HDFilmMaker2112

Alright what do the plus signs do?

Could somebody break down for me what the below actually does? I found the snippet on php.net. I've read up a little bit on reg expressions but it's still a little unclear to me. I get the [] means don't include that character. But then how does the [a-zA-Z0-9._-] work? preg_match('/^[^@]+@[a-zA-Z0-9._-]+\.[a-zA-Z]+$/', $email)

I just checked the cipher by itself and it's working fine... They're all working fine independently.... It should be taking the initial string ciphering it, hashing it with a salted MD5 and then hashing that hash with SHA512. The cipher works by itself, and the SHA512 of the MD5s Hash works. It's just not working when I try to add the Cipher as the first step.

I'll include a chunk of my "libraries" for the cipher: $letter['']="00"; $letter['b']="01"; $letter['d']="02"; $letter['f']="03"; $letter['h']="04"; $letter['j']="05"; $letter['l']="06"; $letter['n']="07"; $letter['p']="08"; $letter['r']="09"; $letter['t']="10"; $letter['v']="11"; $letter['x']="12"; $number['00']=" "; $number['01']="0"; $number['02']="1"; $number['03']="2"; $number['04']="3"; $number['05']="4"; $number['06']="5"; $number['07']="6"; $number['08']="7"; $number['09']="8"; $number['10']="9"; $number['11']="a"; $number['12']="b";

Alright, well I just tried SHA512 wrapping the MD5S and that is working: function kam3($string){ return hash('sha512',(md5s($string))); } My issue is with the cipher(); which doesn't make much sense since it's just a substitution cipher. It's takes an "a" and turns it into a "c".... function cipher($str){ require_once 'llib.php'; require_once 'nlib.php'; $new_str = ''; foreach (str_split($str) as $char) { $new_str .= $number[$letter[$char]]; } return $new_str; }

it's not working no matter what hashing method I use... my own, or an existing one...

Right now the password is generated by my forgot password page, then logged-in and changed via the change password form. I manually create users for this website, so eventually the user generation will be built into the admin panel, it's just not there yet. function md5s($string) { $salt = md5($string."%*k~'_@"); $string = md5("$salt$string$salt"); return $string; } function kam3($string){ return hash('sha512',(md5s(cipher($string)))); }

There's about 5 different ways to do it here: http://stackoverflow.com/questions/857441/php-explode-over-every-other-word-with-a-twist

Tried removing the sanitize() function but still no luck.

Add session_start(); above the $_SESSION variables.

$_SESSION['myusername']=$myusername; $_SESSION['mypassword']=$mypassword; if(!isset($_SESSION['myusername']))

I checked the generated hashes and for some reason there different... The one in the database is not the same as the one generated when you type your password into the log-in form.

Alright, that fixed the change password script, but now I can't log-in with the newly changed password... <?php session_start(); $myusername2=$_SESSION['myusername2']; $mypassword2=$_SESSION['mypassword2']; require_once 'db_select.php'; require_once 'func.php'; $current=kam3(sanitize($_POST['current'])); $new=sanitize($_POST['new']); $new_confirm=sanitize($_POST['new_confirm']); if($current!=$mypassword2){ header("location:index.php?usercp=password&p=0"); } elseif($new!=$new_confirm){ header("location:index.php?usercp=password&c=0"); } elseif($current==$mypassword2 && $new==$new_confirm){ $new=kam3($new); $sql="UPDATE $tbl_name SET password='$new' WHERE username='$myusername2' AND password='$mypassword2'"; $result=mysql_query($sql); unset($_SESSION['mypassword2']); unset($_SESSION['myusername2']); if(mysql_affected_rows()==1){ $_SESSION['mypassword2']=$new; $_SESSION['myusername2']=$myusername2; header("location:./index.php?usercp=password&c=1"); } else{ echo "Could Not Update Password."; } } ?> <?php require_once 'db_select.php'; require_once 'func.php'; // username and password sent from form $myusername=sanitize($_POST['username']); $mypassword=kam3(sanitize($_POST['password'])); $check_details="SELECT * FROM $tbl_name WHERE username='$myusername' AND password='$mypassword'"; $details_result=mysql_query($check_details); // Mysql_num_row is counting table row $count_details=mysql_num_rows($details_result); // If result matched $myusername and $mypassword, table row must be 1 row if($count_details==1){ session_start(); $_SESSION['myusername2']=$myusername; $_SESSION['mypassword2']=$mypassword; header("location:index.php?usercp"); } else{ $u2="0"; header('Location:./index.php?u2='.$u2.''); } ?>

Now I'm getting: Warning: mysql_affected_rows() expects parameter 1 to be resource, boolean given in /home/zyquo/public_html/makethemoviehappen.com/password_check.php on line 27 Could Not Update Password.

