PHP Login System with Admin Features

This forum was created to talk about the PHP Login System with admin features created by jpmaster77 on evolt's website


    displaying of username

    Share
    avatar
    Dorji

    Number of posts : 25
    Registration date : 2009-03-30

    displaying of username

    Post  Dorji on Tue Apr 07, 2009 12:12 pm

    As you see when some visit someone's info. the user name is being diaplayed in the browser's address. Is there any way to change it to user's id. if so please reply.

    Thanks
    avatar
    Linchpin311

    Number of posts : 220
    Age : 33
    Localisation : Long Island
    Registration date : 2007-05-14

    Re: displaying of username

    Post  Linchpin311 on Tue Apr 07, 2009 9:57 pm

    first off you posted a very similar question in another section of our forum a few days ago. next time you want to drum up some replies to your post, dont ask the same question in another place, just bump the existing topic. i have deleted your other post and made this one the active one.


    now to your question... no, not really because the user's id changes every time the user logs in. you might be able to turn the username into a hash (trying the md5() or similar function) but in the long run i think you would run into more problems than its worth.

    why do you want to hide the username anyway? maybe there is another solution.


    _________________
    in the end, the universe tends to unfold as it should...

    Also note that it is your responsibility to die() if necessary.
    avatar
    Dorji

    Number of posts : 25
    Registration date : 2009-03-30

    RE

    Post  Dorji on Wed Apr 08, 2009 5:24 am

    Am very sorry for that
    well i changed use email id to login as it is given in one of you topic how to change username to email id. my proble is when ever users are online or when someone see other users profile the email id being diaplayed in the browser address and it is not good if user intended to hide his email id.

    well if we use md5() we have to use it while saving it to the DB or while we take out the data from the DB.

    and i would like to know what would be the problem likely to face in the future.

    Thanks
    avatar
    Linchpin311

    Number of posts : 220
    Age : 33
    Localisation : Long Island
    Registration date : 2007-05-14

    Re: displaying of username

    Post  Linchpin311 on Wed Apr 08, 2009 7:17 pm

    hmm, i see. well again im back to wondering if you can just hash the email address, but maybe not saving the hashed version to the database... or maybe saving both. saving both might work, one would still be the username, the other would be like another user id (maybe call it user hash?). then we can call this user hash when viewing a users info.


    _________________
    in the end, the universe tends to unfold as it should...

    Also note that it is your responsibility to die() if necessary.
    avatar
    Dorji

    Number of posts : 25
    Registration date : 2009-03-30

    re

    Post  Dorji on Thu Apr 09, 2009 5:22 am

    Which part of the function i have to make the changes if i hash the email on both side and save it to DB. I am not that much clear with session_start().
    avatar
    Dorji

    Number of posts : 25
    Registration date : 2009-03-30

    Got the Answer

    Post  Dorji on Thu Apr 09, 2009 5:48 am

    Thank you very much. After the idea you gave me to hash it on both, i did it.
    done it while registering to and and which login on compearing the email id with one in DB

    Thanks Linchpin311

    dorji
    avatar
    s.w.vanderlaan

    Number of posts : 19
    Age : 39
    Localisation : The Netherlands
    Registration date : 2009-03-22

    Re: displaying of username

    Post  s.w.vanderlaan on Sat Apr 11, 2009 8:19 am

    Dudes,

    I've done it as well. Upon registering a new user (which, by the way, only the Administrator can do, i.e. me) the username is also hashed. Works brilliantly. Now, I am trying to figure out how to reset the usernamehash as primary key and use it as the primary identifier in the session and on the the website. I want this number to be used to edit the profile page etc.
    Setting the primary key in the database is no problem. Setting the things correctly in the session.php, is another problem. Working on that.

    But suggestions are always welcome...! Razz

    Ciao,

    Sander
    avatar
    Linchpin311

    Number of posts : 220
    Age : 33
    Localisation : Long Island
    Registration date : 2007-05-14

    Re: displaying of username

    Post  Linchpin311 on Sat Apr 11, 2009 1:34 pm

    i am wondering if you can replace any query in session.php, where the username is used to retrieve data, with the non-hashed email address? or i guess you could just find all the querys where the username is used to retrieve data and have it hashed before the query is submitted.

    let me know if either of these work out for you. when i get some time i want to try this hashing the email address idea out for myself so i can help people more with it.


