PHP - Php 7.2 Password_hash Doesn't Work
I've been puzzling over this all morning. No matter what I do i keep getting these errors: Quote
[01-Oct-2019 21:45:32 UTC] PHP Warning: Use of undefined constant PASSWORD_BCRYPT - assumed ' PASSWORD_BCRYPT' (this will throw an Error in a future version of PHP) in /home/ijwe4nfwf9ei/public_html/blog-approval.php on line 7 Here's my code: <?php echo phpinfo(); $pass=password_hash ("password", PASSWORD_BCRYPT); ?> I checked and I'm using php 7, so why do I keep getting this error? I had it print out my php info so I could check.. https://pyro-creations.com/tester.php I even read the manual and tried the examples and I still get those errors. How can I fix this? [please use code tags.] Similar Tutorialsif ($count==1){ header("Location:store.php"); }very simple I have issolated it and it doesn't redirect maybe u can see where my mistake is I copied the code for password_hash at php.net: <?php /** * In this case, we want to increase the default cost for BCRYPT to 12. * Note that we also switched to BCRYPT, which will always be 60 characters. */ $options = [ 'cost' => 12, ]; echo password_hash("rasmuslerdorf", PASSWORD_BCRYPT, $options); ?> and changed it for use in my login page:
$options = ['cost' => 12,]; $user = mysqli_real_escape_string($db_link,$_GET['username']); $pass = password_hash($_GET['password'], PASSWORD_BCRYPT, $options); but my page keeps saying invalid user/pass. Upon echoing the $pass I find that the result changes EACH time. so I created a test page that runs the code from php.net (verbatim code) 20x and I got: [pre]
$2y$10$Nlf0J520viR4C5jd3nIdd.6M3OMKACx503Jm3PiXDYZIs.13XAheq [/pre] Is password_hash broken? or am I mistaken to think that it's supposed to return the same output everytime fror the same input? Edited March 17, 2019 by Karaethontypos corrected Hi.
I've been trying to understand the concept of password_hash but so far it has eluded me!
registration
<?php if(isset($_POST['submit'])){ $name = $_POST['name']; $email = $_POST['email']; $password = $_POST['password']; //$pass_hash = PassHash::hash($_POST['password']); $hash = password_hash($password, PASSWORD_BCRYPT); $stmt = $pdo->prepare("INSERT INTO hash_test(name, email, password) VALUES(:name, :email, :password)"); $stmt->execute(array( ':name' => $name, ':email' => $email, ':password' => $hash )); if ($stmt->rowCount() ==1){ echo "Registration Successful"; }else{ echo "There was a problem taking your request"; } } ?>The registration is working fine and all fields are inserted. The problem is when loggin in, its giving me an error : unknown variable which is the $hash. The verify parameter is thus: password_verify($password, $hash) I believe the $password is the users password for login, now how/when/where do assign a value to $hash? since in my db i have email(username) password. Do i need to store the hash separately on the db? Can someone please enlighten me more my login code <?php if(isset($_POST['login'])){ $password = $_POST['password']; $stmt = $pdo->prepare("SELECT email, password FROM hash_test WHERE email=:email AND password=:password"); $stmt->execute(array( ':email' => $_POST['email'], ':password' =>$password )); //if ($stmt->rowCount() ==1){ if (password_verify($password, $hash)) { /* Valid */ echo "Right"; } else { /* Invalid */ echo "wrong"; } //} } ?>THANKS I've joined querys because I'm making my own forums. However, when it gets to the echoin out part, it shows the category and only ONE of the sub categorys. Code: [Select] <div id="forumContainer"> <?php $lastboard = ''; $forumQ = mysql_query("SELECT f1.cat_name as catName, f1.cat_id as catID, f2.cat_id as subCatID, f2.sub_id as subID, f2.sub_name as subName, f2.sub_desc as subDesc FROM `forum_cats` as f1 LEFT JOIN `forum_sub` as f2 ON f1.cat_id = f2.cat_id GROUP BY f2.cat_id "); while($forumF = mysql_fetch_assoc($forumQ)) { if($forumF['catName'] != $lastboard) { echo '<div class="forumCat">'.$forumF['catName'].'