|
PHP - Help With Encrypt/decrypt Using A Combination Of Md5 And Initilization Vector.
Hi.
I purchased software for a PayPal subscription management system, and it relies on user verification by way of a username (email address) and a hashed password. I have also developed my own login scripts for an application which also uses a hashed md5 password and all that works fine. I want to integrate my scripts with the purchased software using the supplied mySql database tables. My problem is that the supplied software goes a step further than a hashed md5 password by applying initializing vectors to the hashed password. I cannot figure out how to modify my login code to accommodate the encrypted password that appears in the database. It is beyond my current abilities to work this out on my own. I'd really appreciate it if anyone can help. I've attached my own login script below, and Ive attached what I believe is the decryption code that comes with the purchased software. There is also a database file that relates to this. Hope someone can help me. <?php session_start(); if ($_POST['password']) { //Connect to the database include_once "db_connect.php"; $email = stripslashes($_POST['payer_email']); $email = strip_tags($email); $email = mysql_real_escape_string($email); $password = preg_replace("/[^A-Za-z0-9]/", "", $_POST['password']); // filter everything but numbers and letters $password = md5($password); // Make query and then register all relevant database data into SESSION variables. $sql = mysql_query("SELECT * FROM sec_tblusers WHERE payer_email='$email' AND password='$password' AND signedup='1'") or die("failed"); $login_check = mysql_num_rows($sql); if($login_check > 0){ while($row = mysql_fetch_array($sql)){ // Get member data into a session variable $id = $row["recid"]; session_register('recid'); $_SESSION['recid'] = $id; $payer_email = $row["payer_email"]; session_register('payer_email'); $_SESSION['payer_email'] = $payer_email; $password = $row["password"]; session_register('password'); $_SESSION['password'] = $password; $iv = $row["iv"]; session_register('iv'); $_SESSION['iv'] = $iv; $signedup = $row["signedup"]; session_register('signedup'); $_SESSION['signedup'] = $signedup; $lastlogin = $row["lastlogin"]; session_register('lastlogin'); $_SESSION['lastlogin'] = $lastlogin; // Update last_log_date field for this member now mysql_query("UPDATE sec_tblusers SET lastlogin=now() WHERE recid='$id'"); // Print success message here then exit the script //header("location: member_profile.php?id=$id"); header("location: adduser.php?id=$id"); exit(); } // close while } else { // Print login failure message to the user and link them back to your login page print '<br /><br /><font color="#FF0000">You do not show in our records as a subscriber. Has the subscription expired?</font><br /> <br /><a href="../main.php">Click here</a> to go back.'; exit(); } }// close if post ?> What I think is the decrypting code that comes with the purchased software goes like this. <?php //--------------------------------------- //Given the payer_email address, return the decrypted password function getpassword($payer_email, $dbhost, $dbusername, $dbpass, $dbname, $dbprefix, &$message) { $dl = new DataLayer(); $dl->debug=false; $dl->connect( $dbhost, $dbusername, $dbpass, $dbname ) or die ( "Database connection error " . $dl->geterror() ); //SELECT password, iv FROM sec_tblusers WHERE payer_email = '" . $payer_email . "'" $cols = array("password", "iv"); $table = $dl->select( $dbprefix."sec_tblusers", "", $cols, "payer_email = '$payer_email'", "" ); if ($dl->geterror()) { $message = "SQL error - user.php ref 58 " . $dl->geterror(); exit; } $IV = $table[0]['iv']; $password = $table[0]['password']; $decryption = new password($IV, $password); $decryption->decode(); $decode = $decryption->getdecodedtext(); return $decode; } //------------------------------------ ?