Learn VBA & Macros in 1 Week!

PHP - Check If Password Expired?

Full Excel VBA Course - Beginner to Expert

Check If Password Expired?	View Content

I could use some help comparing Dates.

I need to check if a Temporary Password has expired, and am a bit shaky on "Date Math".

The Temporary Password was created like this...

// Build query.
$q2 = "UPDATE member
SET temp_password=?,
temp_reset_on=NOW(),
updated_on=NOW()
WHERE email=?
LIMIT 1";

So how do I see if temp_reset_on is more than 4-hour old and thus expired?

Thanks,

Debbie

Full Excel VBA Course - Beginner to Expert

Similar Tutorials

Simple Password Check

Check Username & Password In Data Base With Curl

Website User Log On, Check Password Stored On Sql Database.

Check To Make Sure A Password Has At Least One Upper And One Lower Case Letter

Moved: Document Expired?

Change Active Status To Expired Wont Work.

Automaticly Remove Table Rows Daily If Logged Date Has Expired?

Change Password... Doesnt Seem To Work, Just Resets Password

How To Decrypt Password Which Is Encrypted By Sha($password) Technique.

Moved: Password Security During Password Reset

Password Validation

Password Reminder

Password Protection

Incorret Password

Please Help!!!! Password Rejections

Php Password Security

Password Generation

Password Restrictions

Learn VBA & Macros for Excel in 1 Week!

Simple Password Check

Similar Tutorials

Hi all, i have written a fairly simple profile page that users can see once they have logged in and i have a password change feature. the user is asked to enter there current password and then enter there desired new password, then confirm there new password to make sure they match. However the users current password isn't checked as im not sure how to code it. Heres my code so far:

<?PHP

session_start();

//Database Information

$dbhost = "localhost";
$dbname = "test";
$dbuser = "test";
$dbpass = "test";

//Connect to database

$conn = mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname, $conn) or die(mysql_error());

//Clean data

$_POST = array_map('strip_tags', $_POST);
$_POST = array_map('mysql_real_escape_string', $_POST);

$currentpassword = $_POST['currentpassword'];
$newpassword = $_POST['newpassword'];
$cnewpassword = $_POST['cnewpassword'];

if($newpassword == $cnewpassword)
{
    $query = "UPDATE `users` SET `password` = '".$newpassword."' WHERE `username` = '".$_SESSION['username']."' LIMIT 1";
$run = mysql_query($query);
if($run) {
echo "Congratulations You have successfully changed your password";
    include 'success.php';
exit();
         }
  else {
include 'password.php';
exit;
     }
}
else  {
    echo "The new password and confirm new password fields must be the same";
    include 'password.php';
    exit();
        }
?>

I'm guessing i need a && within the if statement to check the currentpassword with what is supplied within my database, but im not sure how to code this.

Lee

Check Username & Password In Data Base With Curl

Similar Tutorials

Hi guys
Can someone help me about this:
The php code can be revise username and password with CURL then check database and if username & password is correct return true else false.

Thanks

Website User Log On, Check Password Stored On Sql Database.

Similar Tutorials

Hi all,

I've got a website for an event, each team have their details on a page which are recalled from a SQl database.

But I'm wanting to create a password input box for each team, so when they enter the correct password they are taken to a page containing forms where they can edit the team details.

Here is the page with the users details on where they anter the password: http://www.wharncliffenetwork.co.uk/wrc/entered/team.php?id=8

I'm not sure how to code it, Can an IF statement be used? Anyone got any pointers? I'f been unsuccessful in finding a tutorial or something similar.

Hope that makes sense :S Cheers.

Check To Make Sure A Password Has At Least One Upper And One Lower Case Letter

Similar Tutorials

Hi,

I wonder if some one could help me.

