Learn VBA & Macros in 1 Week!

PHP - Is It Okay To Have Password Hash In Session?

Full Excel VBA Course - Beginner to Expert

Is It Okay To Have Password Hash In Session?	View Content

I have a login system Username and Password. My password is encrypted with bcrypt, if it okay to store that bcrypt in a session as $_SESSION["hash"] To verify that the user is who they say they are? Or do i only need to do $_SESSION["username"]

Full Excel VBA Course - Beginner to Expert

Safe Password Hash

Similar Tutorials

View Content

Hi, Recently I've been trying writing a safe password hash and I wanted to know that if I use an MD5 hash at the end, just so it will be like some short of "packed",so instead of saving a 128 string, I'll use md5 to "pack" it into 32 characters and save up to 96 characters. I know MD5 isn't safe and all, but the question is, does it lower the security ? Also, would be happy for feedbacks about my password hash

function hash_($input,$key) {

     $op=hash("whirlpool",hash("sha512",$key) . "$" . $input . "$" . hash("sha512",$key));

Updating Hash Password

Similar Tutorials

View Content

Hi,

I am trying to get this script to execute as an administrator of an online system.

If a user has forgotten their password, I enter their username and enter a new password which they can update later.

I am not sure why this is not updating the password for the username entered?

<?php
// Initialize the session
session_start();
 
// Check if the user is logged in, if not then redirect to login page
if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){
    header("location: login.php");
    exit;
}
 
// Include config file
require_once "config.php";
 
// Define variables and initialize with empty values
$new_password = $confirm_password = "";
$new_password_err = $confirm_password_err = "";


 
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
 
    // Validate new password
    if(empty(trim($_POST["new_password"]))){
        $new_password_err = "Please enter the new password.";     
    } elseif(strlen(trim($_POST["new_password"])) < 6){
        $new_password_err = "Password must have atleast 6 characters.";
    } else{
        $new_password = trim($_POST["new_password"]);
    }
    
    // Validate confirm password
    if(empty(trim($_POST["confirm_password"]))){
        $confirm_password_err = "Please confirm the password.";
    } else{
        $confirm_password = trim($_POST["confirm_password"]);
        if(empty($new_password_err) && ($new_password != $confirm_password)){
            $confirm_password_err = "Password did not match.";
        }
    }
        
    // Check input errors before updating the database
    if(empty($new_password_err) && empty($confirm_password_err)){
        // Prepare an update statement
        $sql = "UPDATE User_Accounts_ SET password = ? WHERE username = ?";
        
        if($stmt = mysqli_prepare($link, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, "ss", $param_password, $username);
            
            // Set parameters
            $param_password = password_hash($new_password, PASSWORD_DEFAULT);
            $username = $_POST['username'];
            
            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                // Password updated successfully. Destroy the session, and redirect to login page
                session_destroy();
                header("location: login.php");
                exit();
            } else{
                echo "Oops! Something went wrong. Please try again later.";
            }

            // Close statement
            mysqli_stmt_close($stmt);
        }
    }
    
    // Close connection
    mysqli_close($link);
}
?>
 
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Reset Password</title>

    <style type="text/css">
        body{ font: 14px sans-serif; }
        .wrapper{ width: 350px; padding: 20px; }
    </style>
</head>
<body>
    <div class="wrapper">
        <h2>Reset Password</h2>
        <p>Please fill out this form to reset your password.</p>
		<p><strong>Username</strong>
                <input type="text" name="username" class="form-control">
              
            </p>
		<p>&nbsp;</p>
        <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post"> 
            <div class="form-group <?php echo (!empty($new_password_err)) ? 'has-error' : ''; ?>">
                <label>New Password</label>
                <input type="password" name="new_password" class="form-control" value="<?php echo $new_password; ?>">
                <span class="help-block"><?php echo $new_password_err; ?></span>
            </div>
            <div class="form-group <?php echo (!empty($confirm_password_err)) ? 'has-error' : ''; ?>">
                <label>Confirm Password</label>
                <input type="password" name="confirm_password" class="form-control">
                <span class="help-block"><?php echo $confirm_password_err; ?></span>
            </div>
            <div class="form-group">
                <input type="submit" class="btn btn-primary" value="Submit">
                <a class="btn btn-link" href="welcome.php">Cancel</a>
            </div>
        </form>
    </div>    
</body>
</html>

How To Add Sha1 Hash Password To Login Page

Similar Tutorials

View Content

Hi guys I have a script which i've been playing around with thanks to Spiderwell: http://www.phpfreaks.com/forums/index.php?action=profile;u=35078

I have sort of merged it with another 'member managment' script which is working great.

Now i can't seem to correctly create a login page to pass the hashed password using (sha1).

Now all i want to do is verify the username and the (hashed) password according to the database and allow the user in. The script i am using to check login works fine without a hashed password in the database. But ideally i'd like to use a hashed form of password.

Can somebody show me what change i need to make in this script below in order to pass a sha1 hashed password? I'm guessing it's a really small change from the examples i've seen online, but i just cant seem to get mine to work. :|

Your help would be much appreciated.