> The database table is here. Code: [Select] -- Table structure for table `sec_tblusers` -- CREATE TABLE `sec_tblusers` ( `recid` int(11) NOT NULL AUTO_INCREMENT, `payer_email` varchar(100) NOT NULL, `password` varchar(50) DEFAULT NULL, `iv` int(11) DEFAULT NULL, `signedup` int(11) NOT NULL DEFAULT '0', `signupdate` datetime NOT NULL, `lastlogin` datetime NOT NULL, PRIMARY KEY (`recid`), UNIQUE KEY `payer_email` (`payer_email`), KEY `password` (`password`), KEY `signedup` (`signedup`), KEY `lastlogin` (`lastlogin`), KEY `signupdate` (`signupdate`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=22 ; -- -- Dumping data for table `sec_tblusers` -- INSERT INTO `sec_tblusers` (`recid`, `payer_email`, `password`, `iv`, `signedup`, `signupdate`, `lastlogin`) VALUES (5, 'someone@gmail.com', 'cRbeAWgN3 ', 316, 1, '0000-00-00 00:00:00', '2010-11-10 22:29:06'), (6, 'someoneelse@gmail.com', 'cRbeAWgN3 ', 269, 1, '0000-00-00 00:00:00', '0000-00-00 00:00:00'); I suspect that there may be some other relevant code in the purchased software, and I could hunt that up if someone could tell me what I should look for. Anyway, I'm really in need of some help, or some advice. Cheers, everyone. Similar TutorialsHello everyone... I am developing a software as a service program for use by multiple companies, each would have their own instance of the application... The part that I am not really to clear on, is what would be the most secure, with low latency, PHP method of encrypting/decrypting data to and from the database... all data is sent over SSL... I would also want to use a unique key for each company... Access to the program itself is protected from the outside by a user based log in system... I am currently recoding a website from ASP to PHP. The aim is for a customer to add items to a cart, fill in their credit card details. Then an email is encrypted (on the secure website) and sent to the client. The client then opens the email on her PC and it is decoded either when she opens the e-mail, or downloads an attachment that can be opened by a program that requires a password. Once entered the order is revealed, the e-mail is decrypted. I just wondered if anyone has any link to sites where I can download the de-crypting software to install on the clients machine. Or any other ideas on sending an encrypting email and decrypting on the recipients computer. Many thanks. Hi Are there any libraries /api that allow you to upload vector files such as: AI file, TIFF or EPS and Manipulate using PHP. Operations such as changing colors, measurements etc. Any help is appreciated! Hi, Can i make so the mysql columns cant have the same number, such as if the row 1, column 1 have the value 30, and then the row 2 column 1 cant be 30, but can be 31?.. The problem is i have an auto increment id before thoose, and then the stuff being added will just keep being added, but just to a new id. hereby more of 1 type can occur. $sql = "INSERT INTO reimburse VALUES ('','$reimbursekillid','')"; mysql_query($sql)or die(mysql_error()); Hi, i need to populate a mysql database with all alphanumerical combinations with length of 5(letters/numbers) So: $mix = array_merge(range('A', 'Z'), range('a', 'z'), range(0, 9)); 61^5 , i guess that would be 844 596 301 rows in table. can anybody help me with this snippet? what is a code to decrypt md5 password for viewing by member? Hi, My understanding of 'SHA' command is to encrypt