|
PHP - Strongest Hash Function Available To Standard Php?
Specifically for hashing a password to be stored in a database. I know SHA1 and MD5 are essentially considered broken. I've been using MD5 with a salt value on all my projects but I'm starting a new project and wondering if there's a stronger algorithm I should be using?
Similar TutorialsThis would seem like a simple question, but I can't seem to find the answer anywhere. Perhaps I'm asking it wrong. What I'd like to do is add a hash of optional arguments for a function. For example, I might have a function that has two required arguments, and three optional arguments. The only way I know to design this function is to put the arguments in a specific order, and fill them out to the degree needed. So if the 5th argument needs to be called, but the 3rd and 4th don't, you'd still have to give them values. function example($arg1, $arg2, $arg3, $arg4, $arg5) Must be used by: example('red', 'horse', '', '', 'texas'); Is there anyway of designing a function to only use the specified arguments? example('red', 'horse', ['arg5: texas']); Guys, Having a major headache here. I need to send an enquiry using jquery and php. The user can only send an enquiry if they are logged in - so it's a one click process. On the click (which is an <a> tag) the user's data is retrieved from the database and sent to the company they are enquiring about. When the link is clicked, a jquery popup is shown to notify the user that the enquiry has been sent. This all works. However, currently the enquiry is sent when the page loads and this is what I'm having trouble with. Code: [Select] <a href="#e" onclick="openinfobox('Enquiry Sent', 1)" class="enq"></a>What I want to do is say if the URL contains #e, then send the enquiry, otherwise do nothing. I understand that the # portion of the url cannot be referenced by PHP. How on earth can I run php process to say only run this php process if there is a # in the url? I have a section on my website where the url points to www.example.com/some_page#some_element #some_element is used by javascript to load the element in question into the parent element. However i need pagination done on this loaded element. How should i go about it? would it work? obv i cant use www.example.com/some_page#some_element/page/2. Any tips or advice? Are there any PHP hashes that are extremely secure and that CANNOT be reverse-engineered?
Is a hash array the same thing as an associative array? My PHP books make no reference to this, yet I have seen the term referred to. Thanks. The raw output is this.. full example: http://instant.simplyhired.com/a/jobs/xml-v1/l-06238/q-engineer/ws-100/si-0/fdb-21/sb-rd/mi-10 I can generally get the value of this stuff.. like if I wanted the "jt" line I can get ENGINEER, and the rest of the data.. what i am having trouble with is getting the attribute (i think thats the right term for this with XML). For example the "src" line it as an attribute "url=" I am trying to figure out how to get that value.. Below is a sample of the raw.. and below that is the code I am working with to load up the XML. I know theres simple_xml but in my case thats not an option so I am working on slightly custom work (as little as it is). Code: [Select] <r> <jt>ENGINEER</jt> <cn url="">Soldream</cn> <src url="http://instant.simplyhired.com/a/job-details/view/jobkey-5109.J3H3036RVZPZ4RFRRKR/jp-0/hits-70?aff_id=2512">CareerBuilder</src> <loc cty="Tolland" st="CT" postal="06084" county="" region="" country="US">Tolland, CT</loc> <ls>2011-02-20T13:28:39Z</ls> <dp>2011-02-18T08:00:00Z</dp> <e>Engineer/CNC Machinist Tolland CT2429177 Aerospace MFG Co. seeks MFG/Design Engineer &amp; CNC Machinist with 5+ years of experience in aerospace manufacturing. Duties for engineers include developing new processes, drafting, and CNC programming. CNC Machinist should have knowledge of FANUC control. Send resume to...