I am trying to set up a few rules to make sure that users create safe passwords on my site:

I have the below check which makes sure that the user enters a word of at least 8 charachters long:

Code: [Select]
if( strlen($password) < $MaxPwdLength ){
$errmsg_arr[] = 'Password must be at least 8 charachters long ';
$errflag = true;
}

Does anyone know how I could write an if function to make sure that the ser is entereing a password with at least one capital and one lower case letter in.

Hope you can help.

Thanks

Ed

Moved: Document Expired?

Similar Tutorials

This topic has been moved to Miscellaneous.

http://www.phpfreaks.com/forums/index.php?topic=354333.0

Change Active Status To Expired Wont Work.

Similar Tutorials

Doesn't change status to expired.

<?php

$bannersQuery = 'SELECT * FROM banners WHERE expire > NOW() AND status = "active" ORDER BY RAND() LIMIT 10';
$banners = $db->query($bannersQuery);

while($row = $banners->fetch(PDO::FETCH_ASSOC)){
	
	if($row['expire'] <= time()){
		$status = 'expired';
	}else{
		$status = 'active';
	}
	
	$updateQuery = 'UPDATE banners SET exposures = exposures + 1, status = :status WHERE id = :id';
	$update = $db->prepare($updateQuery);
	$update->bindParam(':status', $status, PDO::PARAM_STR);
	$update->bindParam(':id', $row['id'], PDO::PARAM_INT);
	$update->execute();
						
	echo '
<a href="index.php?do=bannerClick&id='.$row['id'].'" target="_BLANK"><img src="'.$row['url'].'" width="'.$row['width'].'" height="'.$row['height'].'" alt="'.$row['title'].'"></a><br>';
				
}

echo '
<a href="index.php?do=buyBanner">Want to advertise your banner? Click here.</a>';

?>

Automaticly Remove Table Rows Daily If Logged Date Has Expired?

Similar Tutorials

Hey all,

Im currently working on a site which I save a cookie on users computer for 1 month as well a row in a table with the 1 month expiring date plus cookie id. What I would like to know is if theres a way to make the server check the table every day at say 12pm to see if any corresponding user cookies in each row have expired on that day as to remove them from the table to match the expiring cookie on the users computer? I would like not to have to rely on a user/admin accessing in to make a script run instead have something thats timed to go off automatically instead?

Is there anyway of doing this?

Thanks!

Change Password... Doesnt Seem To Work, Just Resets Password

Similar Tutorials

Hello PhP Freaks forum
In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing.

Here is the code below.

<?php
         if(isset($_SESSION['username']))
         {
            $username = $_SESSION['username'];
            $lastname = $_SESSION['lastname'];
            $firstname = $_SESSION['firstname'];
            $email = $_SESSION['email'];

            echo "

               <h4>Options for:</h4>   $username
               <br />
               <br />
               First name:   $firstname

               <br />Last name:   $lastname

   <br /><br /><h3>Want to change your password:</h3><br />

      <form action='?do=option' method='post'>

      Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br />
                  <br />
      New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br />
                  <br />
      Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br />

      <center></div><input type='submit' value='Submit'/></center></form>";


         }else{
            echo 'Please login to view your options!';
         }

      $password = $_REQUEST['password'];
      $pass_conf = $_REQUEST['newpass'];
      $email = $_REQUEST['passconf'];

      $connect = mysql_connect("Host", "User", "Password");
      if(!$connect){
      die(mysql_error());
      }

      //Selecting database
      $select_db = mysql_select_db("My Database", $connect);
      if(!$select_db){
      die(mysql_error());
      }

      //Find if entered data is correct

      $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
      $row = mysql_fetch_array($result);
      $id = $row['id'];


         mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'")

      ?>

And i do know that i dont have a

if(Empty($newpass)){
Die(Please fill out the new password)
}

Or any security on the others, but the problem just seems that it resets the password into nothing

Hope i can get this fixed

Best Regards

William Pfaffe

How To Decrypt Password Which Is Encrypted By Sha($password) Technique.