Login Page PHP:

Code: [Select]
<form name="login" method="post" action="check_login.php3">
<p><strong>Secured Area User Log-in</strong></p>
<p>Username: <input name="bioname" type="text" id="bioname"></p>
<p>Password: <input name="biopass" type="password" id="biopass"></p>
<p> </p>
<p><input type="submit" name="Submit" value="Login"></p>
</form>

Check Login Processor (which is the file i that needs the sha1 added somewhere i think)

Code: [Select]
<?php
require_once('config.php3');

// Connect to the server and select the database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db")or die("Unable to select database");

//
$loginusername = false;
$loginpassword = false;

$err = false; // default error message is empty

// The username and password sent from login.php
//the isset() basically means if its there get it, otherwise dont bother

if (isset($_POST['bioname'])) $loginusername=$_POST['bioname'];
if (isset($_POST['biopass']))$loginpassword=$_POST['biopass'];

// if either isnt filled in, tell the user, a very basic bit of validation

if (!$loginusername || !$loginpassword) $err = "please complete the form";
if (!$err) //if no error continue

{
//The following bit of coding protects from MySQL injection attacks

$loginusername = stripslashes($loginusername);
$loginpassword = stripslashes($loginpassword);
$loginusername = mysql_real_escape_string($loginusername);
$loginpassword = mysql_real_escape_string($loginpassword);

//you could add other things like check for text only blah blah

$sql="SELECT * FROM $tbl WHERE bioname='$loginusername' and biopass='$loginpassword'";

$result=mysql_query($sql);
// Count how many results were pulled from the table
$count=mysql_num_rows($result);

// If the result equals 1, continue
if($count==1)
{
session_start();
$_SESSION['user'] = $loginusername; // store session data
//please see I have used a session variable that is generic not specific, otherwise you will have to make this page different for every user
//that would be a pain in the ass, you don't need to have user1 or user2, its the value stored that relevant, not what the variable name is
header("Location: {$loginusername}/index.php3");

}
else
{
$err = "Wrong Username or Password";
}
}// end login if statement

if ($err) // show error message if there is one
{
echo $err;
echo "<br>Please go back in your browser and try again";
}
?>

The secure page:

Code: [Select]
<?php
session_start();

$mypath = $_SERVER["REQUEST_URI"];
//echo $mypath; // for debugging
//now we have the path lets see if the username is in that path, i.e. test2 is inside /something/test2/index.php
//use the built in strpos() function, which returns position of the last occurance of the string you are looking for inside another string.
//http://php.net/manual/en/function.strrpos.php

if(strpos($mypath,"/".$_SESSION['user']."/"))//on testing it failed initially as username test is found in path /test2/ so i added the slashes to stop that. so /test/ doesnt get found in /test2/
{
echo "congratulations you are the right person in the right place";
}
else
{
session_destroy(); //kill the session, naughty person trying to come here
header("Location: ../login.php3");
die();// stop page executing any further
}

?>

<html>
<body>

</body>
</html>

Thanks and i look forward to your replies.

Hash Password Checker - (unexpected T_elseif Error)!

Similar Tutorials

View Content

Alright, I have created a hash password checker and here is my code:

include("include.php"); // include the mySQL info!

$users = mysql_query(" SELECT * FROM User "); // Select all from the users table in the database!
while($row = mysql_fetch_array($users)) // While it fetches the users do the following...
{
if (hash("sha256", $password) == $row["Password"])
echo "Congratulations! The Hash matches the password entered into the database!";
}
elseif (hash("sha256", $password) != $row["Password"])
{
echo "Your Hash failed to match the password entered!";
}

Now for some reason this displays a totally blank page. When I turn error display on I get the error "Unexpected T_ELSEIF" on this line elseif (hash("sha256", $password) != $row["Password"])

Any help is appreciated...

Validating/signing In With Password Singed Up With After Sha1 Hash/salt

Similar Tutorials

View Content

Hi, I am limbo with this one. What I have makes sense to me, but I know I'm missing something or doing something wrong

I have been able to hash passwords with salt by new people registering to my site by doing this:

if(!$error) {

$alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcedfghijklmnopqrstuvwxyz1234567890";
$rand = str_shuffle($alpha);
$salt = substr($rand,0,40);
$hashed_password = sha1($salt . $_POST['password']);

$query = "INSERT INTO `cysticUsers` (
`FirstName`,
`LastName`,
`Email`,
`Password`,
`salt`,
`RelationshipToCF`,
`State`,
`Gender`,
`Birthday`,
`Status`
)VALUES(
'" . mysql_real_escape_string($_POST['firstName']) . "',
'" . mysql_real_escape_string($_POST['lastName']) . "',
'" . mysql_real_escape_string($_POST['email']) . "',
'" . $hashed_password . "',
'" . $salt . "',
'" . mysql_real_escape_string($_POST['RelationToCF']) . "',
'" . mysql_real_escape_string($_POST['State']) . "',
'" . mysql_real_escape_string($_POST['sex']) . "',
'" . mysql_real_escape_string($_POST['DateOfBirth_Year'] . "-" . $_POST['DateOfBirth_Month'] . "-" . $_POST['DateOfBirth_Day']) . "',
'pending'
)";
mysql_query($query, $connection);

