|
PHP - Rsa Verifying Failing
Hello All,
I am working on a project where the client has provided me with the public key file and the private-key is being passed via url, along with 2 params that will be used on my end.
These are the basics of the process that I am to use for verifying.
Generate your own plaintext message matching the format of the string provided Create a SHA1withRSA hash of this message using the provided public key (UTF-16LE encode and pass this value) Base64 decode the signature Using a SHA1withRSA validator, verify your hashed message matches the Base64 decoded value in step 3 At this point I have performed steps 1-3 but am having an issue with step 4. The code is failing here. When I say failing I mean it is not being verified. $base64Sig = base64_decode($signature, true); $publickey = getPemKey(); Similar TutorialsHey, Within my experience of PHP, I have never had anything to do with making secure payments before. And this is a problem I can't seem to get around. I want to let people purchase a premium version of a game, and it will add their name to a PHP file or databse after they are redirected from PayPal to a special page that adds their username to the PHP file after typing it in. How would one make sure they don't just go to the webpage VIA the URL, and that they only came from the PHP redirect after purchase? !@file_get_contents("http://www.myspace.com/$id")?"FAILURE...":"SUCCESS...\n"); How does it know to print out Failure or Success? What does the !@ mean in front of fgc? Hi, I currently have some PHP scripts that verify form data using ereg() as follows: if (ereg(".",$var1)==0) { //do something } where instead of the argument "." I also use "\@" or "\....*", etc. to test whether certain form input is in the correct format (e.g. testing for a valid email address, etc.). However, I have understood that ereg() is being deprecated. What is the best/easiest function to replace ereg() with? Thanks! So basically my project is one where the user can log onto my website, and the page then checks if the ID and password are in my table in my microsoft access file. If the username and password are the same, the user continues, if it isnt, then it stays on the same page and says something like "username and/or password are incorrect" or something along the lines of that. the problem is right now im not sure how to make it say "ERROR username and/or password is incorrect" if the username and password dont match. Can someone help me with this? and also make sure if the username and password are correct that it goes to the next page, entitled searchpage.php here is the code Code: [Select] <html> <head> <style type="text/css"> </style> </head> <body style="text-align:center"> <div id='title'> </div> <?php print_r ($_POST) ; if if (isset($_POST['Login'])) { if(isset($_POST['username'])){ $username= $_POST['username'] ; } if(isset($_POST['password'])){ $TABLE= $_POST['password'] ; } $username = null ; $password = null ; $connection = odbc_connect('Olympics', '', ''); if (!$connection) {exit("Conection Failed: " . $connection);} $username = stripslashes($username); $password = stripslashes($password); $sql = "select * from users where users = '$username' and passwords = '$password'"; $rs=odbc_exec($connection,$sql); $count=odbc_num_rows($rs); if ($count == 1) { $_SESSION['loggedIn'] = "true"; header("Location: searchpage.php"); } else { $_SESSION['loggedIn'] = "false"; header("Location: index.php"); echo "Login failed" ; } } echo "<form action='index.php' method='post'> \n" ; echo" Please enter your username and password if you wish. <br/> \n" ; echo "Username: <input type='text' name='username' > \n " ; echo "Password: <input type='password' name='password' > \n" ; echo "<input type='submit' value='Login' name='Login'> <br/> \n" ; echo "<input type='submit' value='You may also continue you as a guest.'> \n" ; echo "</form>" ; ?> </body> </html> Please help with this, it not going to the .html controller and returing the values need, it captures the email form values, bu then fails with a 406 error.