Similar Tutorials

<?php
require_once('upper.php');
require_once('database.php');
echo $error_msg='';
if(isset($_POST['submit']))
{
$LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId']));
$Password1=mysqli_real_escape_string($dbc,trim($_POST['Password1']));
$Password2=mysqli_real_escape_string($dbc,trim($_POST['Password2']));
$Name=mysqli_real_escape_string($dbc,trim($_POST['Name']));
$Age=mysqli_real_escape_string($dbc,trim($_POST['Age']));
$BloodGroup=mysqli_real_escape_string($dbc,trim($_POST['BloodGroup']));
if(!isset($_POST['Sex']))
{
echo 'Please enter Sex<br>';
}
else{
$Sex= mysqli_real_escape_string($dbc,trim($_POST['Sex']));
}
$Qualification=mysqli_real_escape_string($dbc,trim($_POST['Qualification']));
$ContactNumber=mysqli_real_escape_string($dbc,trim($_POST['ContactNumber']));
$Email=mysqli_real_escape_string($dbc,trim($_POST['Email']));
$Address=mysqli_real_escape_string($dbc,trim($_POST['Address']));
$AboutYourself=mysqli_real_escape_string($dbc,trim($_POST['AboutYourself']));
//$countCheck=count($_POST['checkbox']);
//echo $countCheck;
//$checkbox=$_POST['checkbox'];
//$countCheck=count($checkbox);
if(empty($LoginId)){echo 'Please enter Login Id';}
elseif(empty($Password1)){echo 'Please enter Password';}
elseif(empty($Password2)){echo 'Please confirm Password';}
elseif($Password1!==$Password2){echo 'Password didn\'t match';}
elseif(empty($Name)){echo 'Please enter Name';}
elseif(empty($Age)){echo 'Please enter Age';}
elseif(!isset($_POST['Sex'])){}
elseif(empty($Qualification)){echo 'Please enter Qualification';}
elseif(empty($ContactNumber)){echo 'Please enter Contact Number';}
elseif(empty($Email)){echo 'Please enter Email';}
elseif(empty($Address)){echo 'Please enter Address';}
elseif(empty($AboutYourself)){echo 'Please enter About Yourself';}
elseif(!isset($_POST['checkbox'])){ echo 'You have to register at least one activity.';}
elseif(!isset($_POST['TermsAndConditions'])){ echo 'You have to agree all Terms and Conditions of Elite Brigade.';}
else
{
require_once('database.php');
$query="select * from registration where LoginId='$LoginId'";
$result=mysqli_query($dbc,$query);
if(mysqli_num_rows($result)==0)
{
$checkbox=$_POST['checkbox'];
$countCheck=count($_POST['checkbox']);
$reg_id=' ';
for($i=0;$i<$countCheck;$i++)
{
$reg_id=$reg_id.$checkbox[$i].',';
$query="insert into activity_participation (LoginId,Title,Date) values ('$LoginId','$checkbox[$i]',CURDATE())";
$result=mysqli_query($dbc,$query) or die("Not Connected");
}
$query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,ContactNumber,Email,Address,AboutYourself,Activity)values ('$LoginId'[B],SHA('$Password1'),[/B]'$Name','$Age','$BloodGroup','$Sex','$Qualification','$ContactNumber','$Email','$Address','$AboutYourself',',$reg_id')";
$result=mysqli_query($dbc,$query) or die("Not Connect");

echo ' Dear '.$Name.'.<br>Your request has been mailed to admin.<br>Your account is waiting for approval<br>';
$from= 'Elite Brigade';
$to='ankitp@rsquareonline.com';
$subject='New User Registration';
$message="Dear admin,\n\nA new user request for registration. Please check it out.\n\nRegards\nMicro";
mail($to,$subject,$message,'From:'.$from);
//header('Location: index.php');
// header('Location: Registration.php');
}
else
{
echo 'Dear '.$Name. ', <br> An account already exist with login-id<b> '.$LoginId.'</b> <br>Please try another login-id';
}}
}
?>