    _________________
    in the end, the universe tends to unfold as it should...

    Also note that it is your responsibility to die() if necessary.
    avatar
    intothefantasy

    Number of posts : 37
    Registration date : 2009-04-11

    Re: displaying of username

    Post  intothefantasy on Sat Apr 11, 2009 3:33 pm

    s.w.vanderlaan wrote:Dudes,

    I've done it as well. Upon registering a new user (which, by the way, only the Administrator can do, i.e. me) the username is also hashed. Works brilliantly. Now, I am trying to figure out how to reset the usernamehash as primary key and use it as the primary identifier in the session and on the the website. I want this number to be used to edit the profile page etc.
    Setting the primary key in the database is no problem. Setting the things correctly in the session.php, is another problem. Working on that.

    But suggestions are always welcome...! Razz

    Ciao,

    Sander

    how do u do that by hashing the username? any problem after hashing it with md5? i would love to know how u done it..
    avatar
    Dorji

    Number of posts : 25
    Registration date : 2009-03-30

    Re: displaying of username

    Post  Dorji on Sat Apr 11, 2009 10:17 pm

    here is the changes you have to make it in session.php under login function:
    Code:


     /* Checks that username is in database and password is correct */
          $subuser = stripslashes($subuser);
          $result = $database->confirmUserPass(md5($subuser), md5($subpass));



    .
    .//some code
    .
     /* Username and password correct, register session variables */
          $this->userinfo  = $database->getUserInfo(md5($subuser));
          $this->username  = $_SESSION['username'] = $this->userinfo['username'];
          $this->userid    = $_SESSION['userid']  = $this->generateRandID();
          $this->userlevel = $this->userinfo['userlevel'];

    Now under register function in session.php
    Code:

     else{
            if($database->addNewUser(md5($subuser), md5($subpass), $subemail,$fname,$lname,$con,$sname)){
                if(EMAIL_WELCOME){
                  $mailer->sendWelcome($subuser,$subemail,$subpass);
                }


    This are the changes i made in session.php

    Now you may not get who is online the active member. Please do the following rplace user with username.

    Code:
    $uname = mysql_result($result,$i,"username");
       

          echo "<a href=\"userinfo.php?username=$uname\">$uname</a> / ";
      }

    And in your main.php too replace user with username

    Code:

    <a href=\"userinfo.php?username=$session->username\">user info</a>



    Since i am using username as email ID the process is same in both the case. hesh subuser in while retriving info and checking in DB and hesh and save the hesh version in DB while registering.


    Thanks
    avatar
    s.w.vanderlaan

    Number of posts : 19
    Age : 39
    Localisation : The Netherlands
    Registration date : 2009-03-22

    Re: displaying of username

    Post  s.w.vanderlaan on Tue Apr 14, 2009 4:27 am

    Hi,

    So I am working on this. Let me explain what I've done so far:

    First of my users-table:
    - the primary key: still username (I don't see a reason at this moment to change it, it's unique, and nobody sees it)
    - I've added columns firstname, lastnamepf and lastname before email-column
    - I've added column: usernamehash, which gets filled with the MD5 hash of the username. And this I want to use as the unique identifier for the profile viewing. In my site there is really no other place where I need to look it up.

    Changed all the things where you (Dorji) wrote to change things. Problem is: I can't login in now: get an error message stating the DB doesn't know my username...

    Now I think I also have to change something in the database.php file:

    Code:

    <?php
    /**
     * Database.php
     *
     * The Database class is meant to simplify the task of accessing
     * information from the website's database.
     *
     * Originally written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC) and Last Updated: August 19, 2004
     *
     * Adapted by: Sander
     * Last updated: April, 14 2009
     *
     */
    require_once("constants.php");
         
    class MySQLDB
    {
      var $connection;        //The MySQL database connection
      var $num_active_users;  //Number of active users viewing site
      var $num_active_guests;  //Number of active guests viewing site
      var $num_members;        //Number of signed-up users
      /* Note: call getNumMembers() to access $num_members! */

      /* Class constructor */
      function MySQLDB(){
          /* Make connection to database */
          $this->connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error());
          mysql_select_db(DB_NAME, $this->connection) or die(mysql_error());
         