Please help
$('#newsletter').submit(function() {
//E-mail is passed
var values = $(this).serialize();
var formRef = $('form').attr('id');
var dataString = JSON.stringify(values);
//var values = $("#newsletter_email").val();
if($('#newsletter_tc_check').is(':checked')){
$.ajax({
type: 'POST',
url: "./saveNewsletterSignupEmailPost.html",
dataType: 'json',
data: dataString,
contentType: 'application/json',
mimeType: 'application/json',
success: function(data) {
var result = $.parseJSON(data);
if(result.form == formRef){
$('.success.message').contents().find('h4').text(success.text());
VanillaReload.notify.showNotification("success");
$("#newsletter_email").val("");
}else{
$('.error.message').contents().find('h4').text(error.text());
VanillaReload.notify.showNotification(".error");
}
}
});
return false;
}else{
$('.error.message').contents().find('h4').text(error.text());
vanillaeGift.notify.showNotification(".error");
}
return false;
});
Why is this line of code not sending an e-mail to my gmail account? Code: [Select] mail($email, ' Log-In Issue', $body, 'From: admin@MySite.com <admin@MySite.com>'); I stepped through my code, and $email = 'debbies_email_account@gmail.com' I'm confused?! Debbie I've got an autodownloader for a file that I want my users to download when they click a link and the file is right but when a user downloads the file, the file is corrupted. Code: [Select] <?php header('Content-Type: application/x-rar'); header('Content-Length: ' . strlen($data)); header('Content-Disposition: attachment; filename=Addypk.rar'); header('Content-type: application/octet-stream'); ?> It's not downloading the actual content of the file, rather, it's downloading the shell. Any ideas? I am building a whitelist based bbcode sanitiser that allows only permitted bbcode element (the
tag. All other bbcode elements will be rejected regardless of what they are. Also, this system should reject empty bbcode tag This is the function below:
$val = 'This is a post with code, [code]cmmcxm[/code]';
/* The negative lookahead regex contruct in the function below ensures all opening
square brackets must
be followed by this regex inside the lookahead(code\](.)+\[\/code\])
*/
function isSuspect($val)
{
// create a pattern to whitelist allowed bbcode phrase
$pattern = '/[(?!(code\](.)+\[\/code\]))/i';
// if one of the suspect phrases is found, reject \[(?!(code\]\[/code\]))
if (preg_match($pattern, $val))
{
return '<div id="login-alert" class="alert alert-danger col-sm-12">You can not post that, it appears you may have included banned words or code tags in your post.<br/>If you think this is not the case, kindly contact the portal administrator <a href="#"><img class="warning" src="assets/img/icons/mail-black.png" alt="" /> here</a></div>';
}
}
echo isSuspect($val);
This function is not validating $val = 'This is a post with code,
cmmcxm'; and I was thinking it should. I would appreciate inputs to finish this. Thanks. I'm now having a problem with PHP uploads on the test site I'm working on. There is a special page called "cart_import.php" that directs CSV files selected for uploading to the "files" directory in the same location as the the page mentioned, and from there works on updating the website's front end with the data in the CSV file. But, when I try and upload the file, the page reports that it's failing to receive the upload entirely. I've confirmed with the host that the php.ini file does allow uploads, the "files" directory is set to write access and upload size allowed is a little over 2MB. Is there perhaps another thing I'm missing to allow uploads, something that I haven't found yet with Google? Hi I.m trying to load an RSS feed from a google calendar. I'm using a script from the w3schools website which works with the demo RSS feeds. I changed the URL to my google calendar and for some reason it can't open the feed. I get an error: Warning: DOMDocument::load() [domdocument.load]: I/O warning : failed to load external entity I changed the calendar to a shared one and tried that URL but same result. I found another script specifically for google calendar feed but same results. The scripts open with other feeds but not google calendar. ANy ideas? Code: [Select] <?php //get the q parameter from URL $q=$_GET["q"]; //find out which feed was selected if($q=="Google") { $xml=("https://www.google.com/calendar/feeds/...group.calendar.google.com/private-313f84595f6e8dbfc7dc80f450d3e8be/basic"); } elseif($q=="MSNBC") { $xml=("http://rss.msnbc.msn.com/id/3032091/device/rss/rss.xml"); } $xmlDoc = new DOMDocument(); $xmlDoc->load($xml); I removed the unique id for the calendar for now Any help appreciated I'm compiling and running C++ applications from PHP. I'm using backticks to capture the output of the applications ran. The output is just some simple text. In my case "Miles per gallon = x" where x is just a number. I cannot for the life of me get the comparison to return true. For example Code: [Select] $command1="./a.out1 <input1"; $a = `$command1`; $command2="./a.out2 <input2"; $b = `$command2`; if(strcmp($a,$b)==0){ ... } else{ // this is always executing ... } The two strings $a and $b are both "Miles per gallon = 10". I have checked both variables using var_dump(bin2hex($a)) and get dump1= string(42) "4d696c6573207065722067616c6c6f6e203d203130" dump2= string(42) "4d696c6573207065722067616c6c6f6e203d203130" Any idea on what's happening? i am using PHRETS ( http://dangodesign.n...h-rets-for-php/ ) to pull data off of a MLS RETS server. i am successfully connecting to the server so the conditional is passing. but my queries are pulling no results. the provider tells me DMQL2 is the database. ive only ever worked with MySQL so im in the dark.