<html>
<head>
<script src="jquery-latest.js"></script>
  <script type="text/javascript" src="jquery-validate.js"></script>
<style type="text/css">
* { font-family: Verdana;  }

label.error {  color: white;  padding-left: .5em; }
p { clear: both; }
.submit { margin-left: 12em; }
em { font-weight: bold; padding-right: 1em; vertical-align: top; }
</style>
  <script>
  $(document).ready(function(){
    $("#commentForm").validate();
  });
  </script>

</head>

<body>

<?php
echo $error_msg; ?>

<form action='<?php echo $_SERVER['PHP_SELF'];?>' id="commentForm" method='post'>
<div class="registration_and_activity">

<table border="0" width="380">
<tr><td colspan="2">
<h3>New User?</h3></td></tr>
<tr><td width="120">

<em>*</em>Enter Login id</td><td width="150"><input type='text' name='LoginId'  minlength="4" value='<?php if(!empty($LoginId))echo $LoginId;?>' /></td></tr>
<tr><td>
<em>*</em>Enter Password</td> <td><head>
   <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div>
   <SCRIPT language=Javascript>

function capLock(e){
kc = e.keyCode?e.keyCode:e.which;
sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false);
if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk))
  document.getElementById('divMayus').style.visibility = 'visible';
else
  document.getElementById('divMayus').style.visibility = 'hidden';
}

</SCRIPT>
   </HEAD>
<input onkeypress='return capLock(event)' type='password' name='Password1' value='<?php if(!empty($Password1))echo $Password1;?>' /></td></tr>

<tr><td>
<em>*</em>Confirm Password</td><td><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>' /></td></tr>
<tr><td width="120">
<em>*</em>Enter Name</td> <td><input type='text'  name='Name' value='<?php if(!empty($Name))echo $Name;?>' /></td></tr>
<tr><td>
<em>*</em>Enter Age</td><HEAD>
   <SCRIPT language=Javascript>

      function isNumberKey(evt)
      {
         var charCode = (evt.which) ? evt.which : event.keyCode
         if (charCode > 31 && (charCode < 48 || charCode > 57))
            return false;

         return true;
      }



   </SCRIPT>
   </HEAD>
<td><INPUT onkeypress='return isNumberKey(event)'  type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'/></td></tr>

<tr><td>
<em>*</em>Enter Blood</td><td><input type='text' name='BloodGroup' value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Sex</td><td><input type='radio' name='Sex'  style='width:16px; border:0;' 'value='Male' />Male   <input type='radio' name='Sex' style='width:16px; border:0;' 'value='Female' />Female</td></tr>

<tr><td>
<em>*</em>Enter Qualification</td><td><input type='text' name='Qualification'  value='<?php if(!empty($Qualification))echo $Qualification;?>' /></td></tr>

<tr><td>
<em>*</em>Contact Number </td><td><input onkeypress='return isNumberKey(event)'type='text'  name='ContactNumber' value='<?php if(!empty($ContactNumber))echo $ContactNumber;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Email</td><td><input type='text' name='Email'class="email" value='<?php if(!empty($Email))echo $Email;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Address</td><td><input type='text'   name='Address' value='<?php if(!empty($Address))echo $Address;?>' /></td></tr>

<tr ><td >
<em>*</em>About Yourself </td></tr>
<tr><td colspan="2"><textarea rows='10' cols='40'  name='AboutYourself'  /><?php if(!empty($Address))echo $Address;?></textarea></td></tr>
<tr><td>

