PHP - How Do You Know If Your Password Encryption / Security Is Correctly Implemented?

(Main Objective)
I need this login class to encrypt the password before it sends it to the database for login verification.

(Alternative Solution)
Force a login with just the username and captcha no password..


This is the original working script..

<?
session_start();
include "config.php";
global $c;
include "data.php";
global $config;
require('funciones.php');
if ($_POST['username']) {


session_start(); 
if($_POST['code']!=$_SESSION['string']){ 
header("Location: login.php?error=1");
}


//Comprobacion del envio del nombre de usuario y password

$username=uc($_POST['username']);
$password=uc($_POST['password']);

if ($password==NULL) {
header("Location: login.php?error=2");
}else{


$query = mysql_query("SELECT username,password FROM tb_users WHERE username = '$username'") or die(mysql_error());
if(mysql_num_rows($query) == 0)
{
header("Location: login.php?error=3");
} else {
$data = mysql_fetch_array($query);
if($data['password'] != $password) {
header("Location: login.php?error=4");
}else{
$query = mysql_query("SELECT username,password FROM tb_users WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($query);

$nicke=$row['username'];
$passe=$row['password'];

//90 day  cookie
setcookie("usNick",$nicke,time()+7776000);
setcookie("usPass",$passe,time()+7776000);


$lastlogdate=time();
$lastip = getRealIP();

$querybt = "UPDATE tb_users SET lastlogdate='$lastlogdate', lastiplog='$lastip' WHERE username='$nicke'";
mysql_query($querybt) or die(mysql_error());

header("Location: members.php");
// echo "Has sido logueado correctamente ".$_SESSION['s_username']." y puedes acceder al index.php.";
// echo "<script>location.href='index.php';</script>";
?>

<META HTTP-EQUIV="REFRESH" CONTENT="0;URL=members.php">

<?
}
}
}
}
?>

<div class="heading">Login</div><br />
<?
if($_GET['error'] == 1)
{
print "<b>Error</b> - Wrong Captcha Code<br /><br/>";
}
if($_GET['error'] == 2)
{
print "<b>Error</b> - Please supply a password<br /><br/>";
}
if($_GET['error'] == 3)
{
print "<b>Error</b> - Invalid Username<br><br>";
}
if($_GET['error'] == 4)
{
print "<b>Error</b> - Invalid Password<br /><br />";
}
?>

<form action="login.php" method="post">
    <table>
        <tr>
            <td class="midtext">Username:</td>
            <td>
            <input type="text" name="username" size="25" class="form" autocomplete="off"></td>
        </tr>
        <tr>
            <td class="midtext">Password:</td>
            <td>
            <input type="password" name="password" size="25" class="form" autocomplete="off"></td>
        </tr>
        <tr>
            <td class="midtext" valign="top">Security Code:</td>
            <td class="midtext">
            <img src="image.php" onclick="this.src='image.php?newtime=' + (new Date()).getTime();">(Click 
            to reload)<br />
            <input type="text" name="code" size="17" maxlength="17" autocomplete="off" class="form"></td>
        </tr>
        <tr>
            <td></td>
            <td align="right">
            <input type="submit" value="Login" name="loginsubmit" class="form"></td>
        </tr>
    </table>
</form>


Let me know if you need any files...

hi im testing out my site and basically when users register their passwords and encrypted for security obs however when i go to test the login with the exact same password as the one used to register the system detects it as invalid when its not, I've literally copy pasted the password so that i was sure it was the same therefore the issue is within the encryption does anyone have an idea how to overcome this I've tested changed names of variables but nothing seems to help I've even got an error reporting function but no error is detected

<?php
error_reporting(E_ALL);
include_once("conninfo2.php");