          /**
          * Only query database to find out number of members
         * when getNumMembers() is called for the first time,
          * until then, default value set.
          */
          $this->num_members = -1;
         
          if(TRACK_VISITORS){
            /* Calculate number of users at site */
            $this->calcNumActiveUsers();
         
            /* Calculate number of guests at site */
            $this->calcNumActiveGuests();
          }
      }

      /**
        * confirmUserPass - Checks whether or not the given
        * username is in the database, if so it checks if the
        * given password is the same password in the database
        * for that user. If the user doesn't exist or if the
        * passwords don't match up, it returns an error code
        * (1 or 2). On success it returns 0.
        */
      function confirmUserPass($usernamehash, $password){
          /* Add slashes if necessary (for query) */
          if(!get_magic_quotes_gpc()) {
             $usernamehash = addslashes($usernamehash);
          }

          /* Verify that user is in database */
          $q = "SELECT password FROM ".TBL_USERS." WHERE usernamehash = '$usernamehash'";
          $result = mysql_query($q, $this->connection);
          if(!$result || (mysql_numrows($result) < 1)){
            return 1; //Indicates username failure
          }

          /* Retrieve password from result, strip slashes */
          $dbarray = mysql_fetch_array($result);
          $dbarray['password'] = stripslashes($dbarray['password']);
          $password = stripslashes($password);

          /* Validate that password is correct */
          if($password == $dbarray['password']){
            return 0; //Success! Username and password confirmed
          }
          else{
            return 2; //Indicates password failure
          }
      }
     
      /**
        * confirmUserID - Checks whether or not the given
        * username is in the database, if so it checks if the
        * given userid is the same userid in the database
        * for that user. If the user doesn't exist or if the
        * userids don't match up, it returns an error code
        * (1 or 2). On success it returns 0.
        */
      function confirmUserID($usernamehash, $userid){
          /* Add slashes if necessary (for query) */
          if(!get_magic_quotes_gpc()) {
             $usernamehash = addslashes($usernamehash);
          }

          /* Verify that user is in database */
          $q = "SELECT userid FROM ".TBL_USERS." WHERE usernamehash = '$usernamehash'";
          $result = mysql_query($q, $this->connection);
          if(!$result || (mysql_numrows($result) < 1)){
            return 1; //Indicates username failure
          }

          /* Retrieve userid from result, strip slashes */
          $dbarray = mysql_fetch_array($result);
          $dbarray['userid'] = stripslashes($dbarray['userid']);
          $userid = stripslashes($userid);

          /* Validate that userid is correct */
          if($userid == $dbarray['userid']){
            return 0; //Success! Username and userid confirmed
          }
          else{
            return 2; //Indicates userid invalid
          }
      }
     
      /**
        * usernameTaken - Returns true if the username has
        * been taken by another user, false otherwise.
        */
      function usernameTaken($usernamehash){
          if(!get_magic_quotes_gpc()){
            $usernamehash = addslashes($usernamehash);
          }
          $q = "SELECT username FROM ".TBL_USERS." WHERE usernamehash = '$usernamehash'";
          $result = mysql_query($q, $this->connection);
          return (mysql_numrows($result) > 0);
      }
     
      /**
        * usernameBanned - Returns true if the username has
        * been banned by the administrator.
        */
      function usernameBanned($usernamehash){
          if(!get_magic_quotes_gpc()){
            $usernamehash = addslashes($usernamehash);
          }
          $q = "SELECT usernamehash FROM ".TBL_BANNED_USERS." WHERE usernamehash = '$usernamehash'";
          $result = mysql_query($q, $this->connection);
          return (mysql_numrows($result) > 0);
      }
     
      /**
        * addNewUser - Inserts the given (username, password, email)
        * info into the database. Appropriate user level is set.
        * Returns true on success, false otherwise.
        */
      function addNewUser($username, $password, $firstname, $lastnamepf, $lastname, $email, $usernamehash){
          $time = time();
          /* If admin sign up, give admin user level */
          if(strcasecmp($username, ADMIN_NAME) == 0){
            $ulevel = ADMIN_LEVEL;
          }else{
            $ulevel = USER_LEVEL;
          }
          $q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$firstname', '$lastnamepf', '$lastname', '$email', $time, '$usernamehash')";
          return mysql_query($q, $this->connection);
      }
     