I have been able to to update EXISTING users passwords by doing this:

$query = "SELECT * FROM `cysticUsers`";
$request = mysql_query($query,$connection);

while($result = mysql_fetch_array($request)) {

$alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcedfghijklmnopqrstuvwxyz1234567890";
$rand = str_shuffle($alpha);
$salt = substr($rand,0,40);
$hashed_password = sha1($salt . $result['Password']);
$user = $result['id'];

$query2 = "UPDATE `cysticUsers` SET `salt` = '$salt' WHERE `id` = '$user'";
$request2 = mysql_query($query2,$connection) or die(mysql_error());

$query3 = "UPDATE `cysticUsers` SET `encrypted_passwords` = '$hashed_password' WHERE `id` = '$user'";
$request3 = mysql_query($query3,$connection) or die(mysql_error());

}

Now, I want to be able to SIGN BACK IN with the existing password and I am failing miserably by doing this:

$query = "SELECT `salt`,`id`,`email`,`password` FROM `cysticUsers` WHERE `Email` = '" . $email . "' AND `Password` = '" . $password . "' && `Status` = 'active' LIMIT 1";
$request = mysql_query($query,$connection) or die(mysql_error());

$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);

if(@mysql_num_rows($request)) {

$row = mysql_fetch_assoc($request);
if (sha1($row['salt'] . $_POST['password']) === $row['Password']) {

$_SESSION['CLIFE']['AUTH'] = true;
$_SESSION['CLIFE']['ID'] = $result['id'];

// UPDATE LAST ACTIVITY FOR USER
$query = "UPDATE `cysticUsers` SET `LastActivity` = '" . date("Y-m-d") . " " . date("g:i:s") . "' WHERE `id` = '" . mysql_real_escape_string($_SESSION['CLIFE']['ID']) . "' LIMIT 1";
mysql_query($query,$connection);

if(!empty($_POST['return'])) {
header("Location: " . $_POST['return']);

}else{
header("Location: CysticLife-Dashboard.php?id=" . $_SESSION['CLIFE']['ID']);
}
}

}else{

$_SESSION['CLIFE']['AUTH'] = false;
$_SESSION['CLIFE']['ID'] = false;

}
}

I've been scouring resources and am stuck on this. I have a deadline to meet that I am behind on. Needless to say I'm pulling my hair out and some help with this would be GREATLY appreciated.

Thank you in advance!

Php Curl Help With Session Hash

Similar Tutorials

View Content

Im trying to access a page that uses a session hash in the url. How do I accomplish this. The url looks like: http://www.somesite.com/findagent/MapController.aspx?action=getAgentsByRadius&distance=5&filter=PL&sessionhash=%3F%01j%23%3Eo%0AH%05h%0B%3FU%0B%3F%3F%3F%7B%3F%3C&zip=91111
I guess getting the session id and urlencoding on my end wouldnt work? I would have to grab their session id and encode somehow?

Php Session Issue With $password On Input

Similar Tutorials

View Content

I am having a very strange issue on one server. I have the same code in a development server running fine, but in my prod server it is failing. Here is the main issue:

I have a user authentication routine that accepts UserID and Password from a form and validates it against a MySQL database. So to start, UserId and Password are entered via POST variables as is standard:

$UserId=@$_POST['UserId'];
$Password=@$_POST['Password'];

The Password is encrypted using a standard crypt method such as:

$encrypt = crypt($Password,'6!68$7435!');

And this is stored in a MySQL database. This part is working fine, that is, the password is encrypted in value and stored in the MySQL database as 'epasswd'. On login, I am using session, so a standard session_start() and eventual session_destroy() on logout are used. The reason I mention this is because I suspect my issue is session related.

So normally this works well. User logs in and I check credentials as follows in one part of my auth routine:

elseif(UserAuth($UserId,$Password)){
    $UserLogin=$UserId; session_start();
    $_SESSION['UserLogin'] = $UserLogin;
    sql_insertActivity();
    header("Location: home.php");

And the auth routine is as follows:

<?

function UserAuth($UserId,$Password){
global $conn;
$Stmt="select epasswd from Users where UserId='$UserId' and Approved='1' or Approved='-1' or Approved='-2'";
$Result = mysql_query($Stmt, $conn) or die(mysql_error());
$Result=mysql_fetch_row($Result);
$epasswd=$Result[0];
$retval=($epasswd==crypt($Password,$epasswd));
return($retval);
}
?>

So I am checking for a valid UserID and Password on form input, and I have a few other variables set for approved status. The retval checks the password they enter versus the encrypted value for a match. This usually works well. Then login occurs and session started, etc.