if(isset($_POST['username']) && trim($_POST['username']) != ""){
	$username = strip_tags($_POST['username']);
	$password = $_POST['password'];
	$hmac = hash_hmac('sha512', $password, file_get_contents('textfiles/key.txt'));
	$stmt1 = $db->prepare("SELECT usersid, password FROM login WHERE username=:username AND activated='1' LIMIT 1");
	$stmt1->bindValue(':username',$username,PDO::PARAM_STR);
	try{
		$stmt1->execute();
		$count = $stmt1->rowCount();
		if($count > 0){
			while($row = $stmt1->fetch(PDO::FETCH_ASSOC)){
				$uid = $row['usersid'];
				$hash = $row['password'];
			}
			if (crypt($hmac, $hash) === $hash) {
				$db->query("UPDATE login SET lastlog=now() WHERE usersid='$uid' LIMIT 1");
				$_SESSION['uid'] = $uid;
				$_SESSION['username'] = $username;
				$_SESSION['password'] = $hash;
				setcookie("usersid", $uid, strtotime( '+30 days' ), "/", "", "", TRUE);
				setcookie("username", $username, strtotime( '+30 days' ), "/", "", "", TRUE);
    				setcookie("password", $hash, strtotime( '+30 days' ), "/", "", "", TRUE); 
				 echo 'Valid password<br />'.$_SESSION['uid'].'<br />'.$_SESSION['username'].'<br />'.$_SESSION['password'].'
				<br />'.$_COOKIE['usersid']; 
				/*header("location: index.php");*/
				exit();
			} else {
				echo 'Invalid password Press back and try again<br />';
				exit();
			}
		}
		else{
			echo "A user with that email address does not exist here";
			$db = null;
			exit();
		}
	}
	catch(PDOException $e){
		echo $e->getMessage();
		$db = null;
		exit();
	}
}
?>				

Hello Everyone,

I have built a simple registration form shown below and Iam trying to get the users to have their passwords encrypted and then entered into my database. I am attempting to use md5 encryption. I have also attached the database connection script.

My goal is when I check my database, I want to see the following: ( id, name, username, encrypted password )

The issue I have is that the form does not process completely. All I get this error (Error: Unknown column 'd8578edf8458ce06fbc5bb76a58c5ca4' in 'field list' ).

Could some tell me or show me " What is it that needs to be corrected either in my Code or SQL insert and /or my Variables" to make this work correctly. I know that its probably a very, very simple fix... Im just stuck at this point.

I really appreciate your help.

thanks,
mrjap1

Code: [Select]
<?php
error_reporting(0);
if($_POST['submit'])
{ //Begining of full IF Statment
$name = $_POST['name'];
$username = $_POST['username'];
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];
// Encrypt Pasword
$enc_password = md5($password);
//$enc_password2 = md5($confirm_password);


// Confirm All feild were filled out when submit button was pressed
if($name && $username && $password && $confirm_password) 
{
// Confirm that the NAME that you used is NOT greater than 30 characters  
 if(strlen($name)>24)
 {
 echo "<h2><center>YOUR NAME IS TOO LONG!!!!</center></h2><br>";
 }
// Confirm that the USERNAME that you used is NOT greater than 10 characters  
if(strlen($username)>10)
 {
 echo "<h2><center>YOUR USERNAME IS TOO LONG!!!!</center></h2><br>";
 }
 else {
 
// Confirm that the PASSWORD that you used MATCH & Between 6 and 15 characters  
if(strlen($password)>10 || strlen($password)<6)
 {
 echo "<h2><center>YOUR PASSWORD MUST BE BETWEEN 6 and 15 CHARACTERS!!!!</center></h2><br>";
 }
if($password == $confirm_password)
{
// Database Connection required
require "db_conncect.php";
// We Now connect to the Dabase and insert the Form input details
//------- ### ENTERING ALL INFORMATION INTO THE DATABASE BELOW ### --------// 


// 1. Create a database connection
$con = mysql_connect("localhost","root",""); // <-- THIS IS WHERE YOU " CAN CHANGE " THE USERNAME IS "root", PASSWORD IS "" ONLY.

if (!$con) {
  die('Database connection failed could not connect: ' . mysql_error());
  }
  
// 2. Select a database to use
$db_select = mysql_select_db("registernow_2012",$con); // <-- THE "registernow_2012" IS THE NAME OF THE DATABASE.
if (!$db_select) {
  die('Database selection failed could not connect: ' . mysql_error());
}

mysql_select_db("registernow_2012", $con); // <-- THE "registernow_2012" IS THE NAME OF THE DATABASE TO BE CONNECTED.

// <-- THE `registernow_2012` IS THE NAME OF THE DATABASE TO BE CONNECTED.... `visitors` IS THE TABLE WITH ALL THE FIELDS WITHI IN THE DATABASE.


$sql="INSERT INTO `registernow_2012`.`users` (
`id` ,
`name` ,
`username` ,
`$enc_password` ,
`confirm_password`
)
VALUES (
NULL , '$_POST[name]', '$_POST[username]', '[$enc_password]', '$_POST[confirm_password]'
)";


if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
}

// 3. Close Connection
mysql_close($con);

header("Location: index.php");  // <-- THIS IS WHERE YOU CAN CHANGE THE "Location: Thank you / Index page" of the THANK YOU PAGE.