</div>'; $lastboard = $forumF['catName']; } echo '<div class="forumSub">'.$forumF['subName'].'</div>'; } ?> </div> $Row[2] doesn't work but if I use $Row["linkcat"] than it works fine. Is there somewhere to activate in the php.ini file ? Code: [Select] // I got 9 fields to in the table tbl_link ! $Row[2] should give me a number. $Verbinding = mysql_connect($db_host, $db_user, $db_passw); mysql_select_db($db_name); $sql = "Select * from tbl_link where userid=1"; $ResultShow = mysql_query($sql); while ($Row = mysql_fetch_assoc($ResultShow)){ echo $Row[2]; } Hello, I've been working on some stuff, and get the information parsed like this: Code: [Select] Value1,Value2,Value3 0.68,4377.54,11069.02So I'm trying to explode it and insert the latest numbers into the database. I'm using: $value = explode(",", $variable); $secondsplit = explode(" ", $value[2]); mysql_query("INSERT INTO table(row) VALUES('".mysql_real_escape_string($secondsplit[1])."')"); The problem is that it has something like an enter in the database, or a space. But I can't figure out how to get rid of that problem. Does anyone know what's wrong? Regards, NLCJ All the tables are correct and it's making the connect to the database fine it's just not working, did I write it wrong? Code: [Select] function newPm($to, $from, $title, $text){ $q = $db->query("SELECT * FROM ibf_message_topics ORDER BY mt_id DESC"); $lastMsg = $db->fetch_assoc($q); $mid = $lastMsg['mt_id'] + 1; $msgId = $lastMsg['mt_msg_id'] + 1; $db->query("INSERT INTO ibf_message_topics SET mt_id=$mid, mt_msg_id=$msgId, mt_date=". time(). ", mt_title='$title', mt_from_id=$from, mt_to_id=". $to. ", mt_vid_folder='in', mt_read=0, mt_owner_id=$to, mt_user_read=0") or die(mysql_error()); $db->query("INSERT INTO ibf_message_text SET msg_id=$msgId, msg_date=". time() .", msg_post='$text', msg_sent_to_count=1, msg_author_id=$from") or die(mysql_error()); $userq = $db->query("SELECT new_msg FROM ibf_members WHERE id = $to"); $userData = $db->fetch_assoc($userq); $msgCount = $userData['new_msg'] + 1; $db->query("UPDATE ibf_members SET new_msg=$msgCount, show_popup=1 WHERE id = $to") or die(mysql_error()); } Here's how that function is being called in the beginning of the page: Code: [Select] if($action =="banUser"){ $expire = time() + (3600000 * 24 * $_GET['duration']); $q = $db->query("SELECT * FROM ibf_message_topics ORDER BY mt_id DESC"); $lastMsg = $db->fetch_assoc($q); $mid = $lastMsg['mt_id'] + 1; $msgId = $lastMsg['mt_msg_id'] + 1; $title = "Notification"; $duration = $_GET['duration'] ." days"; if($_GET['duration'] == "1"){ $duration = "1 day"; } if($_GET['duration'] == "Forever"){ $duration = "forever"; } $temp = 0; if($expire > time()){ $temp = 1; } $body = "This automated message has been sent to notify you that your account has been banned $duration. To appeal this ban, click on Irc from the menu on the homepage and ask to speak to a moderator. If this ban is temporary, your account will be reinstated automatically at the appropriate time"; newPm($id, 3017, $title, $body); $msgCount = $_GET['msg'] + 1; $db->query("UPDATE ibf_members SET ban_level = $level, tempbanned = $temp, banned = 1, ban_expire='$expire', ban_reason='". $_GET['reason']."', ban_by='". $name."' WHERE id=$id") or die(mysql_error()); ?> <center><b>User banned!</b> (<a href="index.php?code=plyrmgmt">Back to Player Management</a>)</center> Another issue with trying to work on somebody else's script (and on no sleep!) I've got this mess of a page I'm trying to manipulate to add a feature to. When somebody goes to this page, it pulls all records. At the top, I added a way to refine the results by dates. That query works fine, I tested it in mysql. To avoid fighting with the original code, I created an if statement to create $query_selectAll. But when I put it in the page, it would just refresh with the same data. I echoed the query to make sure it is correct. Then I realized that there was another query, $query_selectAllItems, further down the page that was