I like the book, it is real good.
I think there may be a bug in
Chapter 1, User Registration, the forgotpass.php file.
There is a section in forgotpass.php that reads
Code:
// store new password
$user->password = $password;
$user->save();
It seems sha1 should be used here.
Code:
// store new password
$user->password = sha1($password)
$user->save();
If you don't use sha1, it will store the password unencrypted in the database,
Then, when login.php does this comparision
$user->password == sha1($_POST('password'))
it will fail.
As you can see login.php encrypts the posted value,
so if the value in your database is not encrypted this
comparison will never pass.
I tested it using sha1 in forgotpass.php and it worked fine.
Without using sha1, I could not login.
User registration forgotpass.php