<?php echo"
<tr><td colspan='2'><em>*</em><b>Select fields for which you want to register</b></td></tr>";

require_once('database.php');
$query="select * from activity";
$result=mysqli_query($dbc,$query);
while($row=mysqli_fetch_array($result)){
$Title=$row['Title'];
$ActivityId=$row['ActivityId'];
echo "<tr><td>$Title</td>";
echo "<td><input type='checkbox' name='checkbox[]' value='$Title' style='width:14px; text-align:right;'/></td></tr>";//value=$ActivityId tells ActivityId variable extracts with name="checkbox"
echo "<br/>";
}
echo "<td><em>*</em><input type='checkbox' name='TermsAndConditions'  style='width:14px; text-align:right;'/></td><td> I agree all <a href='TermsAndConditions.php'>Terms and conditions </a>of Elite Brigade</td></tr>";
echo "<tr><td colspan='2' align='center'><input type='submit' value='Register' name='submit' style='background:url(./images/button_img2.png) no-repeat 10px 0px; width:100px; padding:3px 0 10px 0; color:#FEFBC4; border:0;'/></td></tr><br>";

echo " </td></tr></table>

</div>

</form>
</body>
</html>";
require_once('lower.php');

?>

Hi Friends ....
I encrypt user password by SHA('$Password') method but now i want to add "Forget Password Module" for which I need to decrypt it first before tell my user but I don't Know how to decrypt it.
Please help me........

Moved: Password Security During Password Reset

Similar Tutorials

This topic has been moved to Application Design.

http://www.phpfreaks.com/forums/index.php?topic=353345.0

Password Help

Similar Tutorials

I am having some trouble getting this to pull the password correctly from the database.
I believe the problem is from the password being in md5 format.
I am not sure how to fix the issue.

Much thanks

Code: [Select]
<?php
//signin.php
include 'connect.php';
include 'header.php';

echo '<h3>Sign in</h3><br />';

//first, check if the user is already signed in. If that is the case, there is no need to display this page
if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true)
{
   echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.';
}
else
{
   if($_SERVER['REQUEST_METHOD'] != 'POST')
   {
      /*the form hasn't been posted yet, display it
        note that the action="" will cause the form to post to the same page it is on */
      echo '<form method="post" action="">
         Username: <input type="text" name="username" /><br />
         Password: <input type="password" name="password"><br />
         <input type="submit" value="Sign in" />
       </form>';
   }
   else
   {
      /* so, the form has been posted, we'll process the data in three steps:
         1.   Check the data
         2.   Let the user refill the wrong fields (if necessary)
         3.   Varify if the data is correct and return the correct response
      */
      $errors = array(); /* declare the array for later use */

      if(!isset($_POST['username']))
      {
         $errors[] = 'The username field must not be empty.';
      }

      if(!isset($_POST['password']))
      {
         $errors[] = 'The password field must not be empty.';
      }

      if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
      {
         echo 'Uh-oh.. a couple of fields are not filled in correctly..<br /><br />';
         echo '<ul>';
         foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
         {
            echo '<li>' . $value . '</li>'; /* this generates a nice error list */
         }
         echo '</ul>';
      }
      else
      {
         //the form has been posted without errors, so save it
         //notice the use of mysql_real_escape_string, keep everything safe!
         //also notice the sha1 function which hashes the password
         $sql = "SELECT
                  userid,
                  username,
                  userlevel
               FROM
                  users
               WHERE
                  username = '" . mysql_real_escape_string($_POST['username']) . "'
               AND
                  password = '" . sha1($_POST['password']) . "'";

         $result = mysql_query($sql);
         if(!$result)
         {
            //something went wrong, display the error
            echo 'Something went wrong while signing in. Please try again later.';
            //echo mysql_error(); //debugging purposes, uncomment when needed
         }
         else
         {
            //the query was successfully executed, there are 2 possibilities
            //1. the query returned data, the user can be signed in
            //2. the query returned an empty result set, the credentials were wrong
            if(mysql_num_rows($result) == 0)
            {
               echo 'You have supplied a wrong user/password combination. Please try again.';
            }
            else
            {
               //set the $_SESSION['signed_in'] variable to TRUE
               $_SESSION['signed_in'] = true;

               //we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages
               while($row = mysql_fetch_assoc($result))
               {
                  $_SESSION['userid']    = $row['userid'];
                  $_SESSION['username']    = $row['username'];
                  $_SESSION['userlevel'] = $row['userlevel'];
               }

               echo 'Welcome, ' . $_SESSION['username'] . '. <br /><a href="index.php">Proceed to the forum overview</a>.';
            }
         }
      }
   }
}

include 'footer.php';
?>

Md5 Password

Similar Tutorials

Hi all,

I am trying to make a 'forgot password' script.

