hello, I'm trying to insert a popup alert in the did_not_have_permission pages, so that it will tell the user what went wrong.

I added to the page the code:

`<html><body><script> alert("Acces denied"); </script> </body></html>

but the browser immediately jump to redirect.

If I comment the redirect in the us_helpers.php then popup appears.

I guess it is linked to the intrinsic logic of php, but I did not manage it.

I would like to edit only the did_not pages, without touching the us_helper.

How could I do it?

Thank you!

Hi,

When i hit the forgot password link on login page, enter email and move ahead to received the link. Change the password, the password gets update and all works fine up untill here.

Now when i go back to the login page and try to login, the first time i login always fails and brings me back to the login page.

The second time i login with the same credentials and updated password, it logs me right in.

What am i missing here !

BUILD NOTES STATUS 35

New SQL dump required

UPDATES
users
admin_user.php - patched username update logic to use global settings
admin_permission.php - security bug patch
user_settings.php - patched username update logic to use global settings, added email_new function so
we don't get endless loops of redirects, and email_verified is never set to 0, also doesn't update email until verified
verify.php - as above
join.php - redirect if logged in
joinThankYou.php - redirect if logged in
verify_resend.php - added user logout if logged in
forgot_password.php - added user logout if logged in
forgot_password_reset.php - added user logout if logged in
helpers
helpers.php - see note in file in display_errors function
views
_email_template_verify_new.php - added template for email updates from user_settings.php

usersc
scripts
token_error.php - Karsen's deploy

Hey, I'd like to ask what would be the most efficent way to run a very simple php crontask on the server every few minutes. I did try out some stuff but none really came out working so I'd like to ask.

Hi question to anyone that may know.

My domain host will not allow the change of group concat from 1024 to max.
so my question is i have tried adding to the init file to session the group concat but when i do it runs a 500 error code .
which way would be best to add this or just redesign the way i am doing group concat via my hosting.

Thanks in advance

Hello!

I'm sure that I'm missing something super basic here but for the life of me I can't figure out how to set the permission level of a user when the account is created. I have created a permissions group, it's set to 3.

In join.php, under `// echo "Trying to create user" I see 'permissions' => 1, but changing 1 to 3 seems to have no effect

Am I barking up the wrong tree?? Any help would be greatly appreciated

Thanks and thanks for such an awesome and insanely useful project!

Here is few bugs I have found so far, may be I will remember some more that I patched for myself, so here is what i've found:

found bugs:

1) http://localhost/usercontrol/users/admin_user.php?id=2
not using global settings for name length

Hello there everyone! My name is Stanislav and im using UserSpice to create big technical project!
First of all - thanks for the work! You helped me alot!

I was able to find alot of bugs in US during my journey, will share them with you soon!
Also I am interested in any additional security flaws that you guys may be found!

Hello

I have turned on email verification.

If a user changes his email in user_settings.php, the Database updates the new mail and sets email_verified to 0 and spits out the message "Email updated."
However it doesn't send out a new verification email?

After updating the email, when you click somewhere else, the page logs you out with the message
"Ooops! There was an error verifying your email address. Please click below to try again" (verify.php)
If you click on the link nothing happens. No Verification email is sent resulting in blocking out the user forever.

Hi everyone,

I've been working on a site that helps people play and create crossword puzzles. It's geared towards British-style crosswords (more black squares than US ones).

Anyone can play existing crosswords. But I've used UserSpice to let people register and log-in, and then upload their own creations onto the server. They then get a link they can send to friends to challenge them on a puzzle.
UserSpice saved me loads of time getting the registration and log-in process working.

It's very much still in beta, but I'd love to know what you think.

Also it's not on HTTPS, so if you register, please don't use your banking password!

Here it is:
http://www.willbryson.co.uk/TryMyCrossword

cheers,
Will