if($connect)
{
$sixmonths = date('Y-m-d\TH:i:s', time()-15778800); // get listings updated within last 6 months
/* Search RETS server */
$search = $rets->SearchQuery
(
'Property', // Resource
//6, // Class
'ResidentialProperty',
'((Lud='.$sixmonths.'+),(Status=A))', // DMQL, with SystemNames
array(
'Format' => 'COMPACT-DECODED',
'Select' => 'sysid,49,112,175,9,2302,2304',
'Count' => 1,
'Limit' => 20
)
);
/* If search returned results */
if($rets->TotalRecordsFound() > 0)
{
while($data = $rets->FetchRow($search))
{
print_r($data);
}
}
else
{ echo '0 Records Found'; }
$rets->FreeResult($search);
}
Hello everyone:
I'm having trouble with code that compares a Form value ($uname) to Field values (username) from my database. In testing, I'm using the same Form data over and over, and I now have several identical records instead of just one unique record for this user.
if (empty($_POST["uname"])) {
$unameErr = "* Username is required";
} else {
$uname = test_input($_POST["uname"]);
if (!preg_match("/^[a-zA-Z0-9]*$/",$uname)) {
$unameErr = "* Only letters and numerals are allowed";
} else {
// Now sure the username is legit, we check to see if it's a
// unique username by comparing it to all usernames already in member table.
require_once 'login.php'; // This file contains database access credentials
$db_conn = new mysqli($db_hostname, $db_username, $db_password, 'login');
if($db_conn->connect_error) die ('Connect Error: ('.$db_conn->connect_errno.')'.$db_conn->connect_error);
$query = "select username from member"; // Only selecting the field to compare to
$result = $db_conn->query($query);
if(!$result) die ('Database access failed: ('.$db_conn->connect_errno.')'.$db_conn->connect_error);
$rows = $result->num_rows;
for($i = 0; $i <= $rows; $i++) {
if(mysqli_fetch_assoc($result) == $uname) {
$unameErr = "* Username already in use. Please choose another.";
mysql_close($db_conn);
exit;
}
}
$query = "insert into member values(NULL, '$uname', '$pwd1', '$fname', '$lname')";
$result = $db_conn->query($query);
if(!$result) die ("Database insertion failed: ".mysql_error());
}
}
This is my first attempt at this using PHP and am pleased that I can at least access my db. But I just can't figure out how to make this comparison check.
Thanks in advance for any help you offer.
~Landslyde
OK, so I dont think this is a code issue as such, but I am completely stumped as to where the issue could be. I have a page with some standard include() functions at the top. When I access the page from home, everything operates as it should, when I access it from work (on multiple machines), I get the standard "unable to open stream" and "unable to access" warnings for the include statements. I have tried hard refreshing and deleting cache (not that it should make a shred of difference) etc, but the error is still there after a week or so. Does anyone know what could be causing this issue? adding photo,Array ( [name] => profilepic.jpeg [type] => image/jpeg [tmp_name] => C:\xampp\tmp\phpB923.tmp [error] => 0 [size] => 152127 ) Hi, We have been using this code for ages, but suddenly for some reason we cannot upload an image using the code below. When we try to Print_r the $profilephoto variable, I get this error. The filename is correct, but what is that [error]?? And how do I resolve it? Oddly it does upload it locally, but LIVE, it won't This is the code.