the password, however is there a way to decrypt the password after the encryption? Thanks $query = "INSERT INTO mismatch_user (username, password, join_date) VALUES ('$username', SHA('$password1'), NOW())"; $space = array('3x3', '3x3_6x6', '3x3_6x6', '6x6_10x10', '10x10_20x20', '20x20_40x40', 'above_40x40'); Hey all I've found some combination functions out there but they're not working really like I want. I have an array with some currencies: array('SEK', 'EUR', 'USD', 'GBP', 'DKK', 'NOK', 'ISK'); Now I want the function to generate an array with all possible pairs: array(array('SEK', 'EUR'), array('SEK', 'USD') ...) It must allow for the inverse form: EUR, SEK is different from SEK, EUR. But trash all pairs that are equal: SEK, SEK or EUR, EUR. Help me out? Honestly, for something like this I don't know how to go about creating this script.. So I want to create a script that will generate every combination of 2 numbers that range from 0-749, so 750x750 = 562500 possible combinations, so for example, 0/749, 43/87, 0/0, 1/1, 2/1, 1/2, 500/450, 405/673, etc.. How would I go about starting to write a script that can generate all of the possible combinations and and put them in an array or write them to a file? Thanks for the help in advanced! -CLUEL3SS Hi I allow users to log in, they are redirected to a page and in the url their account ID is carried e.g. accountid=2. Obviously they could alter the number and potentially see other members details. What is the best way to hide this information? Thanks Hi... I have a problemand I tried to resolved it but still I failed.. I need to add a code in a php file where I'm not the one who code, now I need to add code on that file, and the problem is the one who the owner of code is not here. I need to add code : Code: [Select] $sub_lotcode = substr($lotCode, 9, 4); $sql = "SELECT k.PCODE, k.kanban, p.Compounds, p.Max_Lot FROM kanban_checker k, param_settings p WHERE k.kanban = p.Max_Lot AND k.PCODE = '$sub_lotcode' AND p.Compounds = '$sub_lotcode'"; $result = mysql_query($sql, $con); $total = mysql_num_rows($result); if ($total <= 0) { notify that PCODE reach the maximum } else{ echo "continue"; } here is the code where I need to add this condition: Code: [Select] <?php error_reporting(0); $con = mysql_connect('localhost', 'root',''); if (!$con) { echo 'failed'; die(); } mysql_select_db("mes", $con); $lotCode = mysql_real_escape_string($_GET['normal']); $lotCodeDownGrade = mysql_real_escape_string($_GET['downgrade']); $terminalNo = mysql_real_escape_string($_GET['n']); $downMode = mysql_real_escape_string($_GET['down']); //>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> if ($terminalNo == "1") { if ($lotCode != "") { $sql = "SELECT BARCODE FROM LEGALCODES WHERE BARCODE='$lotCode'"; $result = mysql_query($sql, $con); $total = mysql_num_rows($result); if ($total <= 0) { echo "X"; // X - for non existent in the mes table } else { //do this if code exist in the database: // //code exist in the database $sql = "SELECT LOT_CODE, TERMINAL_ID, ACTIVE FROM DEPENDENCY WHERE LOT_CODE='$lotCode' AND TERMINAL_ID='1' AND ACTIVE=TRUE"; $result = mysql_query($sql, $con); $total = mysql_num_rows($result); if ($total <= 0) { echo "0"; // continue to transact } else { // query the last terminal it was used $sql = "SELECT LOT_CODE, TERMINAL_ID, ACTIVE FROM DEPENDENCY WHERE LOT_CODE='$lotCode' AND ACTIVE=TRUE ORDER BY DATE_ENTRY DESC LIMIT 1"; $result = mysql_query($sql, $con); $row = mysql_fetch_array($result); $total = mysql_num_rows($result); echo $row['TERMINAL_ID'] ; // already used here - me nakita // GET THE LAST TERMINAL NUMBER ACTIVE ADD 1 HERE TO DISPLAY WHICH TERMINAL TO