Here is the issue. I added a quick admin routine a little while ago which helps reset a user's password to a temporary value. Once this value is set, along with a setting of approved=-1 in my database, then the user is re-directed to a Change Password screen to update his or her password. *Note: I changed the value to 'Charlie' for this discussion purpose. Here is that quick admin routine I run when I need to change a User to a temp setting:

// ----- Establish database connection -----
require "../inc_php/inc_mysql_prod.php";

//

$UserId=@$_GET['UserId'];
$Password='Charlie';
$encrypt = crypt($Password,'6!68$7435!');
$sql = "UPDATE Users set epasswd='$encrypt', approved='-1' where UserId='$UserId'";
mysql_query($sql, $conn) or die(mysql_error());

So this does work as I validate the UserID is updated in the MySQL database along with an encrypted value for 'Charlie'.

However, this is where things breakdown going forward. When the user logs in with the temp credentials, and enters in the Change password routine, their new password is saved in the table. However, when logging back in with the new credentials, the new password is not valid. And what's odd is that 'Charlie', the temp password, works for them on login and nothing else, no matter how many times they change the password in the form.

So seems a case of session management out of control? What is the issue? I am defining session on all Php pages used, and have a logout to destroy session, etc. The temp password routine is something I run as an admin in the system and it doesn't have a session start statement. And I am not defining any global vars for Password. I lloked into session management and tried some UNSET paths and such, but may not be doing this correctly. Also I did a complete stop apache, remove all php sess_ files, restart and to no avail. I tried the clear my client side cookies deal in the browser, and still the same problem.

What is odd is that this same set of code works fine on my other server, but breaks down on the mirrored server. They are essentially twins in all setup. Some minor differences between the two servers regarding PHP setup that might(?) make a difference.

DEV server:

SERVER_SOFTWARE Apache/2.2.3 (Red Hat)

PROD server: (server showing the issues):

SERVER_SOFTWARE Apache/2.2.3 (CentOS)

HTTP_COOKIE PHPSESSID=3gocr0hhelvsjjlt63pp4qlnp3

_REQUEST["PHPSESSID"] 3gocr0hhelvsjjlt63pp4qlnp3 _COOKIE["PHPSESSID"] 3gocr0hhelvsjjlt63pp4qlnp3

_SERVER["HTTP_COOKIE"] PHPSESSID=3gocr0hhelvsjjlt63pp4qlnp3

Thanks appreciate the help!

-Eddie

Change Password... Doesnt Seem To Work, Just Resets Password

Similar Tutorials

View Content

Hello PhP Freaks forum
In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing.

Here is the code below.

<?php
         if(isset($_SESSION['username']))
         {
            $username = $_SESSION['username'];
            $lastname = $_SESSION['lastname'];
            $firstname = $_SESSION['firstname'];
            $email = $_SESSION['email'];

            echo "

               <h4>Options for:</h4>   $username
               <br />
               <br />
               First name:   $firstname

               <br />Last name:   $lastname

   <br /><br /><h3>Want to change your password:</h3><br />

      <form action='?do=option' method='post'>

      Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br />
                  <br />
      New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br />
                  <br />
      Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br />

      <center></div><input type='submit' value='Submit'/></center></form>";


         }else{
            echo 'Please login to view your options!';
         }

      $password = $_REQUEST['password'];
      $pass_conf = $_REQUEST['newpass'];
      $email = $_REQUEST['passconf'];

      $connect = mysql_connect("Host", "User", "Password");
      if(!$connect){
      die(mysql_error());
      }

      //Selecting database
      $select_db = mysql_select_db("My Database", $connect);
      if(!$select_db){
      die(mysql_error());
      }

      //Find if entered data is correct

      $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
      $row = mysql_fetch_array($result);
      $id = $row['id'];


         mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'")

      ?>

And i do know that i dont have a

if(Empty($newpass)){
Die(Please fill out the new password)
}

Or any security on the others, but the problem just seems that it resets the password into nothing

Hope i can get this fixed

Best Regards

William Pfaffe

Moved: Password Security During Password Reset

Similar Tutorials

View Content

This topic has been moved to Application Design.

http://www.phpfreaks.com/forums/index.php?topic=353345.0

How To Decrypt Password Which Is Encrypted By Sha($password) Technique.