generating the results, and none of what I was doing made a difference. But I'm not sure why it's ignoring my query or how to work around this. I tried deleting the query $query_selectAllItems, thinking it would take mine, because it ends with the same: $result_all $result_all = mysql_query($query_selectall); or $result_all = mysql_query($query_selectAllItems); Code: [Select] <?php require_once('calendar/classes/tc_calendar.php'); include("include/auth.php"); include("include/conn.php"); @$a_row = mysql_fetch_array($result); // I added this if statement in to get my POST results, without having to make changes to the GET results he made. if (isset($_POST['view'])){ $view=$_POST['view']; } else { $view=$_GET['view']; } if ($view=="All") { $query_selectall = 'select * from tbl_registration'; echo $query_selectall; } elseif ($view=="dated") { $mydate = isset($_REQUEST["date5"]) ? $_REQUEST["date5"] : ""; $end_date = isset($_REQUEST["date6"]) ? $_REQUEST["date6"] : ""; $query_selectall = "SELECT * FROM tbl_registration WHERE reg_timestamped BETWEEN STR_TO_DATE('$mydate', '%Y-%m-%d') AND STR_TO_DATE('$end_date' , '%Y-%m-%d')"; echo $query_selectall; } else { $query_selectall = "select * from tbl_registration where category='$view'"; echo $query_selectall; } $result_all = mysql_query($query_selectall); @$numRows_all = mysql_num_rows($result_all); ?> <title>WYF Admin</title> <html> <head> <script language="javascript" src="calendar/calendar.js"></script> <link href="include/styles.css" rel="stylesheet" type="text/css"> <SCRIPT language="JavaScript"> <!-- function confirm_delete(idval) { var verify= confirm("Do you really want to delete this Registration?"); if (verify== true) { window.location="delete_registrations.php?action=delete&did=" + idval; } } //--> </SCRIPT> <script type="text/javascript" src="js/jquery-latest.js"></script> <script type="text/javascript" src="js/jquery.tablesorter.js"></script> <script type="text/javascript"> $(function() { $("table").tablesorter({debug: true}); }); </script> </head> <body leftmargin="0" rightmargin="0" bottommargin="0" topmargin="0" cellspacing="0" cellpadding="0" bgcolor="ffffff"> <table width="100%"><tr><td align="left"><img src="images/logo.jpg"></td></tr> <tr><td><hr></td></tr> </table> <table><tr><td valign="top"> <table cellspacing="1" cellpadding="0" bgcolor="#cccccc" border="0" width="300"> <tr><td> <table cellspacing="0" cellpadding="0" width="300" height="400" bgcolor="#ffffff" border="0"> <tr><td align="left" valign="top"> <table width="250"><tr><td valign="top"> <b>Welcome </b><br><br> <?php //$query_selectAllItems = "SELECT *, DATE_FORMAT(workshop_date, '%e-%m-%Y') as 'my_date' FROM tbl_workshops"; $query_selectAllItems = "SELECT * FROM tbl_registration"; $result_all = mysql_query($query_selectAllItems); $numRows_all = mysql_num_rows($result_all); ?> <? include "include/nav.php"; ?> </td></tr></table></center> </td></tr> <tr><td></td></tr></table></tr></td></table> </td><td valign="top"> <div style="float:left;padding-right:40px;"><a href="getcsv.php">export to csv</a></div><div> <div style="float:right;margin-right:100px;"><form name="form1" method="post" action="viewregistrations2.php"><div style="float:left;overflow:visible;padding-right:10px;">View between</div> <div style="float:left;overflow:visible;padding-right:10px;"> <?php $myCalendar = new tc_calendar("date5", true, false); $myCalendar->setIcon("calendar/images/iconCalendar.gif"); $myCalendar->setDate(date('d'), date('m'), date('Y')); $myCalendar->setPath("calendar/"); $myCalendar->setYearInterval(2000, 2015); $myCalendar->dateAllow('2008-05-13', '2015-03-01'); $myCalendar->setDateFormat('j F Y'); $myCalendar->setAlignment('left', 'bottom'); $myCalendar->setSpecificDate(array("2011-04-01", "2011-04-04", "2011-12-25"), 0, 'year'); $myCalendar->setSpecificDate(array("2011-04-10", "2011-04-14"), 0, 'month'); $myCalendar->setSpecificDate(array("2011-06-01"), 0, ''); $myCalendar->writeScript(); ?