}
else 
{
echo "<h2><center>PASSWORDS MUST MATCH!!!!!</center></h2><br>";
}

 }
 
//echo "<h2><center>WORKING!!!!</center></h2>";
}
else echo "<h2><center>ALL FEILDS MUST BE COMPLETED</center></h2>";

} //Ending of full IF Statment
?>

<!DOCTYPE html>
<html lang='en'>
<head>
<title>THE FORM MY WAY NOW</title>
</head>
<div id='centerstage'>
<form name="myform" action="workingitoutproperly.php" method="POST">
<p>
<label>Name</label><br>
<input type='text' name='name' value=''><br>
<label>UserName</label><br>
<input type='text' name='username' value=''><br>
<label>Password</label><br>
<input type='password' name='password' value=''><br>
<label>Re-Enter Password</label><br>
<input type='password' name='confirm_password' value=''><br>
<br>
<input type='submit' name='submit' value='REGISTER NOW!!'>
</p>
</form>
</div>
</html>

Well, I can now add/change/delete data in my db. But then I find I have no security at all. I know that IE/View/Source will display the code, but I did not know that right click on a frame would display that particular frameset code.

Can you point me to a simple php security script. I have looked at many of them  and they are pretty complicated. No need for me to reinvent the wheel and not sure I could do it anyway. I have many other programs I can be working on. I don't need anything extreme as the data is only phone nos. and email addresses. It is just that the site members don't want others to be able to view it.

What if I created a db password table, then simply verified that the entered password was in the file. What kind of security would I have?

Thanks

Hey everyone,

Hopefully i'm putting this question in the correct place!

I've been reading up on password security and in particular how to do it. After reading far too many articles on peoples opinions i believe it is going to be a case of personal preference but I thought i'd put it to the wider audience.

This post will lead to me questioning how to code it correctly using PHP once I have confirmation that what I want to do will be secure.

My way of thinking is to SHA256 on a $site_secret.$nonce.$password

so just to be clear...

1) the site_secret will be a fixed static value that will not be changed and stored away from user data.
2) the nonce will be a value specific to that user such as their username
3) password will be whatever they enter upon registration.

I think I am right in how i'm thinking but correct me if i'm wrong.

Will this be secure? Does anyone disagree and know of a better way??

Thanks

I have been out of the game for a while and i need a bit of guidance on this.   Password: HelloWorld! Salt: mySaltForMyReallyCoolPasswordThatiMadeForPHPFREAKS   MD5 . SALT = 072ce1d7fd7e6f14ba12053a9e057b26   SHA1 . SALT  = d580f4880e29ed757d942623f4d96dab1976d929   Crypt . SALT = my7LFLALq6s3c   password_hash = $2y$13$mySaltForMyReallyCoolO9t3RUqt1WbzVeqqQGxDHqOF/nu2Zhs2     Which security protocol is most prefered.   SALT . MD5 . SALT http://php.net/manua...unction.md5.php   SHA1 . SALT http://php.net/manua...nction.sha1.php   Crypt http://php.net/manua...ction.crypt.php   password_hash http://php.net/manua...ssword-hash.php (new)         function:

<?PHP
$password = "HelloWorld!";
$salt = "mySaltForMyReallyCoolPasswordThatiMadeForPHPFREAKS";

$md5 = md5($password . $salt);

$sha1 = $sha1($password . $salt);

$crypt = crypt($password, $salt);


$o = [
    'cost' => 13,
    'salt' => $salt,
];
$password_hash = password_hash($p, PASSWORD_DEFAULT, $o);

?>

After i get the encrypted password, i will convert it to binary and then store it in the database as a binary.     Which of these methods do you prefer and why? (ps. i might have used password_hash incorrectly).   i don't need any source code, just fill me in
Edited by Richard_Grant, 08 September 2014 - 08:49 AM.

In previous posts you have said that my web site security is no security at all and recommemded standard(?) php programs which utilize the hosts .htaccess folder. I have looked at them and being a beginner at mySQL and php, they are really complicated.

A technical rep at my host says I can do the exact same thing by going into cPanel/Security/Password Protect Directories and setting up a password for the directory. He says then the user will be prompted for the password when they try to access the site. And I do not have to write one single line of code.

Quote

It it is too good to be true it probably is.

If I folllow his advice what kind of security do I have?

Thanks

Hi

I am looking for opinions on the best way to secure user passwords. I am currently using crypt() with a 32 bit salt string... now my main question here would be: Should I store a randomly generated md5 hashed salt in the database for each user, or maybe a single salt string in a config file?