Similar Tutorials

View Content

<?php
require_once('upper.php');
require_once('database.php');
echo $error_msg='';
if(isset($_POST['submit']))
{
$LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId']));
$Password1=mysqli_real_escape_string($dbc,trim($_POST['Password1']));
$Password2=mysqli_real_escape_string($dbc,trim($_POST['Password2']));
$Name=mysqli_real_escape_string($dbc,trim($_POST['Name']));
$Age=mysqli_real_escape_string($dbc,trim($_POST['Age']));
$BloodGroup=mysqli_real_escape_string($dbc,trim($_POST['BloodGroup']));
if(!isset($_POST['Sex']))
{
echo 'Please enter Sex<br>';
}
else{
$Sex= mysqli_real_escape_string($dbc,trim($_POST['Sex']));
}
$Qualification=mysqli_real_escape_string($dbc,trim($_POST['Qualification']));
$ContactNumber=mysqli_real_escape_string($dbc,trim($_POST['ContactNumber']));
$Email=mysqli_real_escape_string($dbc,trim($_POST['Email']));
$Address=mysqli_real_escape_string($dbc,trim($_POST['Address']));
$AboutYourself=mysqli_real_escape_string($dbc,trim($_POST['AboutYourself']));
//$countCheck=count($_POST['checkbox']);
//echo $countCheck;
//$checkbox=$_POST['checkbox'];
//$countCheck=count($checkbox);
if(empty($LoginId)){echo 'Please enter Login Id';}
elseif(empty($Password1)){echo 'Please enter Password';}
elseif(empty($Password2)){echo 'Please confirm Password';}
elseif($Password1!==$Password2){echo 'Password didn\'t match';}
elseif(empty($Name)){echo 'Please enter Name';}
elseif(empty($Age)){echo 'Please enter Age';}
elseif(!isset($_POST['Sex'])){}
elseif(empty($Qualification)){echo 'Please enter Qualification';}
elseif(empty($ContactNumber)){echo 'Please enter Contact Number';}
elseif(empty($Email)){echo 'Please enter Email';}
elseif(empty($Address)){echo 'Please enter Address';}
elseif(empty($AboutYourself)){echo 'Please enter About Yourself';}
elseif(!isset($_POST['checkbox'])){ echo 'You have to register at least one activity.';}
elseif(!isset($_POST['TermsAndConditions'])){ echo 'You have to agree all Terms and Conditions of Elite Brigade.';}
else
{
require_once('database.php');
$query="select * from registration where LoginId='$LoginId'";
$result=mysqli_query($dbc,$query);
if(mysqli_num_rows($result)==0)
{
$checkbox=$_POST['checkbox'];
$countCheck=count($_POST['checkbox']);
$reg_id=' ';
for($i=0;$i<$countCheck;$i++)
{
$reg_id=$reg_id.$checkbox[$i].',';
$query="insert into activity_participation (LoginId,Title,Date) values ('$LoginId','$checkbox[$i]',CURDATE())";
$result=mysqli_query($dbc,$query) or die("Not Connected");
}
$query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,ContactNumber,Email,Address,AboutYourself,Activity)values ('$LoginId'[B],SHA('$Password1'),[/B]'$Name','$Age','$BloodGroup','$Sex','$Qualification','$ContactNumber','$Email','$Address','$AboutYourself',',$reg_id')";
$result=mysqli_query($dbc,$query) or die("Not Connect");

echo ' Dear '.$Name.'.<br>Your request has been mailed to admin.<br>Your account is waiting for approval<br>';
$from= 'Elite Brigade';
$to='ankitp@rsquareonline.com';
$subject='New User Registration';
$message="Dear admin,\n\nA new user request for registration. Please check it out.\n\nRegards\nMicro";
mail($to,$subject,$message,'From:'.$from);
//header('Location: index.php');
// header('Location: Registration.php');
}
else
{
echo 'Dear '.$Name. ', <br> An account already exist with login-id<b> '.$LoginId.'</b> <br>Please try another login-id';
}}
}
?>

<html>
<head>
<script src="jquery-latest.js"></script>
  <script type="text/javascript" src="jquery-validate.js"></script>
<style type="text/css">
* { font-family: Verdana;  }

label.error {  color: white;  padding-left: .5em; }
p { clear: both; }
.submit { margin-left: 12em; }
em { font-weight: bold; padding-right: 1em; vertical-align: top; }
</style>
  <script>
  $(document).ready(function(){
    $("#commentForm").validate();
  });
  </script>

</head>

<body>

<?php
echo $error_msg; ?>

<form action='<?php echo $_SERVER['PHP_SELF'];?>' id="commentForm" method='post'>
<div class="registration_and_activity">

<table border="0" width="380">
<tr><td colspan="2">
<h3>New User?</h3></td></tr>
<tr><td width="120">

<em>*</em>Enter Login id</td><td width="150"><input type='text' name='LoginId'  minlength="4" value='<?php if(!empty($LoginId))echo $LoginId;?>' /></td></tr>
<tr><td>
<em>*</em>Enter Password</td> <td><head>
   <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div>
   <SCRIPT language=Javascript>

function capLock(e){
kc = e.keyCode?e.keyCode:e.which;
sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false);
if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk))
  document.getElementById('divMayus').style.visibility = 'visible';
else
  document.getElementById('divMayus').style.visibility = 'hidden';
}

</SCRIPT>
   </HEAD>
<input onkeypress='return capLock(event)' type='password' name='Password1' value='<?php if(!empty($Password1))echo $Password1;?>' /></td></tr>