GO } } } } //>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> elseif ($terminalNo == "4") { if ($lotCode != "") { $sql = "SELECT BARCODE FROM LEGALCODES WHERE BARCODE='$lotCode'"; $result = mysql_query($sql, $con); $total = mysql_num_rows($result); if ($total <= 0) { echo "X"; // X - for non existent in the mes table } else { //if downgrade is checked do this : if ($downMode == "true") { $advanceTerminal = ((integer)($terminalNo) + 1); $advanceTerminal = (string)($advanceTerminal); $preTerminal = ((integer)($terminalNo) - 1); $preTerminal = (string)($preTerminal); //query if the lot code exist in advance terminal .. $sql = "SELECT LOT_CODE, TERMINAL_ID, ACTIVE FROM DEPENDENCY WHERE LOT_CODE='$lotCode' AND TERMINAL_ID='$advanceTerminal' AND ACTIVE=TRUE"; $result = mysql_query($sql, $con); $total = mysql_num_rows($result); if ($total <= 0) { // check naman kung wala sa naunang terminal $sql = "SELECT LOT_CODE, TERMINAL_ID, ACTIVE FROM DEPENDENCY WHERE LOT_CODE='$lotCode' AND TERMINAL_ID='$preTerminal' AND ACTIVE=TRUE"; $result = mysql_query($sql, $con); $total = mysql_num_rows($result); if ($total <= 0) { $sql = "SELECT LOT_CODE, TERMINAL_ID, ACTIVE FROM DEPENDENCY WHERE LOT_CODE='$lotCode' AND ACTIVE= TRUE ORDER BY TERMINAL_ID DESC LIMIT 1"; $result = mysql_query($sql, $con); $row = mysql_fetch_array($result); $total = mysql_num_rows($result); if ($total <= 0) { // NO RECORDS FOUND GO TO TERMINAL 1 == optional echo "notran"; } else { echo $row['TERMINAL_ID'] ; } } else { $sql = "SELECT LOT_CODE, TERMINAL_ID, ACTIVE FROM DEPENDENCY WHERE LOT_CODE='$lotCode' AND TERMINAL_ID='$terminalNo' AND ACTIVE=TRUE"; $result = mysql_query($sql, $con); $total = mysql_num_rows($result); if ($total <= 0 || $total >= 0) { echo "G"; } } } else { $sql = "SELECT LOT_CODE, TERMINAL_ID, ACTIVE FROM DEPENDENCY WHERE LOT_CODE='$lotCode' AND ACTIVE= TRUE ORDER BY TERMINAL_ID DESC LIMIT 1"; $result = mysql_query($sql, $con); $row = mysql_fetch_array($result); $total = mysql_num_rows($result); echo $row['TERMINAL_ID'] ; } } else { //query if the lot code exist in this terminal .. $sql = "SELECT LOT_CODE, TERMINAL_ID, ACTIVE FROM DEPENDENCY WHERE LOT_CODE='$lotCode' AND TERMINAL_ID='$terminalNo' AND ACTIVE=TRUE"; $result = mysql_query($sql, $con); $total = mysql_num_rows($result); if ($total <= 0) { // wala nakita - then tsek if nag exist sa terminal na sinundan $preTerminal = ((integer)($terminalNo) - 1); $preTerminal = (string)($preTerminal); //then tsek if nag exist sa terminal na sinundan $sql = "SELECT LOT_CODE, TERMINAL_ID, ACTIVE FROM DEPENDENCY WHERE LOT_CODE='$lotCode' AND TERMINAL_ID='$preTerminal' AND ACTIVE=TRUE"; $result = mysql_query($sql, $con); $total = mysql_num_rows($result); if ($total <= 0) { // walang nakita sa mga naunang terminal // do this if no previous transaction with pre requisite process // query the last terminal it was used $sql = "SELECT LOT_CODE, TERMINAL_ID, ACTIVE FROM DEPENDENCY WHERE LOT_CODE='$lotCode' AND ACTIVE= TRUE ORDER BY TERMINAL_ID DESC LIMIT 1"; $result = mysql_query($sql, $con); $row = mysql_fetch_array($result); $total = mysql_num_rows($result); // $row = mysql_fetch_array($result); if ($total <= 0) { // NO RECORDS FOUND GO TO TERMINAL 1 == optional echo "notran"; } else { echo $row['TERMINAL_ID']; // GET THE LAST TERMINAL NUMBER ACTIVE ADD 1 HERE TO DISPLAY WHICH TERMINAL TO GO } } else { echo "G"; } } else { //me record na nakita sa terminal na pinag transakan // query the last terminal it was used $sql = "SELECT LOT_CODE, TERMINAL_ID, ACTIVE FROM DEPENDENCY WHERE LOT_CODE='$lotCode' AND ACTIVE=TRUE ORDER BY TERMINAL_ID DESC LIMIT 1"; $result = mysql_query($sql, $con); $row = mysql_fetch_array($result); $total = mysql_num_rows($result); echo $row['TERMINAL_ID'] ; // already used here - me nakita // GET THE LAST TERMINAL NUMBER ACTIVE ADD 1 HERE TO DISPLAY WHICH TERMINAL TO GO } } // here is the terminator of else in downgrade } } //>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> if ($lotCodeDownGrade != "") { $sql = "SELECT BARCODE FROM LEGALCODES WHERE BARCODE='$lotCodeDownGrade'"; $result = mysql_query($sql, $con); $total = mysql_num_rows($result); if ($total <= 0) { echo "X"; // X - for non existent in the mes table } else { //do this if code exist in the database: // //code exist in the database $sql = "SELECT LOT_CODE, TERMINAL_ID, ACTIVE FROM DEPENDENCY WHERE LOT_CODE='$lotCodeDownGrade' AND ACTIVE=TRUE"; $result = mysql_query($sql, $con); $total = mysql_num_rows($result); if ($total <= 0) { echo "0"; // continue to transact } else { // query the last terminal it was used $sql = "SELECT LOT_CODE, TERMINAL_ID, ACTIVE FROM DEPENDENCY WHERE LOT_CODE='$lotCodeDownGrade' AND ACTIVE=TRUE ORDER BY TERMINAL_ID DESC LIMIT 1"; $result = mysql_query($sql, $con); $row = mysql_fetch_array($result); $total = mysql_num_rows($result); echo $row['TERMINAL_ID'] ; // already used here - me nakita // GET THE LAST TERMINAL NUMBER ACTIVE ADD 1 HERE TO DISPLAY WHICH TERMINAL TO GO } } } } //>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> else { if ($lotCode != "") { $sql = "SELECT BARCODE FROM LEGALCODES WHERE BARCODE='$lotCode'"; $result = mysql_query($sql, $con); $total = mysql_num_rows($result); if ($total <= 0) { echo "X"; // X - for non existent in the mes table } else { //query if the lot code exist in this terminal .. $sql = "SELECT LOT_CODE, TERMINAL_ID, ACTIVE FROM DEPENDENCY WHERE LOT_CODE='$lotCode' AND TERMINAL_ID='$terminalNo' AND ACTIVE=TRUE"; $result = mysql_query($sql, $con); $total = mysql_num_rows($result); if ($total <= 0) { // wala nakita - then tsek if nag exist sa terminal na sinundan $preTerminal = ((integer)($terminalNo) - 1); $preTerminal = (string)($preTerminal); //then tsek if nag exist sa terminal na sinundan $sql = "SELECT LOT_CODE, TERMINAL_ID, ACTIVE FROM DEPENDENCY WHERE LOT_CODE='$lotCode' AND TERMINAL_ID='$preTerminal' AND ACTIVE=TRUE"; $result = mysql_query($sql, $con); $total = mysql_num_rows($result); if ($total <= 0) { // walang nakita sa mga naunang terminal // do this if no previous transaction with pre requisite process // query the last terminal it was used $sql = "SELECT LOT_CODE, TERMINAL_ID, ACTIVE FROM DEPENDENCY WHERE LOT_CODE='$lotCode' AND ACTIVE=TRUE ORDER BY TERMINAL_ID DESC LIMIT 1"; $result = mysql_query($sql, $con); $row = mysql_fetch_array($result); $total = mysql_num_rows($result); if ($total <= 0) { // NO RECORDS FOUND GO TO TERMINAL 1 == optional echo "notran"; } else { echo $row['TERMINAL_ID']; // GET THE LAST TERMINAL NUMBER ACTIVE ADD 1 HERE TO DISPLAY WHICH TERMINAL TO GO } } else { echo "G"; } } else { //me record na nakita sa terminal na pinag transakan // query the last terminal it was used $sql = "SELECT LOT_CODE, TERMINAL_ID, ACTIVE FROM DEPENDENCY WHERE LOT_CODE='$lotCode' AND ACTIVE= TRUE ORDER BY TERMINAL_ID DESC LIMIT 1"; $result = mysql_query($sql, $con); $row = mysql_fetch_array($result); $total = mysql_num_rows($result); echo $row['TERMINAL_ID'] ; // already used here - me nakita // GET THE LAST TERMINAL NUMBER ACTIVE ADD 1 HERE TO DISPLAY WHICH TERMINAL TO GO } } } } mysql_close($con); ?