> </div> <div style="float:left;overflow:visible;padding-right:10px;"> and </div> <div style="float:left;overflow:visible;padding-right:10px;"> <?php $myCalendar = new tc_calendar("date6", true, false); $myCalendar->setIcon("calendar/images/iconCalendar.gif"); $myCalendar->setDate(date('d'), date('m'), date('Y')); $myCalendar->setPath("calendar/"); $myCalendar->setYearInterval(2000, 2015); $myCalendar->dateAllow('2008-05-13', '2015-03-01'); $myCalendar->setDateFormat('j F Y'); $myCalendar->setAlignment('left', 'bottom'); $myCalendar->setSpecificDate(array("2011-04-01", "2011-04-04", "2011-12-25"), 0, 'year'); $myCalendar->setSpecificDate(array("2011-04-10", "2011-04-14"), 0, 'month'); $myCalendar->setSpecificDate(array("2011-06-01"), 0, ''); $myCalendar->writeScript(); ?> </div> <div style="float:left;overflow:visible;padding-right:10px;"><input type="hidden" name="view" id="view" value="dated"><input type="submit" value="go!"> </div></form> </div><br><br><br><br> <table width="95%" border="1" cellpadding="3" cellspacing="1" bordercolor="#999999" id="rowspan" class="tablesorter" name="table"><thead> <tr bgcolor="#ffffff"> <th width="125">Name</th> <th width="125">Address</th> <th width="125">Phone</th> <th width="125">Email</th> <th width="125">Workshop</th> <td width="50"> </td> <td width="50"> </td><td> </td> </tr></thead> <tbody> <? //output each row while ($c_row = mysql_fetch_array($result_all)){ ?> <tr> <td><?= $c_row['reg_fname'] ?> <?= $c_row['reg_lname'] ?></td> <td><?= $c_row['reg_address'] ?></td> <td><?= $c_row['reg_phone'] ?></td> <td><?= $c_row['reg_email'] ?></td> <td> <?php $catid = $c_row['reg_workshopid']; $query="SELECT * FROM tbl_workshops where workshop_id = '$catid'"; //Run query; $result=@mysql_query($query); $row=mysql_fetch_array($result); ?> <?php echo($row['workshop_title']); ?> </td> <td width="50" bgcolor="#DEE1EB"><div align="center"><a href="edit_registration.php?id=<? print $c_row['reg_id'] ?>">edit</a></div></td> <td width="50" bgcolor="#DEE1EB"><div align="center"><a href="javascript://" onClick="confirm_delete(<? print $c_row['reg_id'] ?>); return false">delete</a></div></td> <td width="50" bgcolor="#DEE1EB"><div align="center"><a href="printregistration.php?regid=<? print $c_row['reg_id'] ?>">view all / print</a></div></td> </tr> <? } //end while ?> </tbody> </table><br><br> </td></tr></table> Hi guys, me again. I have been using mail to send emails ( With your great help ) successfully in about three websites. For some reason, my email doesn't want to work with the site I am busy with now. This is my code : Code: [Select] <html> <head> <title>Practice</title> </head> <body> <table border="1"> <tr> <td> <?php $emailto="hannes@ncc-cla.com"; $emailsubject="confirmation"; $emailfrom="footloose.sa@gmail.com; if(!empty($_POST['uname'])){ $yourname=$_POST['uname']; $yoursurname=$_POST['usurname']; echo "hello </td> <td>" ." " . "$yourname" . " " . "$yoursurname </td> </tr>"; $emailbody="hello </td> <td>" ." " . "$yourname" . " " . "$yoursurname </td> </tr>"; } else{ echo"<tr> <td> enter your name </td> </tr>"; $emailbody .="<tr> <td> enter your name </td> </tr>"; } if(isset($_POST['gender'])){ /*isset is what it is set to can be used */ $gender=$_POST['gender']; echo "<tr> <td> You are a </td> <td> " . " " . "$gender </td> </tr>"; $emailbody .="<tr> <td> You are a </td> <td> " . " " . "$gender </td> </tr>"; } else{ echo "<tr> <td> Select Gender </td> </tr>"; $emailbody .="<tr> <td> Select Gender </td> </tr>"; } if(isset($_POST['plang'])){ $plang=$_POST['plang']; echo "<tr> <td> You are interested in </td> <td> " . " " . "$plang </td> </tr>"; $emailbody .="<tr> <td> You are interested in </td> <td> " . " " . "$plang </td> </tr>"; } else{ echo "<tr> <td> Select Programming language </td> </tr>"; $emailbody .="<tr> <td> Select Programming language </td> </tr>"; } print "<tr> <td> Your qualification is </td> <td>"; $emailbody .= "<tr> <td> Your qualification is </td> <td>"; foreach ($_POST['qlevel'] as $level){ print "$level<BR>"; $emailbody .