      /**
        * updateUserField - Updates a field, specified by the field
        * parameter, in the user's row of the database.
        */
      function updateUserField($usernamehash, $field, $value){
          $q = "UPDATE ".TBL_USERS." SET ".$field." = '$value' WHERE usernamehash = '$usernamehash'";
          return mysql_query($q, $this->connection);
      }
      /**
        * getUserInfo - Returns the result array from a mysql
        * query asking for all information stored regarding
        * the given username. If query fails, NULL is returned.
        */
      function getUserInfo($usernamehash){
          $q = "SELECT * FROM ".TBL_USERS." WHERE usernamehash = '$usernamehash'";
          $result = mysql_query($q, $this->connection);
          /* Error occurred, return given name by default */
          if(!$result || (mysql_numrows($result) < 1)){
            return NULL;
          }
          /* Return result array */
          $dbarray = mysql_fetch_array($result);
          return $dbarray;
      }
     
      /**
        * getNumMembers - Returns the number of signed-up users
        * of the website, banned members not included. The first
        * time the function is called on page load, the database
        * is queried, on subsequent calls, the stored result
        * is returned. This is to improve efficiency, effectively
        * not querying the database when no call is made.
        */
      function getNumMembers(){
          if($this->num_members < 0){
            $q = "SELECT * FROM ".TBL_USERS;
            $result = mysql_query($q, $this->connection);
            $this->num_members = mysql_numrows($result);
          }
          return $this->num_members;
      }
     
      /**
        * calcNumActiveUsers - Finds out how many active users
        * are viewing site and sets class variable accordingly.
        */
      function calcNumActiveUsers(){
          /* Calculate number of users at site */
          $q = "SELECT * FROM ".TBL_ACTIVE_USERS;
          $result = mysql_query($q, $this->connection);
          $this->num_active_users = mysql_numrows($result);
      }
     
      /**
        * calcNumActiveGuests - Finds out how many active guests
        * are viewing site and sets class variable accordingly.
        */
      function calcNumActiveGuests(){
          /* Calculate number of guests at site */
          $q = "SELECT * FROM ".TBL_ACTIVE_GUESTS;
          $result = mysql_query($q, $this->connection);
          $this->num_active_guests = mysql_numrows($result);
      }
     
      /**
        * addActiveUser - Updates username's last active timestamp
        * in the database, and also adds him to the table of
        * active users, or updates timestamp if already there.
        */
      function addActiveUser($usernamehash, $time){
          $q = "UPDATE ".TBL_USERS." SET timestamp = '$time' WHERE usernamehash = '$usernamehash'";
          mysql_query($q, $this->connection);
         
          if(!TRACK_VISITORS) return;
          $q = "REPLACE INTO ".TBL_ACTIVE_USERS." VALUES ('$usernamehash', '$time')";
          mysql_query($q, $this->connection);
          $this->calcNumActiveUsers();
      }
     
      /* addActiveGuest - Adds guest to active guests table */
      function addActiveGuest($ip, $time){
          if(!TRACK_VISITORS) return;
          $q = "REPLACE INTO ".TBL_ACTIVE_GUESTS." VALUES ('$ip', '$time')";
          mysql_query($q, $this->connection);
          $this->calcNumActiveGuests();
      }
     
      /* These functions are self explanatory, no need for comments */
     
      /* removeActiveUser */
      function removeActiveUser($usernamehash){
          if(!TRACK_VISITORS) return;
          $q = "DELETE FROM ".TBL_ACTIVE_USERS." WHERE usernamehash = '$usernamehash'";
          mysql_query($q, $this->connection);
          $this->calcNumActiveUsers();
      }
     
      /* removeActiveGuest */
      function removeActiveGuest($ip){
          if(!TRACK_VISITORS) return;
          $q = "DELETE FROM ".TBL_ACTIVE_GUESTS." WHERE ip = '$ip'";
          mysql_query($q, $this->connection);
          $this->calcNumActiveGuests();
      }
     
      /* removeInactiveUsers */
      function removeInactiveUsers(){
          if(!TRACK_VISITORS) return;
          $timeout = time()-USER_TIMEOUT*60;
          $q = "DELETE FROM ".TBL_ACTIVE_USERS." WHERE timestamp < $timeout";
          mysql_query($q, $this->connection);
          $this->calcNumActiveUsers();
      }