<tr><td>
<em>*</em>Confirm Password</td><td><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>' /></td></tr>
<tr><td width="120">
<em>*</em>Enter Name</td> <td><input type='text'  name='Name' value='<?php if(!empty($Name))echo $Name;?>' /></td></tr>
<tr><td>
<em>*</em>Enter Age</td><HEAD>
   <SCRIPT language=Javascript>

      function isNumberKey(evt)
      {
         var charCode = (evt.which) ? evt.which : event.keyCode
         if (charCode > 31 && (charCode < 48 || charCode > 57))
            return false;

         return true;
      }



   </SCRIPT>
   </HEAD>
<td><INPUT onkeypress='return isNumberKey(event)'  type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'/></td></tr>

<tr><td>
<em>*</em>Enter Blood</td><td><input type='text' name='BloodGroup' value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Sex</td><td><input type='radio' name='Sex'  style='width:16px; border:0;' 'value='Male' />Male   <input type='radio' name='Sex' style='width:16px; border:0;' 'value='Female' />Female</td></tr>

<tr><td>
<em>*</em>Enter Qualification</td><td><input type='text' name='Qualification'  value='<?php if(!empty($Qualification))echo $Qualification;?>' /></td></tr>

<tr><td>
<em>*</em>Contact Number </td><td><input onkeypress='return isNumberKey(event)'type='text'  name='ContactNumber' value='<?php if(!empty($ContactNumber))echo $ContactNumber;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Email</td><td><input type='text' name='Email'class="email" value='<?php if(!empty($Email))echo $Email;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Address</td><td><input type='text'   name='Address' value='<?php if(!empty($Address))echo $Address;?>' /></td></tr>

<tr ><td >
<em>*</em>About Yourself </td></tr>
<tr><td colspan="2"><textarea rows='10' cols='40'  name='AboutYourself'  /><?php if(!empty($Address))echo $Address;?></textarea></td></tr>
<tr><td>

<?php echo"
<tr><td colspan='2'><em>*</em><b>Select fields for which you want to register</b></td></tr>";

require_once('database.php');
$query="select * from activity";
$result=mysqli_query($dbc,$query);
while($row=mysqli_fetch_array($result)){
$Title=$row['Title'];
$ActivityId=$row['ActivityId'];
echo "<tr><td>$Title</td>";
echo "<td><input type='checkbox' name='checkbox[]' value='$Title' style='width:14px; text-align:right;'/></td></tr>";//value=$ActivityId tells ActivityId variable extracts with name="checkbox"
echo "<br/>";
}
echo "<td><em>*</em><input type='checkbox' name='TermsAndConditions'  style='width:14px; text-align:right;'/></td><td> I agree all <a href='TermsAndConditions.php'>Terms and conditions </a>of Elite Brigade</td></tr>";
echo "<tr><td colspan='2' align='center'><input type='submit' value='Register' name='submit' style='background:url(./images/button_img2.png) no-repeat 10px 0px; width:100px; padding:3px 0 10px 0; color:#FEFBC4; border:0;'/></td></tr><br>";

echo " </td></tr></table>

</div>

</form>
</body>
</html>";
require_once('lower.php');

?>

Hi Friends ....
I encrypt user password by SHA('$Password') method but now i want to add "Forget Password Module" for which I need to decrypt it first before tell my user but I don't Know how to decrypt it.
Please help me........

Php And Url Hash

Similar Tutorials

View Content

Guys,

Having a major headache here.

I need to send an enquiry using jquery and php.
The user can only send an enquiry if they are logged in - so it's a one click process. On the click (which is an <a> tag) the user's data is retrieved from the database and sent to the company they are enquiring about.

When the link is clicked, a jquery popup is shown to notify the user that the enquiry has been sent.

This all works.

However, currently the enquiry is sent when the page loads and this is what I'm having trouble with.

Code: [Select]
<a href="#e" onclick="openinfobox('Enquiry Sent', 1)" class="enq"></a>What I want to do is say if the URL contains #e, then send the enquiry, otherwise do nothing.

I understand that the # portion of the url cannot be referenced by PHP.

How on earth can I run php process to say only run this php process if there is a # in the url?

Hash Array -- What Is It?

Similar Tutorials

View Content

Is a hash array the same thing as an associative array? My PHP books make no reference to this, yet I have seen the term referred to.

Thanks.

Secure Php Hash

Similar Tutorials

View Content

Are there any PHP hashes that are extremely secure and that CANNOT be reverse-engineered?

Pagination When Url Contains Hash Value

Similar Tutorials

View Content

I have a section on my website where the url points to www.example.com/some_page#some_element

#some_element is used by javascript to load the element in question into the parent element. However i need pagination done on this loaded element. How should i go about it? would it work? obv i cant use www.example.com/some_page#some_element/page/2.

Any tips or advice?