For some reason the below is directing me back to my change password form and telling me the current password is entered incorrectly. That is triggered by this if statement - if($current!=$mypassword2) kam3(); is my hashing function. <?php session_start(); $myusername2=$_SESSION['myusername2']; $mypassword2=$_SESSION['mypassword2']; require_once 'db_select.php'; require_once 'func.php'; $current=kam3(sanitize($_POST['current'])); $new=sanitize($_POST['new']); $new_confirm=sanitize($_POST['new_confirm']); if($current!=$mypassword2){ header("location:index.php?usercp=password&p=0"); } elseif($new!=$new_confirm){ header("location:index.php?usercp=password&c=0"); } elseif($current==$mypassword2 && $new==$new_confirm){ $new=kam3($new); $sql="UPDATE $tbl_name SET password='$new' WHERE username='$myusername2' AND password='$mypassword2'"; $result=mysql_query($sql); unset($_SESSION['mypassword2']); unset($_SESSION['myusername2']); if(mysql_affected_rows($result)==1){ $_SESSION['mypassword2']=$new; $_SESSION['myusername2']=$myusername2; header("location:./index.php?usercp=password&c=1"); } else{ echo "Could Not Update Password."; } } ?> The initial log-in script looks like this: <?php require_once 'db_select.php'; require_once 'func.php'; // username and password sent from form $myusername=sanitize($_POST['username']); $mypassword=kam3(sanitize($_POST['password'])); $check_details="SELECT * FROM $tbl_name WHERE username='$myusername' AND password='$mypassword'"; $details_result=mysql_query($check_details); // Mysql_num_row is counting table row $count_details=mysql_num_rows($details_result); // If result matched $myusername and $mypassword, table row must be 1 row if($count_details==1){ session_start(); $_SESSION['myusername2']=$myusername; $_SESSION['mypassword2']=$mypassword; header("location:index.php?usercp"); } else{ if($usernamec!=$myusername || !isset($myusername) || $passwordc!=$mypassword){ $u2="0"; } header('Location:./index.php?u2='.$u2.''); } ?> The log-in works fine, it's just when I get to my change password page, it's telling me the password is entered incorrectly.

Maybe array_slice or array_splice? http://www.php.net/manual/en/function.array-slice.php http://www.php.net/manual/en/function.array-splice.php

How many are you trying to take off, array_shift will remove the first item in the array, and shift everything else down. http://www.php.net/manual/en/function.array-shift.php

Sorry... missed the opening { bracket on the if statement: $query = "INSERT IGNORE database.t_usuario (usuario_nombre,usuario,password) ". "VALUES ('$usuario_nombre','$usuario','$password')"; mysql_query($query) or die('Error, query failed : ' . mysql_error()); if(mysql_affected_rows==1){ header("Location: PC_users_display.php"); } else{ echo "Duplicate Entry Detected."; }

My first suggestion is to always use {} brackets on all if/elseif/else statements. Also try adding dot slash "./" to all of the location header redirects, and change the lowercase l in location to a capital L. ie; header ("Location: ./login_page.html"); Lastly, your if/elseif statements have one = sign... when comparing (as you are in an if/elseif statement) it must be two equal signs. With one equal sign you're declaring a variable, and thus the first if statement will always be true, because you're declaring it to be true right in the statement.

$query = "INSERT IGNORE database.t_usuario (usuario_nombre,usuario,password) ". "VALUES ('$usuario_nombre','$usuario','$password')"; mysql_query($query) or die('Error, query failed : ' . mysql_error()); if(mysql_affected_rows==1) header("Location: PC_users_display.php"); } else{ echo "Duplicate Entry Detected."; } }

Change the INSERT INTO into INSERT IGNORE and use mysql_affected_rows... if nothing is inserted, because of a duplicate it will return 0.

First, you could write the link simpler, with less starts and stops on php. echo '<a href="count.php?id='.$row['ID'].'&desc='.$row['PRO'].'name="abc'.$i.'">**Home**</a></li>'; Second, you use $_GET[''], with the variable in the URL you want to get, inside the brackets and single quotes. ie; $identity=$_GET['id']; $desc=$_GET['desc'];

Thanks. Half asleep here, didn't want to screw something up without knowing it would work.

I'm looking to know I could reduce this a bit? I'm thinking that counting the number of rows returned and comparing the password and username typed in matches the one selected from the database is useless, as the select query itself should give me that info. If it returns a row then clearly it's the correct information. So should I remove this?: $row=mysql_fetch_row($result); $usernamec=$row[0]; $passwordc=$row[4]; // Register $myusername, $mypassword and redirect to file if($myusername==$usernamec && $mypassword==$passwordc){ <?php // username and password sent from form $myusername=sanitize($_POST['username']); $mypassword=kam3(sanitize($_POST['password'])); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' AND password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ $row=mysql_fetch_row($result); $usernamec=$row[0]; $passwordc=$row[4]; // Register $myusername, $mypassword and redirect to file if($myusername==$usernamec && $mypassword==$passwordc){ session_start(); $_SESSION['myusername2']=$myusername; $_SESSION['mypassword2']=$mypassword; header("location:index.php?usercp"); } } else{ if($usernamec!=$myusername || !isset($myusername) || $passwordc!=$mypassword){ $u2="0"; } header('Location:./index.php?u2='.$u2.''); } ?>

http://www.php.net/ChangeLog-5.php More than likely, you're not going to need to change any code... maybe bits and pieces at best.