Friday, 16 May 2014

Login, Session, Cookies and Logout

The login process took a very long time as when I user tested this section the echo error message kept appearing even though the information was correct. I run the error report function but no errors appeared it seemed that the underlying issue was with the password hash as I would the system would echo out valid email however without any specific error messages within the document I struggled to solve this issue quickly. 



I looked over the login code but I couldn't find any errors or misspelt variables.





Due the amount of time left to solve this problem and the fact that I needed to finish other sections within the project I decided to attempt another login structure.


When it came down to testing this code there were several issues, basically since I used a different approach it also meant changing the register document. I decided not to do this as time was running short therefore I went back to the original document and tried to sort out the problem. This process again took various days and overlapped with other tasks however I did managed to solve the issue basically the database was set to only store 6 character whereas the encryption consisted of 60. Due to this factor when it came down to logging in the system wasn't able to match the passwords. 

Sources

Aass, O. (2013). Two step password hashing with hmac and bcrypt. [online] Worldofwebcraft.com. Available at: http://www.worldofwebcraft.com/blog.php?id=255 [Accessed 18 May. 2014].

Free source code, tutorials and articles, (2013). How to Create Login Page in PHP/MySQL using PDO Query. [online] Available at: http://www.sourcecodester.com/tutorials/php/6102/how-create-login-page-phpmysql-using-pdo-query.html [Accessed 18 May. 2014].

Mackay, C. (2005). SQL Injection Attacks and Some Tips on How to Prevent Them - CodeProject. [online] Codeproject.com. Available at: http://www.codeproject.com/Articles/9378/SQL-Injection-Attacks-and-Some-Tips-on-How-to-Prev [Accessed 18 May. 2014].

Price·, I. (2013). PHP Tutorial: Secure Password Hashing using crypt(). [video] Available at: https://www.youtube.com/watch?v=wIRtl8CwgIc [Accessed 18 May. 2014].

YouTube, (2012). How To Create A Secure Login System In Php. [online] Available at: https://www.youtube.com/watch?v=dy5sYbbWYvE [Accessed 18 May. 2014].

Thursday, 15 May 2014

Upload Process Extended

Okay, so now that I have a functional register process the next step was to add extra features such as:
  • Size limit
  • Check if file exists


Ideally I would have used the code below to display the users folder however due to issues with the login the file security and file sharing hasn't been completed so i'm displaying all files together.




The links are useful to access the documents so I went ahead and created a download document that accesses the path were all the files are stored and enables users to download the document to their device.




Sources
Css-tricks.com, (2012). [online] Available at: http://css-tricks.com/snippets/php/display-styled-directory-contents/ [Accessed 18 May. 2014].

Juul Hansen, N. (2013). Listing files with PHP. [video] Available at: https://www.youtube.com/watch?v=HA9dQLUxa38 [Accessed 18 May. 2014].

php, D. (2013). Download files from server php - Stack Overflow. [online] Stackoverflow.com. Available at: http://stackoverflow.com/questions/12094080/download-files-from-server-php [Accessed 18 May. 2014].

Worldofwebcraft.com, (2012). How to list all files in a dir as links to the file (download). [online] Available at: http://www.worldofwebcraft.com/topic.php?id=6336 [Accessed 18 May. 2014].

Thursday, 1 May 2014

Register Process Continued

The last process within the register form is to develop the activation email:
  • Here I used an auto responder to mail the activation link to the users
  • The subject and link are displayed within the email
  • This is followed by a confirmation email on the success of the registration and a notice for them to activate their accounts