters in the password filed and
enter the password manually, wow you will receive the
"Invalid user name or password" message and can't enter!

also after user registration while auto_activation=true,
the user receives 2 email after account activation (one email will be enough)

thanks for reporting this I will check it...

[Free WordPress Themes]

OK then I did some checks and updates:

1- Fatal Error:
when you login to the system, if you check the "Remember

Login" Check box, you can't login again.
since an MD5 form of Password will save in the session or
cookie, so you can not login again unless you enter the MD5
format of Password! that is saved in the "users" table of
database in the password fields.

this is solved (will release an update soon)

Code:

<?php
function login_user($user, $password) {
if ($user != "" && $password != "") {
$this->user = $user;
/* this extra check is added in version 1.93 */
$this->user_pw = md5($password);
$valid_pass = false;
if ($this->check_user()) {
$valid_pass = true;
} else {
$this->user_pw = $password;
if ($this->check_user()) $valid_pass = true;
}
if ($valid_pass) { // end extra password check
$this->login_saver();
if ($this->count_visit) {
$this->reg_visit($user, $this->user_pw);
}
$this->set_user();
} else {
$this->the_msg = $this->messages(10);
}
} else {
$this->the_msg = $this->messages(11);
}
}

2- Session management.
when we put: use_mysql_session=true
there is no method in that class to session management.
for example, if a user close the browser or leave it
without click on the "log out" link, "_destroy" function
will not be executed so all records will remain in the
sessions table and after a short time, we will have many
useless records in the sessions table of database.

I the classes it works fine, but if you log-out the user is redirected to the login page and there is the is via the class a session_start() called. To solve that you need to re-direct to a "session free" page. Is this wat we need?

4- old bug
after user registration while auto_activation=true,
the user receives 2 email for verification! (one email will be enough)

I don't have the problem (and others too???) do you have an URL where I can test this?

[after user registration is completed, while auto_activation=true,the user receives 2 email to confirm the account activation! (one email will be enough)]

thanks for your care 

about:
after user registration is completed, while auto_activation=true,
the user receives 2 email to confirm the account activation! (one email will be enough)

sorry, it's not acessiable over the internet. since i have just a Access_User_1-92 installed on my local server. but i had seen this item since old versions.

[after user registration is completed, while auto_activation=true,the user receives 2 email to confirm the account activation! (one email will be enough)]

thanks for your care 

about:
after user registration is completed, while auto_activation=true,
the user receives 2 email to confirm the account activation! (one email will be enough)

sorry, it's not acessiable over the internet. since i have just a Access_User_1-92 installed on my local server. but i had seen this item since old versions.

I'm using this class for a bigger extranet and never got complains about that (maybe something with your mail server?)
I'm testing on windows with apache too...

No, I'm seeing the two emails as well. Apache on Red Hat. AU v. 1.92, dowloaded a few weeks ago.

[Free WordPress Themes]

No, I'm seeing the two emails as well. Apache on Red Hat. AU v. 1.92, dowloaded a few weeks ago.

try to use totally different email for the user, the webmaster and the admin and check the mail headers...

[Guest]

[37.736]

Yahoo crawler, Googlebot, Msnbot, Baidu Spider