Create security pages not working

I've run the create security pages but none of the resultant pages seem to be working. When I first ran it, the wizard told me it didn't have rights to write the relevant table, so I had to copy the sql file it created and add it manually.

Anyway, now I've got login.php and registration.php (the only two pages I've been able to test so far). I have also got userupdate.php, forgotpassword.php and logout.php.

I click register from here http://brandchampion.co.uk/rental-furniture-detail.php?furniture=2 and have added a username and password, but they are not entering into the DB. Once I have submitted the registration page I am pushed back to the home page which has a URL ending in ?invalid=true. That's the first part of the problem.

The next part pertains to retrieving the user date from the DB. Because the registration didn't work, I entered the info manually. I then go to login.php and enter the details, but I get the same ?invalid=true. So log in is not working; that's part two of my problem.

Part three of my problem I guess is related to part two in that I am trying to retrieve the user ID via a session using the SecurityAssist_userID. If the session is not empty, then I will display certain content and hide register login buttons. If it is empty, then I display the register login buttons. I am certain that the session isn't being propulated because I have manually created a session like so $_SESSION['SecurityAssist_userID'] = 1 and have echoed it on the product page and it displays as expected. When I remove the manually populated session code and log in, the echoed '1' disappears.

Basically, I can't enter new user details, and if I manually populate the DB, I can't retrieve the detail to populate a session.

Any thoughts?

Server info in private message.

Thanks.

The invalid=true means that it isn't passing validation... maybe too weak of a password or invalid email address. What are you entering?

Yep, that's it. Thanks Ray.

On that basis, shouldn't the page refresh itself and present the errors? Currently it's going to the home page with the ?invalid=true.

I'm asking because as the person building the site, I wasn't aware of the error and therefore any normal user isn't going to know.

I've resolved it at the moment by adding in registration.php before the ?invalid=true, but was wondering if that wasn't how it's intended to work.

Also, the error message contains @@strengthmessage@@ and was wondering if that is meant to be dynamic in some way referencing code elsewhere pertaining to the minimum limit of characters, or if it was simply there to remind us that we need to change it manually?

There was an issue that has been resolved in a recent build where the page name wasn't included in the failed redirect. You can install the latest version so it doesn't happen in the future. On the pages you have already created just find the line that has "?invalid=true" and add the current page name in front like: "registration.php?invalid=true"

The strength message is a placeholder where you can add text according to your requirements.

Just tried to load the userupdate page and I got a 500 error. Looking at the code I see I have and odd include:

<?php require_once('Connections/conn.php'); ?>
<?php require_once("webassist/form_validations/wavt_scripts_php.php"); ?>
<?php require_once("webassist/form_validations/wavt_validatedform_php.php"); ?>
<?php require_once('@@ConnectionPath@@'); ?>
<?php require_once( "webassist/security_assist/helper_php.php" ); ?>

Not sure if this should be helper file or other WA include file, so I have included all that have been created for you to try to figure out which is missing... if it is.

When I remove <?php require_once('@@ConnectionPath@@'); ?> I get a new error:

SELECT * FROM pcms2_users WHERE UserID = %s
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%s LIMIT 0,1' at line 1

Could you tell me what that line of code should be please?

I've looked at another post here, but although it was similar errors, I couldn't see a resolution for that one line.

Thanks.

You can remove that line of code entirely. I think if you re-install the latest version of the extension that issue has been fixed.

The FTP information you provided doesn't work, so I wasn't able to look at the page directly. Can you send updated FTP information or attach a copy of the page itself for me to look at? That would help me diagnose the second error.

Hi Ray

Having used the 'create security pages' wizard, I'm getting the same spurious code

<?php require_once('@@ConnectionPath@@'); ?>

in my forgotten password page. When I remove it, the form appears works as far as the email process, I think, but then I get 'the page isn't working' and no email is received.

The login page works fine

I'm using 2.3.4 Data Assist

UPDATE; I've 'shown errors' and after submitting the form, I get the error shown in the pm.

Cheers
Chris

Do you have the latest version installed? I thought I had fixed this issue.

The problem is that the wizard didn't create the email include files necessary to send the email. To correct the problem at this point you can:

1) Create a new page (call it temp.php you will end up deleting it later)
2) Apply the Send Email Message server behavior (use dummy content)
3) Upload the webassist/email folder that will now have all of the necessary files
4) Delete your temp.php page, you don't need it anymore

Thanks, Ray - that all works properly now.

Yes, 2.3.4 installed.

Cheers
Chris