</e> <af></af> <pl url=""/> </r> $feedURL = 'http://instant.simplyhired.com/a/jobs/xml-v1/l-06238/q-engineer/ws-100/si-0/fdb-21/sb-rd/mi-10'; $doc = new DOMDocument(); $doc->load($feedURL); $arrFeeds = array(); foreach ($doc->getElementsByTagName('r') as $node) { $itemRSS = array ( 'title' => $node->getElementsByTagName('jt')->item(0)->nodeValue, 'desc' => $node->getElementsByTagName('description')->item(0)->nodeValue, 'link' => $node->getAttributeNode('src'), 'date' => $node->getElementsByTagName('pubDate')->item(0)->nodeValue, 'creator' => $node->getElementsByTagName('creator')->item(0)->nodeValue, 'permaz' => $node->getElementsByTagName('guid')->item(0)->nodeValue ); array_push($arrFeeds, $itemRSS); //print_r($arrFeeds); } array_unique($arrFeeds); ?> I am looking to finally move to a popular coding style. Anyone know any great ones I should look into? So far I have looked into PEAR. Thanks! like contact form is there a help standard you guys might suggest? This is the simplest of forms, but it has no character. It is the type I use in everything. form1.php <html> <head> </head> <body> <?php // Connect to database===================================================== include("connect_db.php"); // retrieve form data ====================================================== $id = $_POST['id']; // sending query =========================================================== $query = "SELECT ama,model_name,model_mfg,wingspan,engine,decibels FROM airplanes WHERE id='$id'"; if( !$result = mysql_query($query) ) { echo "<br>Query $query<br>Failed with error: " . mysql_error() . '<br>'; } else { $fetch = mysql_fetch_array( $result ); } // $fetch = mysql_fetch_array(mysql_query("SELECT ama,model_name,model_mfg,wingspan,engine,decibels FROM airplanes // WHERE id='$id'")); // Output form with retrieved data ========================================== ?> <h3>Change the data and then click the CHANGE button</h3><br> <form name="myForm" action="delete_airplanes.php" onsubmit="return validateForm()" method="post"> ID #:<input type="text" name="id" value="<?=$fetch[id]?>" /><br> AMA #:<input type="text" name="ama" value="<?=$fetch[ama]?>" /><br> Model Name:<input type="text" name="model_name" value="<?=$fetch[model_name]?>" /><br> Model Mfg:<input type="text" name="model_mfg" value="<?=$fetch[model_mfg]?>" /><br> Wingspan:<input type="text" name="wingspan" value="<?=$fetch[wingspan]?>" /><br> Engine:<input type="text" name="engine" value="<?=$fetch[engine]?>" /><br> Decibels:<input type="text" name="decibels" value="<?=$fetch[decibels]?>" /><br><br> <input name="submit" id="submit" value="CHANGE!" type="submit"> </form> <br> <body> </html> I would love to be able to get this form to work. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Enter Airplane Data</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="language" content="en" /> <style type="text/css"> .focus { background: #FEF1C1; } .class123-label { font-family: Verdana; font-size: small; } .class123-sidebyside { float:left; margin:0 5px 0 0;} .class123-twocol { float:left; width:45%; margin:0 5px 0 0;} .class123-threecol { float:left; width:30%; margin:0 5px 0 0;} .class123-likert_style_li { display:inline-block; vertical-align:middle; text-align:center; top:0px; padding:2px; width:64px; height:50px; margin:0px; margin-right:1px; margin-bottom:1px; font:11px/18px verdana; background:#ddd; zoom:1; *display:inline; } .class123-likert_style_li2 { display:inline-block; vertical-align:middle; text-align:center; top:0px; padding:2px; width:64px; height:50px; margin:0px; margin-right:1px; margin-bottom:0px; font:12px/18px verdana; background:#fff; zoom:1; *display:inline; border-top:1px solid #ddd; } .fontbold { font-weight: bold; } .fontitalic { font-style: italic; } .requiredspan { font-family: Verdana; font-size:10px; color:#f00; } </style> </head> <body style="background-color: rgb(138, 174, 222); direction: ltr;"> <div style="height: 50px;"> </div> <center> <table style="border-collapse: collapse;" id="AutoNumber1" border="0" cellpadding="0" cellspacing="0" width="658"> <tbody> <tr> <td class="tdborder" colspan="3" width="658"> <img alt="shadow" class="tdimagesus" src="/templates/cache/dynamicimage-1-1560BD.png" height="9" width="100%" /> </td> </tr> <tr> <td height="38" width="4"> </td> <td class="tdheader" style="border-style: solid solid none; border-color: rgb(1, 76, 169) rgb(1, 76, 169) -moz-use-text-color; border-width: thin thin medium;" bgcolor="#1560bd" height="38" width="650"> <img alt="logo" src="http://www.123contactform.com/templates/logos/computers_anvelope_white.png" align="left" /> </td> <td height="38" width="4"> </td> </tr> <tr> <td height="171" width="4"> </td> <td class="tdmain" style="border-style: none solid; border-color: -moz-use-text-color rgb(1, 76, 169); border-width: medium thin; padding-right: 10px;" bgcolor="#ffffff" height="171" width="650"> <div class="selector-off"> <center> <script type="text/javascript"> <!