View Single Post
  #2 (permalink)  
Old April 5th, 2012, 12:02 PM
Tarrconsulting's Avatar
Tarrconsulting Tarrconsulting is offline
Wrox Author
Points: 50, Level: 1
Points: 50, Level: 1 Points: 50, Level: 1 Points: 50, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Nov 2011
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I found the problem in the contact.php file.
In Chapter 28, in Step 8, I have you add a condition to the _verifyInput function that checks to see if the username is already in use. Since this function is used both when you add a record and when you change a record, we should only check this when you are adding a record.
Code:
  if (!trim($this->user_name)) {
     $error = true;
  } elseif (strlen(trim($this->user_name)) < 6) {
     $error = true;
  } elseif ($this->id==0 AND self::getContactIdByUser(trim($this->user_name))) {
    $error = true;
  }
You'll see that I added "$this->id==0 AND " to that condition so that only new records will be checked.

There is also another error in this file. In Step 10, where we construct the password hash in the addRecord function, the query statement to add the username and password hash is incorrect. It should have a WHERE clause and should be using the mysqli (rather than the mysql) function to get the last id added. This is what it should look like:

Code:
      if ($connection->query($query)) { // this inserts the row
        // update with the user name and password now that you know the id
        $query = "UPDATE contacts 
        SET user_name = '" . Database::prep($this->user_name) . "', 
        password = '" . hash_hmac('sha512',
          $password . '!hi#HUde9' . mysqli_insert_id($connection), 
          SITE_KEY) ."',
        access = '" . Database::prep($this->access) . "'
        WHERE id = '" . mysqli_insert_id($connection) . "'";
I'm really sorry for the frustration this will have given you.
Reply With Quote