jordanmoore

MD5 cracks mainly work on a collision basis. This means that they create another string which creates the same hash. For example (this is not a working example), we could have the hash "jordan" coming to "d16d377af76c99d27093abc22244b342", but have the phrase "thisisanmd5collisionSALT" which also comes to "d16d377af76c99d27093abc22244b342". With "jordan" being the "decrypted" version of "thisisanmd5collisionSALT", this would usually pass an MD5 check. However, when the login function applies the salt to "jordan" to make "jordanSALT", we could no longer get "d16d377af76c99d27093abc22244b342" as the hash. So essentially, from what I understand, the SALT protects again collision based attacks.

Have you tried printing the "$result" variable to see what content it holds? Also, you could try placing several traces over the script, just as simple as something like echo "1"; - where you increment the number. This will give you a good idea of where the code is going.

Well I'm back again with another idea, try using this script: <?php require_once('inc/global.inc.php'); # search.inc.php /* * This is the search content module. * This page is included by index.php. * This page expects to receive $_GET['terms']. */ // Redirect if this page was accessed directly: if (!defined('BASE_URL')) { // Need the BASE_URL, defined in the config file: require_once ('../includes/config.inc.php'); // Redirect to the index page: $url = BASE_URL . 'index.php?p=search'; // Pass along search terms? if (isset($_GET['terms'])) { $url .= '&terms=' . urlencode($_GET['terms']); } header ("Location: $url"); exit; } // End of defined() IF. // Print a caption: echo '<h2>Search Results</h2>'; // Display the search results if the form // has been submitted. if (isset($_GET['terms']) && ($_GET['terms'] != 'Search...') ) { $terms = $_GET['terms']; $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die *('Error connecting to MySQL server'); // Query the database. $query = "SELECT * FROM product WHERE title LIKE '%$terms%'"; // Fetch the results. //$row = mysqli_fetch_array($result); // Print the results: $result=mysqli_query($dbc,$query); if (!$result){ echo "<h3>Sorry,</h3>"; echo "<p>your search: "" .$terms. "" returned zero results</p>"; } else { $output = Array(); while($row=mysqli_fetch_assoc($result)) { $output[] = '<ul>'; $output[] = '<li>'.$row['title'] .': £'.$row['price'].'<br /><img src="'.$row['img'].'" alt="'.$row['title'].'" /></li>'; $output[] = '</ul>'; } echo join('',$output); } } else { // Tell them to use the search form. echo '<p class="error">Please use the search form at the top of the window to search this site.</p>'; } ?>

Right, I've got a final idea on this - but unfortunately I'm not very good at php mySql related queries. I've looked at the php manual and your query should be returning false. Here is the code I think may work for you: <?php require_once('inc/global.inc.php'); # search.inc.php /* * This is the search content module. * This page is included by index.php. * This page expects to receive $_GET['terms']. */ // Redirect if this page was accessed directly: if (!defined('BASE_URL')) { // Need the BASE_URL, defined in the config file: require_once ('../includes/config.inc.php'); // Redirect to the index page: $url = BASE_URL . 'index.php?p=search'; // Pass along search terms? if (isset($_GET['terms'])) { $url .= '&terms=' . urlencode($_GET['terms']); } header ("Location: $url"); exit; } // End of defined() IF. // Print a caption: echo '<h2>Search Results</h2>'; // Display the search results if the form // has been submitted. if (isset($_GET['terms']) && ($_GET['terms'] != 'Search...') ) { $terms = $_GET['terms']; $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die *('Error connecting to MySQL server'); // Query the database. $query = "SELECT * FROM product WHERE title LIKE '%$terms%'"; // Fetch the results. //$row = mysqli_fetch_array($result); // Print the results: if($result=mysqli_query($dbc,$query)){ $output = Array(); while($row=mysqli_fetch_assoc($result)) { $output[] = '<ul>'; $output[] = '<li>'.$row['title'] .': £'.$row['price'].'<br /><img src="'.$row['img'].'" alt="'.$row['title'].'" /></li>'; $output[] = '</ul>'; } echo join('',$output); } else { echo "<h3>Sorry,</h3>"; echo "<p>your search: "" .$terms. "" returned zero results</p>"; } } else { // Tell them to use the search form. echo '<p class="error">Please use the search form at the top of the window to search this site.</p>'; } ?> If this does not work then I'm not quite sure what you could do to fix it. You may try tracing the result variable to see the contents. I hope you're able to get this sorted.

Are you using the three equals signs - "===" - like I suggested or just the two - "==" - like I saw in your code snippet? If you're using just the two then try replacing "false" with "null". However if you use the three then you should be able to use "0", "false" or "null".

It looks like you didn't create the output array before you started using it. Try this: <?php require_once('inc/global.inc.php'); # search.inc.php /* * This is the search content module. * This page is included by index.php. * This page expects to receive $_GET['terms']. */ // Redirect if this page was accessed directly: if (!defined('BASE_URL')) { // Need the BASE_URL, defined in the config file: require_once ('../includes/config.inc.php'); // Redirect to the index page: $url = BASE_URL . 'index.php?p=search'; // Pass along search terms? if (isset($_GET['terms'])) { $url .= '&terms=' . urlencode($_GET['terms']); } header ("Location: $url"); exit; } // End of defined() IF. // Print a caption: echo '<h2>Search Results</h2>'; // Display the search results if the form // has been submitted. if (isset($_GET['terms']) && ($_GET['terms'] != 'Search...') ) { $terms = $_GET['terms']; $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die *('Error connecting to MySQL server'); // Query the database. $query = "SELECT * FROM product WHERE title LIKE '%$terms%'"; // Fetch the results. //$row = mysqli_fetch_array($result); // Print the results: $result=mysqli_query($dbc,$query); if ($result === false){ echo "<h3>Sorry,</h3>"; echo "<p>your search: "" .$terms. "" returned zero results</p>"; } $output = Array(); while($row=mysqli_fetch_assoc($result)) { $output[] = '<ul>'; $output[] = '<li>'.$row['title'] .': £'.$row['price'].'<br /><img src="'.$row['img'].'" alt="'.$row['title'].'" /></li>'; $output[] = '</ul>'; } echo join('',$output); } else { // Tell them to use the search form. echo '<p class="error">Please use the search form at the top of the window to search this site.</p>'; } ?>

Hello, I took a quick look at your code and I've had this following idea. Try using this line of code: if ($result === false){ echo "<h3>Sorry,</h3>"; echo "<p>your search: "" .$terms. "" returned zero results</p>"; }