The passwords in the database are md5 encrypted.

Is there a way to reverse this md5 password and send the forgotten password in its orginal for to the user through email?

Thanks.

<?PHP
include("cxn.php");

$sql = "SELECT password FROM Members WHERE email='$_POST[email]'";
$result = mysqli_query($cxn,$sql)
or die ("Couldn't execute query");

$num = mysqli_num_rows($result);

if ($num >0) // Email Address Found
{
$password = md5($_POST['password']); // Trying to take the md5 off the password here.

$to = "$_POST[email]";
$subj = "Password for website.co.uk";
$mess = "Your password for www.website.co.uk is: \n
$_POST['password'] \n
Please login with your email address and this password. Thank you.";
$mailsend = mail($to,$subj,$mess,$headers);

$update= "An email containing your password has been sent to". $_POST['email'].".";
include("signin-redirect.php");
}
else // Email Address Not Found
{
$registrationerror = "The email address '$_POST[email]' is already registered!";
include("signin-redirect.php");
}

?>

Password Validation

Similar Tutorials

I am a newbie to php. Ran away from it from years but now I see the light!

I am in the process of developing a web site application w/ MySql backend and I would like to do the following:

1. Client registers for my site.
2. How do I create code that validates password format to meet my password criteria (i.e. (2) capital letters, (2) special characters etc etc.

Password Reminder

Similar Tutorials

Hi, im trying to make a password reminder for my game server accounts. Ok, so now in mysql i have table with 2 fields: email and pass. Here is my php coding to remind password:
Code: [Select]
<?php
session_start();
include "./global.php";
?>
<html>
<head>
<title>Password Reminder</title>
</head>
<body>
<?php

if(!isset ($_POST['submit'])) {
echo "Your e-mail: <input type='input' name='email'> <input type='submit' name='submit' value='Ok'>\n";
}else{
$to = $_POST['email'];
if($to) {
$sql = "SELECT pass FROM fpass WHERE email='".$to."'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res) > 0) {
$rrow = mysql_fetch_assoc($res);
echo "Your password is: '".$rrow['pass']."'";
}else{
echo "The e-mail that you supplied does not exist!\n";
}
}else{
echo "E-Mail field is empty! Please fill it up.\n";
}
}
?>
</body>
</html>
global.php connects to mysql. But now when i typing email, the it should select password from table fpass where email = my typed email. But when i click Ok button, then it don't doing anything...
It should show me this: Your password is: blabla...

Password Protection

Similar Tutorials

I want to password protect my entire website. How would I go on to doing this. There is a website that has this already (www.printerdev.co.uk). I want to do the exact same thing but not sure how to.

Can someone please help me

Incorret Password

Similar Tutorials

Okay, so I am trying to create a login page
My problem is that after I register and I want to login it says I have an incorrect password
I encrypted the password with the md5 function and when I echoed the password in the db I get e882b72bccfc2ad578c27b0d9b472a14
and when I echoed the password I tried to login with I get e882b72bccfc2ad5

The password seems to be correct, just cut in half... Now why is the password I logged in with half the size it should be?