if (isset($updatephoto))
{
echo "adding photo,";
print_r($profilephoto);
define ("MAX_SIZE","5000");
function getExtension($str) {
$i = strrpos($str,".");
if (!$i) { return ""; }
$l = strlen($str) - $i;
$ext = substr($str,$i+1,$l);
return $ext;
}
$errors=0;
if($_SERVER["REQUEST_METHOD"] == "POST")
{
$image =$_FILES["profilephoto"]["name"];
$uploadedfile = $_FILES['profilephoto']['tmp_name'];
if ($image)
{
$filename = stripslashes($_FILES['profilephoto']['name']);
$extension = getExtension($filename);
$extension = strtolower($extension);
if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif"))
{
echo "Unknown Extension..!";
}
else
{
$size=filesize($_FILES['profilephoto']['tmp_name']);
if ($size > MAX_SIZE*1024)
{
echo "File Size Excedeed..!!";
}
if($extension=="jpg" || $extension=="jpeg" )
{
$uploadedfile = $_FILES['profilephoto']['tmp_name'];
$src = imagecreatefromjpeg($uploadedfile);
}
else if($extension=="png")
{
$uploadedfile = $_FILES['profilephoto']['tmp_name'];
$src = imagecreatefrompng($uploadedfile);
}
else
{
$src = imagecreatefromgif($uploadedfile);
echo $scr;
}
list($width,$height)=getimagesize($uploadedfile);
$newwidth=600;
$newheight=($height/$width)*$newwidth;
$tmp=imagecreatetruecolor($newwidth,$newheight);
imagecopyresampled($tmp,$src,0,0,0,0,$newwidth,$newheight,$width,$height);
$pic=($_FILES['profilephoto']['name']);
$random = (rand()%99999999);
$newname="$random"."$pic";
$filename = "images/profiles/". $newname;
imagejpeg($tmp,$filename,100);
imagedestroy($src);
imagedestroy($tmp);
}}
}
$query = ("UPDATE users SET profilephoto =:newname WHERE id =:userid");
$result = $pdo->prepare($query);
$result->execute(array(':userid' => $userid, ':newname' => $newname));
echo "<script>
window.location.replace('/profile/')
</script>";}
Good evening! My application just broke about 2 hours ago and for the life of me I don't know what I did to it?! (I was coding a different file, and when I tried to run the main - unrelated index.php - things stopped working?!) Here is a snippet of the suspect code... if ($rows == 0){ // Email and Username are available. // Add User to the database. $q = "INSERT INTO users(username, email, pass, first_name, last_name, date_expires) VALUES('$u', '$e', '" . get_password_hash($p) . "', '$fn', '$ln', ADDDATE(NOW()), INTERVAL 1 MONTH))"; $r = mysqli_query($dbc, $q); When I step through my code in NetBeans, the INSERT is failing and I don't know why because I haven't touched this code since this morning and it was working all day... Please help! TomTees Can anyone explain this? Warning: get_browser() [function.get-browser]: browscap ini directive not set in /home/albany/public_html/players_dir/dirupdate.php on ..... I'm trying to determine the browser so I can juggle my html a little bit. Another bizzare thing that stopped working all of a sudden... I have a registration form and this code no longer works... // Check for First Name. // Allow letters, space, period, apostrophe, and hyphen. if (preg_match('/^[A-Z\'.-]{2-20}$/i', $_POST['first_name'])){ $fn = mysqli_real_escape_string($dbc, $_POST['first_name']); } else { // Add error-message to array. $reg_errors['first_name'] = 'Please enter your first name!'; } All day when I typed in a two letter answer - to speed up typing and testing - things worked fine, but now I get a built-in error message off to the side of the input box. I typed 'ee' and that always worked before but no luck now. The Reg Ex hasn't changed. Could it be that there is a database connectivity issue that is screwing up my RegEx?? If I comment out all of the RegEx stuff then it works and my INSERT works - thanks to AlexWD TomTees i have a simple class which sees if there are any members in the database with the supplied details, then returns a simple number to show how many results there are, but it isnt working and throwing the error: Code: [Select] Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\classTest\classes\user_process.php on line 52 here is the class: require_once("db_mysql.php"); require_once("./init.php"); class emptyArgs extends Exception { function __toString() { return "<strong>Empty Arguments</strong>"; } } class user_process { public $user_name; public $password; public function login($user_name, $password) { try { if (empty($user_name) || empty($password)) { throw new emptyArgs(); } if ($user_name == "") { throw new emptyArgs(); } } catch (emptyArgs $e) { echo $e; echo "<p>Please Supply All Details Marked *</p>"; } echo $user_name; echo $password; $query = <<<QUERY SELECT COUNT(*) FROM ".TBL_PREFIX."members WHERE user_username = '$user_name' AND user_password = '$password' QUERY; $process = mysql_query($query); $result = mysql_num_rows($process); // Line 52 where the error originates return $result; } } and here is the call: $user = new user_process(); $user->login("username", "password"); All of the database details are correct and the values do match in the database. Where am i going wrong? Note that this class is just for testing and not actually used. |
|||||||