-- function InputActions(field,id) { var i=1; var lid="none"; for (i=1;i<=100;i++) { lid='row'+i; lidsec='rowsec'+i; if (document.getElementById(lid) != null) { if (lid==id) { document.getElementById(lid).className='focus'; if (document.getElementById(lidsec) != null) document.getElementById(lidsec).className='focus'; } else { document.getElementById(lid).className=''; if (document.getElementById(lidsec) != null) document.getElementById(lidsec).className=''; } } } } //--> </script> <form class="form" action="http://www.123contactform.com/contact-form-crmamx-122034.html" method="post" enctype="multipart/form-data"><input name="action" value="verify" type="hidden" /> <table style="min-width: 250px;" cellpadding="4"> <tbody> <tr id="row1"> <td style="text-align: left;" valign="top"><label class="class123-label" id="id123-title684273" for="id123-control684273">Name:</label><span class="requiredspan customspan" title="Required field">*</span></td> <td style="" align="left"><input id="id123-control684273" name="control684273" onclick="InputActions(this,'row1');" onkeyup="InputActions(this,'row1');" onchange="" value="" size="20" type="text" /> </td> </tr> <tr id="row2"> <td style="text-align: left;" valign="top"><label class="class123-label" id="id123-title684275" for="id123-control684275">Subject:</label><span class="requiredspan customspan" title="Required field">*</span></td> <td style="" align="left"><input id="id123-control684275" name="control684275" onclick="InputActions(this,'row2');" onkeyup="InputActions(this,'row2');" onchange="" value="" size="20" type="text" /> </td> </tr> <tr id="row3"> <td style="text-align: left;" valign="top"><label class="class123-label" id="id123-title684281" for="id123-control684281">Model Name:</label><span class="requiredspan customspan" title="Required field">*</span></td> <td style="" align="left"><input id="id123-control684281" name="control684281" onclick="InputActions(this,'row3');" onkeyup="InputActions(this,'row3');" onchange="" value="" size="35" type="text" /> </td> </tr> <tr id="row4"> <td style="text-align: left;" valign="top"><label class="class123-label" id="id123-title684286" for="id123-control684286">Model Mfg:</label><span class="requiredspan customspan" title="Required field">*</span></td> <td style="" align="left"><input id="id123-control684286" name="control684286" onclick="InputActions(this,'row4');" onkeyup="InputActions(this,'row4');" onchange="" value="" size="35" type="text" /> </td> </tr> <tr id="row5"> <td style="text-align: left;" valign="top"><label class="class123-label" id="id123-title684287" for="id123-control684287">Wingspan:</label><span class="requiredspan customspan" title="Required field">*</span></td> <td style="" align="left"><input id="id123-control684287" name="control684287" onclick="InputActions(this,'row5');" onkeyup="InputActions(this,'row5');" onchange="" value="" size="35" type="text" /> </td> </tr> <tr id="row6"> <td style="text-align: left;" valign="top"><label class="class123-label" id="id123-title684288" for="id123-control684288">Engine Mfg/Size:</label><span class="requiredspan customspan" title="Required field">*</span></td> <td style="" align="left"><input id="id123-control684288" name="control684288" onclick="InputActions(this,'row6');" onkeyup="InputActions(this,'row6');" onchange="" value="" size="35" type="text" /> </td> </tr> <tr id="row7"> <td style="text-align: left;" valign="top"><label class="class123-label" id="id123-title684289" for="id123-control684289">Decibel Reading:</label><span class="requiredspan customspan" title="Required field">*</span></td> <td style="" align="left"><input