Hi mudmin,

I saw the language.php in the UserSpice file structure and modified and extended it so that most of visible text is now in lang[".."] brackets. I also made a German translation (I need it for my project), but if I want to switch language I always have to rename the language.php.
So my question is: When will the multi-language support be implemented? If every user could change the language of the interface - that would be a dream!
I could of course contribute my German langfiles!

Using US 4.1.

How does one tell the PDO object to start dying (with informative messages) on errors? While under development it's a lot easier to let it die and tell me why than have it continue on its way without saying anything.

Obviously I can (and will) check the return value of each DB call, but while I'm in the development phase I'm used to leaning on those error messages. What settings is it that's making it so PDO errors get ignored?

(I just had an $db->insert() with the wrong table name and banged my head against it for a long time because I just didn't notice the typo - an error message would have called my attention to it immediately.)

Is this something in my wamp configuration or something set within UserSpice? I just reinstalled Wamp and so I've changed 2 things and I'm not sure which one to chase down...

In http://userspice.org/forums/topic/redire...#post-1927 I reproduced a problem where the system sometimes redirects to verify.php when it should redirect to users/verify.php. Here's a fix for that.

It is hard to do a patch for users/init.php since it is largely created by the installation process. However, about 3-4 lines from the bottom of that script you will find this line:

Redirect::to('verify.php');

change it to this to solve the problem:

Redirect::to('users/verify.php');

Also in that forum link (above) the example used pointed out the problem where a user could register, NOT verify, forget password, reset password, and they would still be unverified. HOWEVER, by this time we have processed an email to their address (in order to reset their password) and so they really should be verified without having to do it explicitly.

In http://userspice.org/forums/topic/verifi...l-encoded/ I reported a problem where email addresses with a '+' character in them were not forming proper links during the email verification process.

This pastebin patchfile solves both of the issues listed above:

http://pastebin.com/KCXp9LM4

//Retrieve complete user information by username, token or ID
function fetchUserDetails($username=NULL,$token=NULL, $id=NULL){
if($username!=NULL) {
$column = "username";
$data = $username;
}elseif($id!=NULL) {
$column = "id";
$data = $id;
}
$db = DB::getInstance();
$query = $db->query("SELECT * FROM users WHERE $column = $data LIMIT 1");
$results = $query->first();
return ($results);
}
how can i connect token to a user im trying to make userspice a backend to an app. something like restfulapi

When I go into user_settings.php on a user that has been created in a standard way (I even tried it on "user" to make sure I hadn't messed anything up) it appears to allow me to change the username and reports back to me that the username has been updated, but no change occurs in the database.

It may be that changes to username aren't supposed to happen, but in that case it shouldn't look like I can and tell me that I have... So either the underlying functionality should be fixed to make it work or the UI should be changed to make it obvious that this isn't allowed.

I am doing some non-standard stuff, but since UserSpice is designed as a sort of bookends that people can fill in the content in between I'm assuming this kind of non-standard stuff should get an error message...

In this case I am adding a user behind the scenes with just email, fname, lname and then the required (non-null) integers and dates. Then I come in and try to log in with "forgot password" and use the email address to get access. Everything looks really good (and it lets me reset the password perfectly) but then when I try to log in as that user it redirects me to verify.php (not users/verify.php) and I just keep getting a 404. Since the username or email or whatever is in my session now I can't go anywhere *except* verify.php which, of course, is just my 404.

The fact that verification has not been done and is being required is my application's problem. But the fact that I am being redirected to verify.php seems to be a UserSpice bug. I haven't tracked down where it's happening. If it comes from the fact that I moved my init.php into the root directory or something like that then please serve me up some humble pie and I'll take my medicine...

I added a test user and used the + type of email address (xyz+abc@gmail.com) which allows my xyz@gmail.com address suddenly be multiplied into as many test emails as I want. However, the resulting verification link in the verification email looks like this:

http://localhost/imok/users/verify.php?e...ode=235269

The plus sign is in there, unencoded and I get an error when I click on it - unsuccessful verification.

When I manually copy/paste the link and edit the + sign to {3bc1fe685386cc4c3ab89a3f76566d8931e181ad17f08aed9ad73b30bf28114d}2b (practically speaking url-encoding it) then it works fine:

http://localhost/imok/users/verify.php?e...ode=235269

Something dimly rings a bell in the back of my mind that + is a non-standard google extension to valid email address characters, so an argument could be made that this isn't really a bug. I'm guessing with enough persistence and creativity I could come up with another use-case using standard email address characters that do need to be url-encoded. However, for now I'll be willing to agree that this is pretty close to the edge in terms of edge conditions.

Not sure if this is a bug or by design... I have "Require User to Verify Their Email?" set to "yes" in the email settings and it seems to work fine on initial registration, but once I am registered I can go in and change the email in the account settings with no verification.

So, thinking like a bad guy, I could sign up and get a valid account and then change my email to someone else's address and then suddenly emails that are "verified" are actually not verified...

As far as I see there is no record of the initial, verified address, either...

And the column "email verified" in the "users" table still indicates 1.

Maybe this is standard behavior for user systems - I'm not sure I ever tested it on another system before. But I can see how it could be a cause for abuse/misuse so I'm throwing it out here.

Hi,
I'm wondering, what is the best/recommended structure or design for a project based on/including UserSpice. Our project will offer several web services. So, starting at the root folder I have e.g. a folder for service1, another for service2 etc. Now, I like the idea to have one UserSpice system, i.e. the users and usersc folders, e.g. located in the root folder. I'm not sure, but I think that in this case I would need a lot of additional files, e.g. an extra header.php for each service, an extra navigation.php for each service, extra custom_login_script.php. Additionally I think I would need a lot of additional logic to check where I am and then which files to choose etc. Hopefully, I'm wrong and there is a much better solution/way.
Another possibility, which came to my mind is to have an UserSpice system (the folders users and usersc) in each of the service subfolders. In this case I could clearly separate all stuff and I could have different header.php, navigation.php and all the custum stuff in the separate usersc folders. All UserSpice systems could of course access the same data base, so, for the user it looks like one system. But I'm scared about maintaining all UserSpice systems regarding patches or other changes or changes by myself.
So, would be happy to hear some good advice.
Thanks,
Sebastian

I could be wrong (sometimes layers of spam filters can get confusing to check all of them) but I think that even when I click on the box saying I want to be notified of replies - I think that I'm not getting notified of replies.

Just FYI.