      /* removeInactiveGuests */
      function removeInactiveGuests(){
          if(!TRACK_VISITORS) return;
          $timeout = time()-GUEST_TIMEOUT*60;
          $q = "DELETE FROM ".TBL_ACTIVE_GUESTS." WHERE timestamp < $timeout";
          mysql_query($q, $this->connection);
          $this->calcNumActiveGuests();
      }
     
      /**
        * query - Performs the given query on the database and
        * returns the result, which may be false, true or a
        * resource identifier.
        */
      function query($query){
          return mysql_query($query, $this->connection);
      }
    };

    /* Create database connection */
    $database = new MySQLDB;

    ?>


    Basically everywhere where it said "username" change it into "usernamehash". What do you think?

    As I am just stumbling around in the world of PHP, MySQL, HTML, Javascript and CSS surely I am missing something: it doesn't work anymore...

    Kind regards,

    Sander
    avatar
    s.w.vanderlaan

    Number of posts : 19
    Age : 39
    Localisation : The Netherlands
    Registration date : 2009-03-22

    Re: displaying of username

    Post  s.w.vanderlaan on Tue Apr 14, 2009 6:19 am

    Hey,

    So back again. I think I got it pretty well worked out. As I wrote before, aside of adding First name, Last name prefix and Last name to the users-table, I've also added "usernamehash" to the table which gets filled upon registration. (See also my previous posts).

    Now, I wanted some random generated number to be used to identify the user on the site, specifically when reviewing the profile.php: the usernamehash (MD5).

    I've changed the following pages.

    session.php
    upper part
    Code:
      var $username;       //Username given on registration
      var $usernamehash   //Hashed username given on registration
      var $userid;         //Random value generated on current login
      var $userlevel;       //The level to which the user pertains
      var $firstname      //First name given on registration
      var $lastnamepf;      //Last name prefix given on registration
      var $lastname;      //Last name given on registration
      var $time;           //Time user was last active (page loaded)
      var $logged_in;       //True if user is logged in, false otherwise
      var $userinfo = array();  //The array holding all user info
      var $url;             //The page url current being viewed
    at the checkLogin
    Code:
    /* User is logged in, set class variables */
            $this->userinfo      = $database->getUserInfo($_SESSION['usernamehash');
            $this->username      = $this->userinfo['username'];
            $this->userid        = $this->userinfo['userid'];
            $this->userlevel     = $this->userinfo['userlevel'];
           $this->usernamehash = $this->userinfo['usernamehash'];
            return true;
    at the login
    Code:
          /* Username and password correct, register session variables */
          $this->userinfo  = $database->getUserInfo(md5($subuser));
          $this->username  = $_SESSION['username'] = $this->userinfo['username'];
          $this->userid    = $_SESSION['userid']  = $this->generateRandID();
          $this->userlevel = $this->userinfo['userlevel'];
         $this->usernamehash = $_SESSION['usernamehash'] = $this->userinfo['usernamehash'];
    database.php
    at usernameGetInfo
    Code:
      /**
        * getUserInfo - Returns the result array from a mysql
        * query asking for all information stored regarding
        * the given username. If query fails, NULL is returned.
        */
      function getUserInfo($usernamehash){
          $q = "SELECT * FROM ".TBL_USERS." WHERE usernamehash = '$usernamehash'";
          $result = mysql_query($q, $this->connection);
          /* Error occurred, return given name by default */
          if(!$result || (mysql_numrows($result) < 1)){
            return NULL;
          }
          /* Return result array */
          $dbarray = mysql_fetch_array($result);
          return $dbarray;
      }
     