id="id123-control684289" name="control684289" onclick="InputActions(this,'row7');" onkeyup="InputActions(this,'row7');" onchange="" value="" size="35" type="text" /> </td> </tr> <tr id="row8"> <td style="text-align: left;" valign="top"><label class="class123-label" for="id123-captcha" id="verifno">Verification No.:</label><span class="requiredspan customspan" title="Required field">*</span></td> <td align="left" valign="top"><input id="id123-captcha" onclick="InputActions(this,'row8');" onkeyup="InputActions(this,'row8');" name="txtNumber" value="" size="16" type="text" /></td> </tr> <tr> <td align="right"><a title="Don't know why you have to enter this verification number? Click here!" href="http://www.123contactform.com/faq.html#q1" onclick="window.open('http://www.123contactform.com/faq.html#q1','_blank','width=740, height=90, left=' + (screen.width/2-370) + ', top=250');return false;"><img src="http://www.123contactform.com/img/help_icon.gif" alt="contact form faq" border="0" /></a></td> <td align="left"><img alt="verification image" src="http://www.123contactform.com/random.php" /></td> </tr> <tr> <td></td> <td align="left"><input class="class123-button" id="id123-button-send" value="Send email" type="submit" /></td> </tr> </tbody> </table> <div style="height: 1px; display: none; visibility: hidden;"> <input name="email" type="text" /></div> </form> </center> </div> </td> <td height="171" width="4"></td> </tr> </tbody> </table> </center> </body> </html> Of course I did not write this. I have never used a form before built as a table, only like the form1.php 1. Does this form work in the same way? 2. I want to retrieve a record from the db and display it in this form. Do I do it in the same way as in form1.html with a value=? 3. If the above is true then I would assume (that always gets me in trouble) that in my next program (update_db.php) I would capture the input data the same. Thanks What is the difference between the hash algo "tiger192,3" and "tiger192,4"? I ran fsum/HashCalc to get a TIGER hash from a string and it is different with either "tiger192,3" or "tiger192,4". I also tried using the hash as hex string input to rehash 3 or 4 times, but still cannot get an equivalent to that of "tiger192,3" or "tiger192,4"... Hello, I created a system where emails get encrypted with a random key that gets stored in a database, what are the odds of the Hashes Colliding? Part of the code: function genRandomString($num) { $length = $num; $characters = '0123456789abcdefghijklmnopqrstuvwxyz'; $string = ""; for ($p = 0; $p < $length; $p++) { $string .= $characters[mt_rand(0, strlen($characters))]; } return $string; } $Key=genRandomString(10); $email_s=hash_hmac('ripemd160', $email, $Key); Thankyou, GB. HI, I have a registration script where a password is made with one hash, and a user password reset page that uses another hash. I don't know how to make them the same, as every time I change them, it messes up the code and I get errors. I will comment the parts that I think need changing. Because when I try to log in with the new password that was made by the reset password script, it says "wrong username or password" because either it wasn't updated in the database, or it was updated in a bad way. Any help greatly appreciated. The password email reset code: Code: [Select] <?php define('IN_SCRIPT', true); // Start a session session_start(); ini_set ("display_errors", "1"); error_reporting(E_ALL); $host = ""; $database = ""; $username = ""; $password = ""; $tbl_name = ""; $conn = mysql_connect($host, $username, $password) or die("Could not connect: " . mysql_error()); if($conn) { mysql_select_db($database); echo "connected to database!!"; } else { echo "failed to select database"; } //this function will display error messages in alert boxes, used for login forms so if a field is invalid it will still keep the info //use error('foobar'); function error($msg) { ?> <html> <head> <script language="JavaScript"> <!-- alert("<?=$msg?