I am looking for the most secure option here.

hello everyone, i try to make a registration script and change password script with PIN as security code, registration script was working perfect, but change password script didn't work. here i give a full code for you to review.

here link to file Test.7z

I hope someone can help and give me information what i'am missing.

Knowing that it has to be set once upon script installation and never changed, what is the most common way to handle this in redistributable scripts?

Should I add a salt value in the config file and ask the user to set it, or should I generate a random value and write it to a file, or should I take a different approach entirely?

i want a situation where, when i upload something into my database, it creates a new table, everytime, i saw this $forum = "CREATE TABLE IF NOT EXISTS for_".$id." (

Hello PhP Freaks forum
In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing.

Here is the code below.

<?php
         if(isset($_SESSION['username']))
         {
            $username = $_SESSION['username'];
            $lastname = $_SESSION['lastname'];
            $firstname = $_SESSION['firstname'];
            $email = $_SESSION['email'];
               
            echo "
            
               <h4>Options for:</h4> &nbsp; $username
               <br />
               <br />
               First name: &nbsp; $firstname
            
               <br />Last name: &nbsp; $lastname       
   
   <br /><br /><h3>Want to change your password:</h3><br />
   
      <form action='?do=option' method='post'>
   
      Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br />
                  <br />
      New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br />
                  <br />
      Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br />
                  
      <center></div><input type='submit' value='Submit'/></center></form>";   
      
            
         }else{
            echo 'Please login to view your options!';
         }
      
      $password = $_REQUEST['password'];
      $pass_conf = $_REQUEST['newpass'];
      $email = $_REQUEST['passconf'];
      
      $connect = mysql_connect("Host", "User", "Password");
      if(!$connect){
      die(mysql_error());
      }
      
      //Selecting database
      $select_db = mysql_select_db("My Database", $connect);
      if(!$select_db){
      die(mysql_error());
      }
      
      //Find if entered data is correct
      
      $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
      $row = mysql_fetch_array($result);
      $id = $row['id'];

            
         mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'")
      
      ?>          

And i do know that i dont have a

if(Empty($newpass)){
Die(Please fill out the new password)                                                 
}

Or any security on the others, but the problem just seems that it resets the password into nothing

Hope i can get this fixed

Best Regards

William Pfaffe

<?php
require_once('upper.php');
require_once('database.php');
echo $error_msg='';
if(isset($_POST['submit']))
{
$LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId']));
$Password1=mysqli_real_escape_string($dbc,trim($_POST['Password1']));
$Password2=mysqli_real_escape_string($dbc,trim($_POST['Password2']));
$Name=mysqli_real_escape_string($dbc,trim($_POST['Name']));
$Age=mysqli_real_escape_string($dbc,trim($_POST['Age']));
$BloodGroup=mysqli_real_escape_string($dbc,trim($_POST['BloodGroup']));
if(!isset($_POST['Sex']))
{
echo 'Please enter Sex<br>';
}
else{
$Sex= mysqli_real_escape_string($dbc,trim($_POST['Sex']));
}
$Qualification=mysqli_real_escape_string($dbc,trim($_POST['Qualification']));
$ContactNumber=mysqli_real_escape_string($dbc,trim($_POST['ContactNumber']));
$Email=mysqli_real_escape_string($dbc,trim($_POST['Email']));
$Address=mysqli_real_escape_string($dbc,trim($_POST['Address']));
$AboutYourself=mysqli_real_escape_string($dbc,trim($_POST['AboutYourself']));
//$countCheck=count($_POST['checkbox']);
//echo $countCheck;
//$checkbox=$_POST['checkbox'];
//$countCheck=count($checkbox);
if(empty($LoginId)){echo 'Please enter Login Id';}
elseif(empty($Password1)){echo 'Please enter Password';}
elseif(empty($Password2)){echo 'Please confirm Password';}
elseif($Password1!==$Password2){echo 'Password didn\'t match';}
elseif(empty($Name)){echo 'Please enter Name';}
elseif(empty($Age)){echo 'Please enter Age';}
elseif(!isset($_POST['Sex'])){}
elseif(empty($Qualification)){echo 'Please enter Qualification';}
elseif(empty($ContactNumber)){echo 'Please enter Contact Number';}
elseif(empty($Email)){echo 'Please enter Email';}
elseif(empty($Address)){echo 'Please enter Address';}
elseif(empty($AboutYourself)){echo 'Please enter About Yourself';}
elseif(!isset($_POST['checkbox'])){ echo 'You have to register at least one activity.';}
elseif(!isset($_POST['TermsAndConditions'])){ echo 'You have to agree all Terms and Conditions of Elite Brigade.';}
else
{
require_once('database.php');
$query="select * from registration where LoginId='$LoginId'";
$result=mysqli_query($dbc,$query);
if(mysqli_num_rows($result)==0)
{
$checkbox=$_POST['checkbox'];
$countCheck=count($_POST['checkbox']);
$reg_id=' ';
for($i=0;$i<$countCheck;$i++)
{
$reg_id=$reg_id.$checkbox[$i].',';
$query="insert into activity_participation (LoginId,Title,Date) values ('$LoginId','$checkbox[$i]',CURDATE())";
$result=mysqli_query($dbc,$query) or die("Not Connected");
}
$query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,ContactNumber,Email,Address,AboutYourself,Activity)values ('$LoginId'[B],SHA('$Password1'),[/B]'$Name','$Age','$BloodGroup','$Sex','$Qualification','$ContactNumber','$Email','$Address','$AboutYourself',',$reg_id')";
$result=mysqli_query($dbc,$query) or die("Not Connect");