> Code: [Select] function unUsedLotId(txtElemID){ var txtElemID_Active = txtElemID; //alert("VV" + txtElemID_Active.value + "VV" ); responsePHP = "no_reply"; changeFocus = false; var termNo = terminalNo(); ajaxRequest = remoteRequestObject(); ajaxRequest.onreadystatechange = function(){ if (ajaxRequest.readyState==4 && ajaxRequest.status==200) { // var result = ajaxRequest.responseText; responsePHP = ajaxRequest.responseText; //alert(responsePHP) // if (result=="1") { result = "Already used Tag";} // if (result=="0") { result = "Tag ok";} // if (result=="G") { result = "Tag ok";} // if (result=="B") { result = "Incomplete Process";} // var resultStr = (result=="1") ? 'Tag used or incomplete prerequisites' : 'Tag unused'; if (responsePHP == "failed") { txtElemID_Active.disabled = false; txtElemID_Active.value = ""; txtElemID_Active.focus(); notify("Report to MIS<br /> Please scan again."); } //------------------------------added by rhoda for integration-------------------------------------------------- /* else if (responsePHP == "C"){ notify("CCCC"); if (txtElemID_Active.disabled) { txtElemID_Active.disabled = false; } txtElemID_Active.value = ""; txtElemID_Active.focus(); } */ //-------------------------------------------------------------------------------- else if (responsePHP == "X") { //result = "Lot ID invalid."; //responsePHP = "Lot ID invalid."; notify("Lot ID invalid. Scan Again."); if (txtElemID_Active.disabled) { txtElemID_Active.disabled = false; } txtElemID_Active.value = ""; txtElemID_Active.focus(); } //-------------------------------------------------------------------------------- else if (responsePHP =="0" || responsePHP =="G"){ if (txtElemID_Name == "txtLotCode") { window.LotID = (txtElemID_Active.value) } if (txtElemID_Name == "txtLotCodeDownGrade") { window.LotID_Down = (txtElemID_Active.value) } strip(txtElemID_Active) if (termNo == "1") { isSelected('txtLotCode', 'selWeight_MachineID'); } if (termNo == "2" || termNo == "3") { isSelected('txtLotCode', 'txtKitWeight'); } if (termNo == "4" || termNo == "5" || termNo == "6" || termNo == "7") { //////////////////////////////// downgrade modification /////////////////////////////////////// if (termNo == "4") { //alert(termNo) var chkDownGrade = document.getElementById('chkDownGrade') if (chkDownGrade.checked == 1) { //alert("here") if (txtElemID_Name == 'txtLotCode') { isSelected('txtLotCode', 'txtLotCodeDownGrade'); } if (txtElemID_Name == 'txtLotCodeDownGrade') { isSelected('txtLotCodeDownGrade', 'selMachineID'); } } else { //alert("here") if (txtElemID_Name == 'txtLotCode') { isSelected('txtLotCode', 'selMachineID'); } } } else { isSelected('txtLotCode', 'selMachineID'); } //////////////////////////////////////////////////////////////////////////////////////// } if (document.getElementById('notice')!== null) { document.getElementsByTagName('body')[0].removeChild(document.getElementById('notice')) //>> clear the box } } //-------------------------------------------------------------------------------- else if (responsePHP == "notran") { var mensahe1 = "Please return to<br /><span style='font-size:30px;'>Chemical Weighing<br /> or Supervisor</span>"; notify(mensahe1); if (txtElemID_Active.disabled) { txtElemID_Active.disabled = false; } txtElemID_Active.value = ""; txtElemID_Active.focus(); } //-------------------------------------------------------------------------------- else { /* responsePHP == "1" || responsePHP == "B") { do this if tag is used in this terminal if (responsePHP == "1") { result = "Already used Lot ID"; responsePHP = "Already used Lot ID"; notify("Already used Lot ID.<br />Scan again."); } else if (responsePHP == "B") { // result = "Incomplete Transaction Process"; // responsePHP = "Incomplete Transaction Process"; notify("Incomplete Transaction Process.