>"); history.back(); //--> </script> </head> <body> </body> </html> <? exit; } //This functions checks and makes sure the email address that is being added to database is valid in format. function check_email_address($email) { // First, we check that there's one @ symbol, and that the lengths are right if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) { // Email invalid because wrong number of characters in one section, or wrong number of @ symbols. return false; } // Split it into sections to make life easier $email_array = explode("@", $email); $local_array = explode(".", $email_array[0]); for ($i = 0; $i < sizeof($local_array); $i++) { if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) { return false; } } if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name $domain_array = explode(".", $email_array[1]); if (sizeof($domain_array) < 2) { return false; // Not enough parts to domain } for ($i = 0; $i < sizeof($domain_array); $i++) { if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) { return false; } } } return true; } if (isset($_POST['submit'])) { if ($_POST['forgotpassword']=='') { error('Please Fill in Email.'); } if(get_magic_quotes_gpc()) { $forgotpassword = htmlspecialchars(stripslashes($_POST['forgotpassword'])); } else { $forgotpassword = htmlspecialchars($_POST['forgotpassword']); } //Make sure it's a valid email address, last thing we want is some sort of exploit! if (!check_email_address($_POST['forgotpassword'])) { error('Email Not Valid - Must be in format of name@domain.tld'); } // Lets see if the email exists $sql = "SELECT COUNT(*) FROM users WHERE email = '$forgotpassword'"; $result = mysql_query($sql)or die('Could not find member: ' . mysql_error()); if (!mysql_result($result,0,0)>0) { error('Email Not Found!'); } //Generate a RANDOM MD5 Hash for a password//THIS IS THE POSSIBLE PROBLEM $random_password=md5(uniqid(rand())); //Take the first 8 digits and use them as the password we intend to email the user $emailpassword=substr($random_password, 0, 8); //Encrypt $emailpassword in MD5 format for the database $newpassword = md5($emailpassword); // Make a safe query $newpassword = mysql_real_escape_string($newpassword); $query = sprintf("UPDATE 'users' SET 'password' = '$newpassword' WHERE 'email' = '$forgotpassword'"); //Email out the infromation $site_name = "mysite.COM"; $site_email = "noreply@mysite.COM"; $subject = "Your New Password"; $message = "Your new password is as follows: ---------------------------- Password: $emailpassword ---------------------------- Please make note this information has been encrypted into our database This email was automatically generated."; if(!mail($forgotpassword, $subject, $message, "FROM: $site_name <$site_email>")){ die ("Sending Email Failed, Please Contact Site Admin! ($site_email)"); }else{ error('New Password Sent!.'); } } else { ?> <form name="forgotpasswordform" action="" method="post"> <table border="0" cellspacing="0" cellpadding="3" width="100%"> <caption> <div>Forgot Password</div> </caption> <tr> <td>Email Address:</td> <td><input name="forgotpassword" type="text" value="" id="forgotpassword" /></td> </tr> <tr> <td colspan="2" class="footer"><input type="submit" name="submit" value="Submit" class="mainoption" /></td> </tr> </table> </form> <? } ?> And now for the registration and password creation script Code: [Select] <?php $host = " "; $database = " "; $username = " "; $password = " "; mysql_connect($host, $username, $password) or die("Could not connect: " . mysql_error()); mysql_select_db($database); if ($_POST['form_submitted'] == '1') { ##User is registering, insert data until we can activate it $activationKey = mt_rand() . mt_rand() . mt_rand() . mt_rand() . mt_rand(); $username = mysql_real_escape_string($_POST[username]); $email = mysql_real_escape_string($_POST[email]); ////////////////////////////////////////////////////////////////////////// $username= $_POST['username']; $checkuser = mysql_query("SELECT username FROM users WHERE username='$username'"); $username_exist = mysql_num_rows($checkuser); if($username_exist > 0){ echo "I'm sorry but the username you specified has already been taken. Please pick another one."; unset($username); $sendemail='0'; } /////////////////////////////////////////////////////////////////////////////////// $email= $_POST['email']; $checkemail = mysql_query("SELECT email FROM users WHERE email='$email'"); $useremail_exist = mysql_num_rows($checkemail); if($useremail_exist > 0){ echo "I'm sorry but the email address you specified has already been taken. Please pick another one."; unset($email); $sendemail='0'; } ////////////////////////////////////////////////////////////////////////////// if ( $_POST['password'] == $_POST['password2'] && $username_exists <=0 && $useremail_exist <= 0) { $password = sha1($_POST['password']); $sql="INSERT INTO users (username, password, email, activationkey, status) VALUES ('$username', '$password', '$email', '$activationKey', 'verify')"; $sendemail = '1'; } else { echo "*Passwords do not match!"; $sendemail='0'; } if (!mysql_query($sql)) { die('Error: ' . mysql_error()); } $_POST['form_submitted'] = '0'; //make form disappear. if ($sendemail =='1') { echo "An email has been sent to $_POST[email] with an activation key. Please check your mail to complete registration."; } ##Send activation Email $to = $_POST[email]; $subject = " Registration"; $message = "Welcome to our website! verify_user.php?$activationKey\r\rIf this is an error, ignore this email and you will be removed from our mailing list.\r\rRegards,\ Team"; $headers = 'From: noreply@r.com' . "\r\n" . 'Reply-To: noreply@r.com' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); mail($to, $subject, $message, $headers); } else { ##User isn't registering, check verify code and change activation code to null, status to activated on success $queryString = $_SERVER['QUERY_STRING']; $query = "SELECT * FROM users"; $result = mysql_query($query) or die(mysql_error()); /*if*/ while($row = mysql_fetch_array($result)){ if ($queryString == $row["activationkey"]){ $_POST['form_submitted'] = '2'; //make form disappear. echo "Congratulations!" . $row["username"] . " is now the proud new owner of an e.com account. Please sign in to the site at <a href='sign_in.php'>THIS LINK</a>. "; $sql=" UPDATE users SET status='activated' WHERE (id = $row[id])"; //UPDATE users SET activationkey = '', //$sql="UPDATE users SET activationkey = 'Done-$row[id]', status='activated' WHERE (id = $row[id])"; if (!mysql_query($sql)) { die('Error: ' . mysql_error()); } } } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> <style type="text/css"> <!-- .style1 { font-size: large; font-weight: bold; } .style3 {font-size: large} --> </style> </head> <body> <?php if (!isset ($_POST['form_submitted'])){ echo (' <div align="center"><span class="style3"> Please register. </span> <table border="0"> <form action="verify_user.php" method="post" name="register"> <tr><td>Username: <input type="text" name="username" maxlength="20"></td></tr> <tr><td>Password:<input type="password" name="password" /></td><td> <tr><td>Confirm password: <input type="password" name="password2" maxlength="20"></td><td> <tr><td> Email: <input type="text" name="email" /></td></tr> <input type="hidden" name="form_submitted" value="1"/> <tr><td><input type="submit" value="Submit" /></td></tr> </form> </table> </div>'); } if ( $_POST['form_submitted'] =='2'){ echo (" You may now enter the site!");//echo nothing no form. } ?> </body> </html> When a User changes his/her Email Address, should I generate a new Salt and Hash? (I am re-using the code I used for a Password Reset, and during that I generated a new Salt and Hash for security. I guess it can't hurt...) Thanks, Debbie Im trying to access a page that uses a session hash in the url. How do I accomplish this. The url looks like: http://www.somesite.com/findagent/MapController.aspx?action=getAgentsByRadius&distance=5&filter=PL&sessionhash=%3F%01j%23%3Eo%0AH%05h%0B%3FU%0B%3F%3F%3F%7B%3F%3C&zip=91111 I guess getting the session id and urlencoding on my end wouldnt work? I would have to grab their session id and encode somehow? Hi,
Recently I've been trying writing a safe password hash and I wanted to know that if I use an MD5 hash at the end, just so it will be like some short of "packed",so instead of saving a 128 string, I'll use md5 to "pack" it into 32 characters and save up to 96 characters.
I know MD5 isn't safe and all, but the question is, does it lower the security ?