echo ' Dear '.$Name.'.<br>Your request has been mailed to admin.<br>Your account is waiting for approval<br>';
$from= 'Elite Brigade';
$to='ankitp@rsquareonline.com';
$subject='New User Registration';
$message="Dear admin,\n\nA new user request for registration. Please check it out.\n\nRegards\nMicro";
mail($to,$subject,$message,'From:'.$from);
//header('Location: index.php');
// header('Location: Registration.php');
}
else
{
echo 'Dear '.$Name. ', <br> An account already exist with login-id<b> '.$LoginId.'</b> <br>Please try another login-id';
}}
}
?>

<html>
<head>
<script src="jquery-latest.js"></script>
  <script type="text/javascript" src="jquery-validate.js"></script>
<style type="text/css">
* { font-family: Verdana;  }

label.error {  color: white;  padding-left: .5em; }
p { clear: both; }
.submit { margin-left: 12em; }
em { font-weight: bold; padding-right: 1em; vertical-align: top; }
</style>
  <script>
  $(document).ready(function(){
    $("#commentForm").validate();
  });
  </script>
  
</head>

<body>

<?php
echo $error_msg; ?>

<form action='<?php echo $_SERVER['PHP_SELF'];?>' id="commentForm" method='post'>
<div class="registration_and_activity">

<table border="0" width="380">
<tr><td colspan="2">
<h3>New User?</h3></td></tr>
<tr><td width="120">

<em>*</em>Enter Login id</td><td width="150"><input type='text' name='LoginId'  minlength="4" value='<?php if(!empty($LoginId))echo $LoginId;?>' /></td></tr>
<tr><td>
<em>*</em>Enter Password</td> <td><head>
   <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div>
   <SCRIPT language=Javascript>

function capLock(e){
 kc = e.keyCode?e.keyCode:e.which;
 sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false);
 if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk))
  document.getElementById('divMayus').style.visibility = 'visible';
 else
  document.getElementById('divMayus').style.visibility = 'hidden';
}

</SCRIPT>
   </HEAD>
<input onkeypress='return capLock(event)' type='password' name='Password1' value='<?php if(!empty($Password1))echo $Password1;?>' /></td></tr>

<tr><td>
<em>*</em>Confirm Password</td><td><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>' /></td></tr>
<tr><td width="120">
<em>*</em>Enter Name</td> <td><input type='text'  name='Name' value='<?php if(!empty($Name))echo $Name;?>' /></td></tr>
<tr><td>
<em>*</em>Enter Age</td><HEAD>
   <SCRIPT language=Javascript>
      
      function isNumberKey(evt)
      {
         var charCode = (evt.which) ? evt.which : event.keyCode
         if (charCode > 31 && (charCode < 48 || charCode > 57))
            return false;

         return true;
      }
  
  
     
   </SCRIPT>
   </HEAD>
<td><INPUT onkeypress='return isNumberKey(event)'  type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'/></td></tr>

<tr><td>
<em>*</em>Enter Blood</td><td><input type='text' name='BloodGroup' value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Sex</td><td><input type='radio' name='Sex'  style='width:16px; border:0;' 'value='Male' />Male   <input type='radio' name='Sex' style='width:16px; border:0;' 'value='Female' />Female</td></tr>