Please Help!!!! Password Rejections

Similar Tutorials

I know i left out the connect that works fine but when i run this it tell me wrong password even if i copy and paste the user name and password from my database....
Can anyone help me please

{
        $username = $_COOKIE['ID_my_site'];

        $pass = $_COOKIE['Key_my_site'];

                $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

        while($info = mysql_fetch_array( $check ))

                {

                if ($pass != $info['password'])

                        {

                                                }

                else

                        {

                        header("Location: members.php");

                        }

                }

}

if (isset($_POST['submit'])) { // if form has been submitted

        if(!$_POST['username'] | !$_POST['pass']) {

                die('You did not fill in a required field.');

        }

        if (!get_magic_quotes_gpc()) {

                $_POST['email'] = addslashes($_POST['email']);

        }

        $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

$check2 = mysql_num_rows($check);

if ($check2 == 0) {

                die('That user does not exist in our database.');

                                }

while($info = mysql_fetch_array( $check ))

{

$_POST['pass'] = stripslashes($_POST['pass']);

        $info['password'] = stripslashes($info['password']);

        $_POST['pass'] = md5($_POST['pass']);

        if ($_POST['pass'] != $info['password']) {

                die('Incorrect password, please try again.');

        }
else

{

         $_POST['username'] = stripslashes($_POST['username']);

         $hour = time() + 3600;

setcookie(ID_my_site, $_POST['username'], $hour);

setcookie(Key_my_site, $_POST['pass'], $hour);



header("Location: members.php");

}

}

}

else

{

?>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">

<table border="0">

<tr><td colspan=2><h1>Login</h1></td></tr>

<tr><td>Username:</td><td>

<input type="text" name="username" maxlength="40">

</td></tr>

<tr><td>Password:</td><td>

<input type="password" name="pass" maxlength="50">

</td></tr>

<tr><td colspan="2" align="right">

<input type="submit" name="submit" value="Login">

</td></tr>

</table>

</form>

<?php

}

?>

Php Password Security

Similar Tutorials

I have been out of the game for a while and i need a bit of guidance on this. Password: HelloWorld! Salt: mySaltForMyReallyCoolPasswordThatiMadeForPHPFREAKS MD5 . SALT = 072ce1d7fd7e6f14ba12053a9e057b26 SHA1 . SALT = d580f4880e29ed757d942623f4d96dab1976d929 Crypt . SALT = my7LFLALq6s3c password_hash = $2y$13$mySaltForMyReallyCoolO9t3RUqt1WbzVeqqQGxDHqOF/nu2Zhs2 Which security protocol is most prefered. SALT . MD5 . SALT http://php.net/manua...unction.md5.php SHA1 . SALT http://php.net/manua...nction.sha1.php Crypt http://php.net/manua...ction.crypt.php password_hash http://php.net/manua...ssword-hash.php (new) function:

<?PHP
$password = "HelloWorld!";
$salt = "mySaltForMyReallyCoolPasswordThatiMadeForPHPFREAKS";

$md5 = md5($password . $salt);

$sha1 = $sha1($password . $salt);

$crypt = crypt($password, $salt);


$o = [
    'cost' => 13,
    'salt' => $salt,
];
$password_hash = password_hash($p, PASSWORD_DEFAULT, $o);

?>

After i get the encrypted password, i will convert it to binary and then store it in the database as a binary. Which of these methods do you prefer and why? (ps. i might have used password_hash incorrectly). i don't need any source code, just fill me in
Edited by Richard_Grant, 08 September 2014 - 08:49 AM.

Password Generation

Similar Tutorials

Dear All,
Below is a php file for my website invitacoach.com

I need to issue passwords myself to members who have already paid up for my services...of which they will then be able to access the advantages of a members area which include Videos, Audios and other publications.

Which part of my code am i to edit

Below is the SQL and register.php code.

SQL

CREATE TABLE users (
userid int(25) NOT NULL auto_increment,
first_name varchar(25) NOT NULL default '',
last_name varchar(25) NOT NULL default '',
email_address varchar(25) NOT NULL default '',
username varchar(25) NOT NULL default '',
password varchar(255) NOT NULL default '',
info text NOT NULL,
user_level enum('0','1','2','3') NOT NULL default '0',
signup_date datetime NOT NULL default '0000-00-00 00:00:00',
last_login datetime NOT NULL default '0000-00-00 00:00:00',
activated enum('0','1') NOT NULL default '0',
PRIMARY KEY (userid)
) TYPE=MyISAM COMMENT='Membership Information';