    underneath usernameTaken
    Code:
      /**
        * usernameProfileCheck - Returns true if the username has
        * been taken by another user, false otherwise.
        */
      function usernameProfileCheck($usernamehash){
          if(!get_magic_quotes_gpc()){
            $userid = addslashes($userid);
          }
          $q = "SELECT usernamehash FROM ".TBL_USERS." WHERE usernamehash = '$usernamehash'";
          $result = mysql_query($q, $this->connection);
          return (mysql_numrows($result) > 0);
      }
    profile.php
    at the very beginning of the content
    Code:
    <?
    /* Requested Username error checking */
    $req_user = trim($_GET['usernamehash']);
    if(!$req_user || strlen($req_user) == 0 ||
      !eregi("^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*$", $req_user) ||
      !$database->[b]usernameProfileCheck[/b]($req_user)){
      die("<font color=\"#99CC00\"><b>You are not allowed to change this Users' Profile. <br/> This violation will be reported to the site Administrator.</b></font>");
    }
    ?>
    menu.inc (I have a custom menu made with Dreamweaver)
    Code:
          <li><? if($session->isAdmin()){
         echo "<a href=\"profile.php?usernamehash=";
         echo $_SESSION['usernamehash'];
         echo "\">";
         } else {
               echo "<a href=\"profile.php?usernamehash=";
               echo $_SESSION['usernamehash'];
               echo "\">";}
             ?>My Profile</a></li>
    <? if($session->isAdmin()){
          echo "<li><a class=\"MenuBarItemSubmenu\" href=\"admin/admin.php\">Admin</a></li>";
         echo "<ul><li><a href=\"../aristoteles/register.php\">Register user</a></li>";

    In the session.php I had to change these codes otherwise I can't log in. In the database.php I had to add/change these codes, otherwise my profile.php doesn't "know" which profile to lookup. Also to get user info, the submitted username at login has to be hashed (MD5) to get correct info of the user. In the menu.inc I describe my menubar and if the user is an administrator, he can register users etc. If the user is "just" a user, he can view and edit his/her profile.
    Do you see anything else needing attention? I can think of one tiny issue: how will this effect the process.php? I probably have to change some things there as well. Right?
    If so, let me know, I'll change it. And more importantly, if it turns out this is correct, maybe someone else can use these changes.

    Kind regards,

    Sander
    avatar
    Dorji

    Number of posts : 25
    Registration date : 2009-03-30

    RE

    Post  Dorji on Tue Apr 14, 2009 11:09 am

    hay s.w.vanderlaan
    As of my database.php i am sure i didn't made any changes in it. by the way why do you want to change username to usernamehash, it looks confusing. I am sure and i went through my code, there are only two places i made them and it is posted in my last reply. username of DB is only assign to username in session.php after it is varified in DB. change your usernamehash to username and try it once again.
    By the way did you hash the username while registering to you site, make sure abt it.
    avatar
    s.w.vanderlaan

    Number of posts : 19
    Age : 39
    Localisation : The Netherlands
    Registration date : 2009-03-22

    Re: displaying of username

    Post  s.w.vanderlaan on Tue Apr 14, 2009 11:42 am

    Hey Dorji,

    Well, I'm using usernamehash as an identifier. I want it to be used when viewing a profile.php. I don't want the actual username in the addressbar. So to answer your question, I'm not changing the username at all, I am just adding an extra column with information (username hashed).

    Upon registration indeed, the username is hashed (MD5) and put into the users-table at the appropriate place.

    So upon logging in in addition to the username and userid also the usernamehash is looked up. That way I can use it as an identifier in the profile.php.

    It works great.

    Ciao,

    Sander
    avatar
    Dorji

    Number of posts : 25
    Registration date : 2009-03-30

    Re

    Post  Dorji on Tue Apr 14, 2009 12:05 pm

    Actually you are using hashed username in your "usernamehash". and hashed username in your "username" too. both are same. even if your are using username in your profile.php the address bar will be same as your "usernamehash" since your username is hashed during register.
    Anyways good to know that it works.
    avatar
    s.w.vanderlaan

    Number of posts : 19
    Age : 39
    Localisation : The Netherlands
    Registration date : 2009-03-22

    Re: displaying of username

    Post  s.w.vanderlaan on Tue Apr 14, 2009 1:08 pm

    Hi,

    Actually you are using hashed username in your "usernamehash". and hashed username in your "username" too. both are same. even if your are using username in your profile.php the address bar will be same as your "usernamehash" since your username is hashed during register.

    I checked that, but no, it registers an unhashed username in the username column...

    Ciao,

    Sander

    Sponsored content

    Re: displaying of username

    Post  Sponsored content


      Current date/time is Tue Oct 23, 2018 10:49 am