<tr><td>
<em>*</em>Enter Qualification</td><td><input type='text' name='Qualification'  value='<?php if(!empty($Qualification))echo $Qualification;?>' /></td></tr>

<tr><td>
<em>*</em>Contact Number </td><td><input onkeypress='return isNumberKey(event)'type='text'  name='ContactNumber' value='<?php if(!empty($ContactNumber))echo $ContactNumber;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Email</td><td><input type='text' name='Email'class="email" value='<?php if(!empty($Email))echo $Email;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Address</td><td><input type='text'   name='Address' value='<?php if(!empty($Address))echo $Address;?>' /></td></tr>


<tr ><td >
<em>*</em>About Yourself </td></tr>
<tr><td colspan="2"><textarea rows='10' cols='40'  name='AboutYourself'  /><?php if(!empty($Address))echo $Address;?></textarea></td></tr>
<tr><td>

<?php echo"
<tr><td colspan='2'><em>*</em><b>Select fields for which you want to register</b></td></tr>";

require_once('database.php');
$query="select * from activity";
$result=mysqli_query($dbc,$query);
while($row=mysqli_fetch_array($result)){
$Title=$row['Title'];
$ActivityId=$row['ActivityId'];
echo "<tr><td>$Title</td>";
echo "<td><input type='checkbox' name='checkbox[]' value='$Title' style='width:14px; text-align:right;'/></td></tr>";//value=$ActivityId tells ActivityId variable extracts with name="checkbox"
echo "<br/>";
}
echo "<td><em>*</em><input type='checkbox' name='TermsAndConditions'  style='width:14px; text-align:right;'/></td><td> I agree all <a href='TermsAndConditions.php'>Terms and conditions </a>of Elite Brigade</td></tr>";
echo "<tr><td colspan='2' align='center'><input type='submit' value='Register' name='submit' style='background:url(./images/button_img2.png) no-repeat 10px 0px; width:100px; padding:3px 0 10px 0; color:#FEFBC4; border:0;'/></td></tr><br>";

echo " </td></tr></table>

</div>

</form>
</body>
</html>";
require_once('lower.php');

?>


Hi Friends ....
I encrypt user password by SHA('$Password') method but now i want to add "Forget Password Module" for which I need to decrypt it first before tell my user but I don't Know how to decrypt it.
Please help me........

Hi guys, i'm new to this forum, and a junior php guy.   i need to encrypt a google address like this: https://redirector.g...=web&cver=html5   i use picasa for my client to store car video etc to show and i want embed in iframe with a jwplayer that i'm customizing.   i see some sample that transform a address like this https://redirector.g...=web&cver=html5 in something like this --> http:\/\/r20---googlevideo.com\/picasa\/redirect.php?encrypt=0f10fd0fd0f90c30b80b80fb0ee0ed0f20fb0ee0ec0fd0f80fb0b70f00f80f80f00f50ee0ff0f20ed0ee0f80b70ec0f80f60b80ff0f20ed0ee0f80f90f50ea1020eb0ea0ec0f40c80f20ed0c60bc0bc0bc0be0c00bb0c00c00c10ed0bf0ed0ee0b90bb0bb0af0f20fd0ea0f00c60bb0bb0af0fc0f80fe0fb0ec0ee0c60f90f20ec0ea0fc0ea0af0ec0f60f80c60fc0ee0f70fc0f20fd0f20ff0ee0e80ec0f80f70fd0ee0f70fd0ae0bc0cd1020ee0fc0af0f20f90c60b90b70b90b70b90b70b90af0f20...etc etc...    i see that there is a redirect.php?encrypt=....... how i can do that?    Thanks in advance 'cause frankly speaking i don't know also what i must search on google.        

Hi Guys   I am fairly new to php, I am trying to build a registration form but I am struggling with encrypting the password (I will also be salting the password at a later stage to make it more secure).   The below line of code encrypts the password but saves the values as the values states in the code e.g password saves as 'pass'   $q = "INSERT INTO users (first_name,last_name,email,pass,registration_date) VALUES ('first_name','last_name','email', SHA1('pass'), NOW())";   The below code saves all the values that the user inputs xcept the password which is blank and the message 'Undefined index: SHA1('pass')' is returned   $q = "INSERT INTO users (first_name,last_name,email,pass,registration_date) VALUES ('".$_POST["first_name"]."','".$_POST["last_name"]."','".$_POST["email"]."','".$_POST["SHA1('pass')"]."', NOW())";   I am hoping someone may be able to help me as I have no idea how to fix this. Thank you in advance