="$level<BR>"; } $headers='From:'. $emailfrom; mail($emailto,$emailsubject,$emailbody,$headers); ?> </td> </tr> </table> </body> </html> Hi everybody! I'm creating a site and none of my php-code works. I tried to do a simple php-code to test it but it doesn't work either. The simple php-code: <?php echo "hello"; ?> I just started with php and made an image. But when I try to open it in my browser, it shows a broken image icon. I have put the font in the same folder as the .php file, but it doesn't work. Can somebody help me solve this problem? Here is the code: Code: [Select] <?php $font_path = "nakedchick.TTF"; $font_size = 30; $img_number = imagecreate(300,50); $backcolor = imagecolorallocate($img_number,0,162,255); $textcolor = imagecolorallocate($img_number,255,255,255); imagefill($img_number,0,0,$backcolor); $number = " So your ip is $_SERVER[REMOTE_ADDR]? "; ImageTTFText($img_number, $font_size,10,5,5,$number,$font_path,$textcolor); header("Content-type: image/png"); imagepng($img_number); ?> And also the files: (.php in attachment) http://falcogerritsjans.nl/u/signature2.php http://falcogerritsjans.nl/u/nakedchick.ttf I've written a script where it counts the page impressions on my website. When a visitor lands on the page, it counts their impression and then sets a $_SESSION so that if they reload or return to the page it doesn't count it again. But the problem is it sometimes does. Does this mean that the $_SESSION isn't being set probably? That's what it seems to be. And if so, what would be the reason for that? Here's my basic code: Code: [Select] if(isset($_SESSION['userid'])){ $userid = $_SESSION['userid']; } else{ $userid = rand(1000, 10000000); $_SESSION['userid'] = $userid; } $date = date('Y-m-d'); $counters = mysql_query("SELECT * FROM counters WHERE userid='$userid' AND impressions='1' AND date='$date'") or die(mysql_error()); if(!mysql_num_rows($counters)){ mysql_query("INSERT INTO counters (userid, impressions, date) VALUES('$userid', '1', current_date)") or die(mysql_error()); } Hey, $todo_upgrades_sql = "SELECT * FROM todo_upgrades WHERE time_completion >= $time"; $todo_upgrades_res = mysql_query($todo_upgrades_sql) or die (mysql_error()); results: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 Hey there, I am trying out some tag cloud code, but something is amiss, as am getting no tags displaying. Using PHP/MYSQL and JQuery. <?php //connection information $host = "localhost"; $user = "username"; $password = "pw"; $database = "DBName"; //make connection $server = mysql_connect($host, $user, $password); $connection = mysql_select_db($database, $server); //query the database $query = mysql_query("SELECT * FROM tags"); //start json object $json = "({ tags:["; //loop through and return results for ($x = 0; $x < mysql_num_rows($query); $x++) { $row = mysql_fetch_assoc($query); //continue json object $json .= "{tag:'" . $row["tag"] . "',freq:'" . $row["frequency"] . "'}"; //add comma if not last row, closing brackets if is if ($x < mysql_num_rows($query) -1) $json .= ","; else $json .= "]})"; } //return JSON with GET for JSONP callback $response = $_GET["callback"] . $json; echo $response; //close connection mysql_close($server); ?> and the JS Code: [Select] <script type="text/javascript"> $(function() { //get tag feed $.getJSON("/tagcloud.php?callback=?", function(data) { //create list for tag links $("<ul>").attr("id", "tagList").appendTo("#tagCloud"); //create tags $.each(data.tags, function(i, val) { //create item var li = $("<li>"); //create link $("<a>").text(val.tag).attr({title:"See all pages tagged with " + val.tag, href:"http://localhost/tags/" + val.tag + ".html"}).appendTo(li); //set tag size li.children().css("fontSize", (val.freq / 10 < 1) ? val.freq / 10 + 1 + "em": (val.freq / 10 > 2) ? "2em" : val.freq / 10 + "em"); //add to list li.appendTo("#tagList"); }); }); }); </script> when i turn on error reporting I get a lot of undefined index notices for tag and