Passwrod Hash Encription Help

Similar Tutorials

View Content

Im using SMF forum
im trying to connect (my software C#) and grand access from forum DB
this is a hash from SMF
sha1(strtolower($membername) . $password);

Code: [Select]

<?php
include("config.php");

$user = "-1";
if (isset($_GET['user'])) {
$user = $_GET['user'];
}
$pass = "-1";
if (isset($_GET['pass'])) {
$pass = $_GET['pass'];
}

$ip = $_SERVER['REMOTE_ADDR'];

$sql = "select id_member,count from smf_members where real_name='$user' and passwd=MD5('$pass')";
$results = mysql_query($sql, $con);
$values = mysql_fetch_assoc($results);
$user_id = $values['id_member'];
$login=$values['count'];

?>

MD5 working fine but how to use SMF hash to login?

Tiger Hash Algorithm

Similar Tutorials

View Content

What is the difference between the hash algo "tiger192,3" and "tiger192,4"? I ran fsum/HashCalc to get a TIGER hash from a string and it is different with either "tiger192,3" or "tiger192,4". I also tried using the hash as hex string input to rehash 3 or 4 times, but still cannot get an equivalent to that of "tiger192,3" or "tiger192,4"...

When To Generate New Salt And Hash?

Similar Tutorials

View Content

When a User changes his/her Email Address, should I generate a new Salt and Hash?

(I am re-using the code I used for a Password Reset, and during that I generated a new Salt and Hash for security. I guess it can't hurt...)

Thanks,

Debbie

Need To Echo A Hash Symbol

Similar Tutorials

View Content

Trying to echo a string that contains a hash symbol. Instead of getting a hash symbol, I get %29. The code I am using is pretty basic -->$idx="#" . $idxA;<--, but as stated, when I echo $idx, it comes out as %29. (All of this is part of a form, get, attempting to pass a bookmark to the receiving program.

Thoughts?

Add Md5 Hash To Post Code

Similar Tutorials

View Content

what would be the correct way to add an MD5 has to the following POST code?

$_POST['pass'] = mysql_real_escape_string($_POST ['pass']);
'".$_POST ['pass']."',

thanks in advance!

Trying To Match Up Hash On Two Pages

Similar Tutorials

View Content

HI, I have a registration script where a password is made with one hash, and a user password reset page that uses another hash. I don't know how to make them the same, as every time I change them, it messes up the code and I get errors.

I will comment the parts that I think need changing. Because when I try to log in with the new password that was made by the reset password script, it says "wrong username or password" because either it wasn't updated in the database, or it was updated in a bad way. Any help greatly appreciated.

The password email reset code:

Code: [Select]
<?php

define('IN_SCRIPT', true);
// Start a session
session_start();

ini_set ("display_errors", "1");
error_reporting(E_ALL);

$host = "";
$database = "";
$username = "";
$password = "";
$tbl_name   = "";

$conn = mysql_connect($host, $username, $password) or die("Could not connect: " . mysql_error());

if($conn)
{
mysql_select_db($database);
echo "connected to database!!";
} else {
echo "failed to select database";
}

//this function will display error messages in alert boxes, used for login forms so if a field is invalid it will still keep the info
//use error('foobar');
function error($msg) {
    ?>
<html>
<head>
<script language="JavaScript">

</script>
</head>
<body>
</body>
</html>
<?
exit;
}

//This functions checks and makes sure the email address that is being added to database is valid in format.
function check_email_address($email) {
// First, we check that there's one @ symbol, and that the lengths are right
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
// Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
return false;
}
// Split it into sections to make life easier
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
return false;
}
}
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) {
return false; // Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++) {
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
return false;
}
}
}
return true;
}

if (isset($_POST['submit'])) {

if ($_POST['forgotpassword']=='') {
error('Please Fill in Email.');
}
if(get_magic_quotes_gpc()) {
$forgotpassword = htmlspecialchars(stripslashes($_POST['forgotpassword']));
}
else {
$forgotpassword = htmlspecialchars($_POST['forgotpassword']);
}
//Make sure it's a valid email address, last thing we want is some sort of exploit!
if (!check_email_address($_POST['forgotpassword'])) {
error('Email Not Valid - Must be in format of name@domain.tld');
}
// Lets see if the email exists
$sql = "SELECT COUNT(*) FROM users WHERE email = '$forgotpassword'";
$result = mysql_query($sql)or die('Could not find member: ' . mysql_error());
if (!mysql_result($result,0,0)>0) {
error('Email Not Found!');
}

//Generate a RANDOM MD5 Hash for a password//THIS IS THE POSSIBLE PROBLEM
$random_password=md5(uniqid(rand()));

//Take the first 8 digits and use them as the password we intend to email the user
$emailpassword=substr($random_password, 0, 8);

//Encrypt $emailpassword in MD5 format for the database
$newpassword = md5($emailpassword);

// Make a safe query
$newpassword = mysql_real_escape_string($newpassword);
$query = sprintf("UPDATE 'users' SET 'password' = '$newpassword'
WHERE 'email' = '$forgotpassword'");

//Email out the infromation

$site_name = "mysite.COM";
$site_email = "noreply@mysite.COM";
$subject = "Your New Password";
$message = "Your new password is as follows:
----------------------------
Password: $emailpassword
----------------------------
Please make note this information has been encrypted into our database