Also, would be happy for feedbacks about my password hash
function hash_($input,$key) {
$op=hash("whirlpool",hash("sha512",$key) . "$" . $input . "$" . hash("sha512",$key));what would be the correct way to add an MD5 has to the following POST code? $_POST['pass'] = mysql_real_escape_string($_POST ['pass']); '".$_POST ['pass']."', thanks in advance! Hi SMF forum use semi-colom in url for example http://www.phpfreaks.com/forums/profile/?area=showposts;u=71740 after showposts there is semi-colon. Sometimes use hash(#) how can i do this with superglobal $_GET??? Hi,
I am trying to get this script to execute as an administrator of an online system. If a user has forgotten their password, I enter their username and enter a new password which they can update later. I am not sure why this is not updating the password for the username entered?
<?php
// Initialize the session
session_start();
// Check if the user is logged in, if not then redirect to login page
if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){
header("location: login.php");
exit;
}
// Include config file
require_once "config.php";
// Define variables and initialize with empty values
$new_password = $confirm_password = "";
$new_password_err = $confirm_password_err = "";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Validate new password
if(empty(trim($_POST["new_password"]))){
$new_password_err = "Please enter the new password.";
} elseif(strlen(trim($_POST["new_password"])) < 6){
$new_password_err = "Password must have atleast 6 characters.";
} else{
$new_password = trim($_POST["new_password"]);
}
// Validate confirm password
if(empty(trim($_POST["confirm_password"]))){
$confirm_password_err = "Please confirm the password.";
} else{
$confirm_password = trim($_POST["confirm_password"]);
if(empty($new_password_err) && ($new_password != $confirm_password)){
$confirm_password_err = "Password did not match.";
}
}
// Check input errors before updating the database
if(empty($new_password_err) && empty($confirm_password_err)){
// Prepare an update statement
$sql = "UPDATE User_Accounts_ SET password = ? WHERE username = ?";
if($stmt = mysqli_prepare($link, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ss", $param_password, $username);
// Set parameters
$param_password = password_hash($new_password, PASSWORD_DEFAULT);
$username = $_POST['username'];
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Password updated successfully. Destroy the session, and redirect to login page
session_destroy();
header("location: login.php");
exit();
} else{
echo "Oops! Something went wrong. Please try again later.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Close connection
mysqli_close($link);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Reset Password</title>
<style type="text/css">
body{ font: 14px sans-serif; }
.wrapper{ width: 350px; padding: 20px; }
</style>
</head>
<body>
<div class="wrapper">
<h2>Reset Password</h2>
<p>Please fill out this form to reset your password.</p>
<p><strong>Username</strong>
<input type="text" name="username" class="form-control">
</p>
<p> </p>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="form-group <?php echo (!empty($new_password_err)) ? 'has-error' : ''; ?>">
<label>New Password</label>
<input type="password" name="new_password" class="form-control" value="<?php echo $new_password; ?>">
<span class="help-block"><?php echo $new_password_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($confirm_password_err)) ? 'has-error' : ''; ?>">
<label>Confirm Password</label>
<input type="password" name="confirm_password" class="form-control">
<span class="help-block"><?php echo $confirm_password_err; ?></span>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Submit">
<a class="btn btn-link" href="welcome.php">Cancel</a>
</div>
</form>
</div>
</body>
</html>
Im using SMF forum im trying to connect (my software C#) and grand access from forum DB this is a hash from SMF sha1(strtolower($membername) . $password); Code: [Select] <?php include("config.php"); $user = "-1"; if (isset($_GET['user'])) { $user = $_GET['user']; } $pass = "-1"; if (isset($_GET['pass'])) { $pass = $_GET['pass']; } $ip = $_SERVER['REMOTE_ADDR']; $sql = "select id_member,count from smf_members where real_name='$user' and passwd=MD5('$pass')"; $results = mysql_query($sql, $con); $values = mysql_fetch_assoc($results); $user_id = $values['id_member']; $login=$values['count']; ?> MD5 working fine but how to use SMF hash to login? I have a login system Username and Password.
My password is encrypted with bcrypt, if it okay to store that bcrypt in a session as $_SESSION["hash"]
To verify that the user is who they say they are?
Or do i only need to do
$_SESSION["username"]
|
|||||||