<br />Scan again."); } */ var mensahe1 = "Last Process: <span style='font-size:30px;'> Terminal " + responsePHP + "</span><br /><br />"; var mensahe2 = "Pls. Proceed: <span style='font-size:30px;'> Terminal " + (parseInt(responsePHP) + 1) + "</span>"; notify(mensahe1 + mensahe2); // notify("Incomplete Transaction Process.<br />Scan again."); if (txtElemID_Active.disabled) { txtElemID_Active.disabled = false; } txtElemID_Active.value = ""; txtElemID_Active.focus(); } //-------------------------------------------------------------------------------- } } var txtElemID_Name = txtElemID_Active.id; if (termNo == "4") { var downGrade = document.getElementById('chkDownGrade').checked; var str = txtElemID_Active.value + "&n=" + termNo + "&down=" + downGrade; } else { var str = txtElemID_Active.value + "&n=" + termNo; } if (txtElemID_Name == "txtLotCode") { //alert(txtElemID_Name) var url = "verifyLotId.php?normal=" + str; } if (txtElemID_Name == "txtLotCodeDownGrade") { //alert(txtElemID_Name) var url = "verifyLotId.php?downgrade=" + str; } ajaxRequest.open("GET", url, true); // force i.e. not to cache ajaxRequest.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT"); //-------------------------------------------------- ajaxRequest.send(null); ajaxTimeOut = window.setTimeout("timeOut('" + txtElemID_Name + "');", 6000); } Is there an alternative way to encode url params besides: base64_encode() examples would be great. Hi, for my php program running in command line (windows cmd), the user must login first, so my ques is how can they enter the password as ***** when they are typing for example? all help appreciated. Hi, I want to send a URL to a user with their name in it: index.php?user=tom how can I encrypt this name so that I can track what they do but if I was hacked nobody else could determine who the user was? Thanks Hi all I wonder if somebody could give me some guidance on this. I manage a website programmed in PHP and having MySQL backend. Recently some of my clients raised concerns about the security of their data. It is not credit card information or so, however I would like to sort it out. I have a button on the web site which the clients click to tell me that their data should now be analysed and a report sent to them. My php program pulls out the records for this particular user and writes them into an excel file on my web space(on a shared hosting). The same php program then attaches this excel file to an email and sent it to me. I want to make sure that this data in the excel file is securely transmitted during the above process. Any help would be much appreciated. Carol This is my code it's not working.
$username = $_POST['username'];
$password = $_POST['password'];
$encrypt_password = md5($password);
$email = $_POST['email'];
$usrsql = "SELECT * FROM $tbl_name WHERE username='$username' AND password='$encrypt_password'";
//--> Below is the INSERT Code
$query = "INSERT INTO `x_users` (username, password, email) VALUES ('$username', '$encrypt_password', '$email')";
$result = mysql_query($query);
if($result == 1) {
print("Thank you, your accout has been created!");
}
Can anyone tell me why the md5() function is not working?
Edited by Tom8001, 28 November 2014 - 07:49 PM. Hey guys! I have a doubt and this is a question that relates Flash and PHP... I have a flash (swf) file that grabs/sends variables from/to php. That swf file is FULLY encrypted and the paths to the PHP urls are also encrypted. Is there any other way a hacker could find out where and which my PHP files are located/named? Any ideas, suggestions? Thanks in advance! Cheers, Can php encrypt a link so that it's hidden or expires after a download or x number of days? An example of this use would be on music download sites. |
|||||||