REGISTER.PHP

<?

include 'db.php';

// Define post fields into simple variables
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email_address = $_POST['email_address'];
$username = $_POST['username'];
$info = $_POST['info'];

/* Let's strip some slashes in case the user entered
any escaped characters. */

$first_name = stripslashes($first_name);
$last_name = stripslashes($last_name);
$email_address = stripslashes($email_address);
$username = stripslashes($username);
$info = stripslashes($info);

/* Do some error checking on the form posted fields */

if((!$first_name) || (!$last_name) || (!$email_address) || (!$username)){
   echo 'You did not submit the following required information! <br />';
   if(!$first_name){
      echo "First Name is a required field. Please enter it below.<br />";
   }
   if(!$last_name){
      echo "Last Name is a required field. Please enter it below.<br />";
   }
   if(!$email_address){
      echo "Email Address is a required field. Please enter it below.<br />";
   }
   if(!$username){
      echo "Desired Username is a required field. Please enter it below.<br />";
   }
   include 'join_form.html'; // Show the form again!
   /* End the error checking and if everything is ok, we'll move on to
    creating the user account */
   exit(); // if the error checking has failed, we'll exit the script!
}

/* Let's do some checking and ensure that the user's email address or username
does not exist in the database */

$sql_email_check = mysql_query("SELECT email_address FROM users WHERE email_address='$email_address'");
$sql_username_check = mysql_query("SELECT username FROM users WHERE username='$username'");

$email_check = mysql_num_rows($sql_email_check);
$username_check = mysql_num_rows($sql_username_check);

if(($email_check > 0) || ($username_check > 0)){
    echo "Please fix the following errors: <br />";
    if($email_check > 0){
       echo "<strong>Your email address has already been used by another member in our database. Please submit a different Email address!<br />";
       unset($email_address);
    }
    if($username_check > 0){
       echo "The username you have selected has already been used by another member in our database. Please choose a different Username!<br />";
       unset($username);
    }
    include 'join_form.html'; // Show the form again!
    exit(); // exit the script so that we do not create this account!
}

/* Everything has passed both error checks that we have done.
It's time to create the account! */

/* Random Password generator.
http://www.phpfreaks.com/quickcode/Random_Password_Generator/56.php

We'll generate a random password for the
user and encrypt it, email it and then enter it into the db.
*/

function makeRandomPassword() {
$salt = "abchefghjkmnpqrstuvwxyz0123456789";
srand((double)microtime()*1000000);
   $i = 0;
   while ($i <= 7) {
      $num = rand() % 33;
      $tmp = substr($salt, $num, 1);
      $pass = $pass . $tmp;
      $i++;
   }
   return $pass;
}

$random_password = makeRandomPassword();

$db_password = md5($random_password);

// Enter info into the Database.
$info2 = htmlspecialchars($info);
$sql = mysql_query("INSERT INTO users (first_name, last_name, email_address, username, password, info, signup_date)
      VALUES('$first_name', '$last_name', '$email_address', '$username', '$db_password', '$info2', now())") or die (mysql_error());

if(!$sql){
   echo 'There has been an error creating your account. Please contact the webmaster.';
} else {
   $userid = mysql_insert_id();
   // Let's mail the user!
   $subject = "Your Membership at invitacoach.com!";
   $message = "Dear $first_name,
   Thank you for registering at our website, http://www.invitacoach.com

   You are two steps away from logging in and accessing our exclusive members area.

   To activate your membership, please click he http://www.invitacoach.com/test/activate.php?id=$userid&code=$db_password

   Once you activate your membership, you will be able to login with the following information:
   Username: $username
   Password: $random_password

   Thanks!
   Invita Coach

Password Restrictions

Similar Tutorials

I'm making the password field have these restrictions:

Length >= 8

That's it. I then use javascript to md5 the value of that text field, then I send it using ajax to the php script to process the signup. Is it bad not to have a max length, or does this way work. Any suggestions?