This email was automatically generated.";

if(!mail($forgotpassword, $subject, $message, "FROM: $site_name <$site_email>")){
die ("Sending Email Failed, Please Contact Site Admin! ($site_email)");
}else{
error('New Password Sent!.');
}

}

else {
?>
<form name="forgotpasswordform" action="" method="post">
<table border="0" cellspacing="0" cellpadding="3" width="100%">
<caption>
<div>Forgot Password</div>
</caption>
<tr>
<td>Email Address:</td>
<td><input name="forgotpassword" type="text" value="" id="forgotpassword" /></td>
</tr>
<tr>
<td colspan="2" class="footer"><input type="submit" name="submit" value="Submit" class="mainoption" /></td>
</tr>
</table>
</form>
<?
}
?>
And now for the registration and password creation script

Code: [Select]
<?php

$host = " ";
$database = " ";
$username = " ";
$password = " ";

mysql_connect($host, $username, $password) or die("Could not connect: " . mysql_error());

mysql_select_db($database);

if ($_POST['form_submitted'] == '1') {
##User is registering, insert data until we can activate it

$activationKey =  mt_rand() . mt_rand() . mt_rand() . mt_rand() . mt_rand();
$username = mysql_real_escape_string($_POST[username]);

$email = mysql_real_escape_string($_POST[email]);
//////////////////////////////////////////////////////////////////////////
$username= $_POST['username'];

     $checkuser = mysql_query("SELECT username FROM users WHERE username='$username'");

        $username_exist = mysql_num_rows($checkuser);

        if($username_exist > 0){

   echo "I'm sorry but the username you specified has already been taken.  Please pick         another one.";
        unset($username);
$sendemail='0';
         }
   ///////////////////////////////////////////////////////////////////////////////////

     $email= $_POST['email'];

     $checkemail = mysql_query("SELECT email FROM users WHERE email='$email'");

        $useremail_exist = mysql_num_rows($checkemail);

        if($useremail_exist > 0){

   echo "I'm sorry but the email address you specified has already been taken.  Please pick         another one.";
        unset($email);
$sendemail='0';
         }
//////////////////////////////////////////////////////////////////////////////

if ( $_POST['password'] == $_POST['password2'] && $username_exists <=0 && $useremail_exist <= 0) {

$password = sha1($_POST['password']);

$sql="INSERT INTO users (username, password, email, activationkey, status) VALUES ('$username', '$password', '$email', '$activationKey', 'verify')";

$sendemail = '1';

} else {

echo "*Passwords do not match!";
$sendemail='0';
}

if (!mysql_query($sql))

  {

  die('Error: ' . mysql_error());

  }
$_POST['form_submitted'] = '0'; //make form disappear.

if ($sendemail =='1') {
echo "An email has been sent to $_POST[email] with an activation key. Please check your mail to complete registration.";
}
##Send activation Email

$to      = $_POST[email];

$subject = "  Registration";

$message = "Welcome to our website! verify_user.php?$activationKey\r\rIf this is an error, ignore this email and you will be removed from our mailing list.\r\rRegards,\  Team";

$headers = 'From: noreply@r.com' . "\r\n" .

    'Reply-To: noreply@r.com' . "\r\n" .

    'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers);

} else {

##User isn't registering, check verify code and change activation code to null, status to activated on success

$queryString = $_SERVER['QUERY_STRING'];

$query = "SELECT * FROM users";

$result = mysql_query($query) or die(mysql_error());

  /*if*/ while($row = mysql_fetch_array($result)){

    if ($queryString == $row["activationkey"]){


  $_POST['form_submitted'] = '2'; //make form disappear.


   echo "Congratulations!" . $row["username"] . " is now the proud new owner of an e.com account. Please sign in to the site at  <a href='sign_in.php'>THIS LINK</a>. ";

    $sql=" UPDATE users SET status='activated' WHERE (id = $row[id])";
          //UPDATE users SET activationkey = '',

   //$sql="UPDATE users SET activationkey = 'Done-$row[id]', status='activated' WHERE (id = $row[id])";
       if (!mysql_query($sql))

  {

        die('Error: ' . mysql_error());

  }

    }

  }

}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">

</style>
</head>

<body>

<?php

if (!isset ($_POST['form_submitted'])){

echo (' <div align="center"><span class="style3">  Please register.
  </span>
<table border="0">
<form action="verify_user.php" method="post" name="register">
<tr><td>Username: <input type="text" name="username" maxlength="20"></td></tr>
<tr><td>Password:<input type="password" name="password" /></td><td>
<tr><td>Confirm password: <input type="password" name="password2" maxlength="20"></td><td>
<tr><td> Email: <input type="text" name="email" /></td></tr>

    <input type="hidden" name="form_submitted" value="1"/>

<tr><td><input type="submit" value="Submit" /></td></tr>
</form>
</table>
</div>');

}
if ( $_POST['form_submitted'] =='2'){
echo (" You may now enter the site!");//echo nothing no form.
}
?>

</body>

</html>