frequency so not sure if that is causing the problem or not. Hey, I have made a audio button in dreamweaver and copied the code into my php panel: <script language="JavaScript" src="http://www.MYWEBSITE.com/myname/audio/audio-player.js"></script> <object type="application/x-shockwave-flash" data="http://www.MYWEBSITE.com/media_folder/audio/player.swf" id="audioplayer1" height="24" width="290"> <param name="movie" value="http://www.MYWEBSITE.com/media_folder/audio/player.swf"> <param name="FlashVars" value="playerID=audioplayer1&soundFile=http://www.MYWEBSITE.com/media_folder/audio/Reconstructed Ancient Egyptian Melody.mp3"> <param name="quality" value="high"> <param name="menu" value="false"> <param name="wmode" value="transparent"> </object> However once I press save, all that is saved is: <script language="JavaScript" src="http://www.MYWEBSITE.com/myname/audio/audio-player.js"></script> <object type="application/x-shockwave-flash" data="http://www.MYWEBSITE.com/media_folder/audio/player.swf" id="audioplayer1" height="24" width="290"> <param name="movie" value="http://www.MYWEBSITE.com/media_folder/audio/player.swf"> The audio button works however because the code which includes the mp3 file never saves, it can never find the audio file. Can anyone tell me why the audio file part of the code doesn't save? Thanks. I have some code which deletes a record from my database (which has been selected from the previous page). Only problem is, it comes up with error code, but still deletes from the database? Error: Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /www/110mb.com/t/h/e/b/l/a/c/k/theblackwatch/htdocs/150749deleted.php on line 28 Code: Code: [Select] <?php $id = $_GET[id]; // Start the connection to the database $conn = mysql_pconnect("***", "***", "***"); // Select the database to use mysql_select_db("***", $conn); // Create the MySQL command to retrieve all records $sql = "DELETE FROM **** WHERE id ='$id'"; $result = mysql_query($sql, $conn); $array = mysql_fetch_array($result); // Echo each entry as the value of the text boxes. This brings in the current info in the database echo "<p>Entry has been deleted.</p>"; ?> Any way round it? Hello all, I'm trying to clean up some user input for my database but the mysql_real_escape_string function doesn't seem to work, and neither does addslashes(). I've browsed the net and made sure I'm connected to the database before the function is called. I can't figure out what I'm doing wrong. Here's the relevant part of the code: Code: [Select] <?php mysql_connect("localhost","adminname","adminpassword") or die (mysql_error()); mysql_select_db("databasename") or die (mysql_error()); $comment=mysql_real_escape_string($_POST['commentbox']); ?> ...and then the result is put into the database along with some other data. The database entry is correct, except, when I check the database or echo the result I get the same thing that was entered into 'commentbox'. For instance, if I enter "I am very 'confused' by this" into the box, the same string will be found in the database table. No slashes, just quotes. Anyone have an idea what's wrong with this? Because it all seems simple and correct but doesn't work. Hi, when I output this, it's same order, I want it to be: email/message/to/toLastName please see code: $testArray=array("toLastName","to","message","email"); $reversedTestArray=rsort($testArray);//rsort returns TRUE on success //$strTestArrayReversed=implode(",",$testArray); print_r($testArray); Any idea what I am doingwrong, it looks fairly straightforward. Any help much appreciated! Im using func_get_args, but it gives an error?: Too few arguments?, when its correct (as the number of %s = the number of values within $args) <?php function sprintify() { global $urls; $args = func_get_args(); $input = $args[0]; unset($args[0]); return sprintf($urls[$input], implode(', ', $args)); } echo sprintify('default', 46, 464, 46); /* For your information: $urls['default'] = '%s/%s/%s'; */ ?> |