Stefany93

Opencart uses SHA1 for storing passwords. I was a bit shocked when I saw that since that hashing algorithm is now obsolete.

Thank you for the suggestions everyone!

Hello, I was wondering if you could please give me some pointers on how to find programming freelance projects. The only freelancing I have done so far was throughout friends and occasionally people on forums, but I have heard there are many ways by which you can score a project. I tried google it, but I couldn't find anything relevant. I have also created profiles on various freelancing websites, but I was wondering if there are other way?. Thank you very much! Best Regards Stefany

^^ Right, thank you very much. I guess it is not possible to access the Zend Framework in the CMD now with the newest version.

^^ I downloaded the latest 2.0.5 version. So it is not possible to access Zend with the command prompt anymore?

Hello, First of all, if anyone here remembers my opposition frameworks, I want to say that I was wrong, and I am sorry. Moving on, I downloaded the Zend Framework from the official website and now I am following a tutorial on how to install it but I am stuck with the question that I can't seem to find the zf.bat file in order to access the Zend Framework in the command prompt. The guy who created the tutorial said it is located in the bin folder, but all there is in the bin folder are just a bunch of .php files. Could you please tell me where to find it? Thank you! Best Regards Stefany

Yeah, it turned out I had included the logged_in.php file in another file I had included in this page and thus makes the logged_in.php included as well. How silly of me! I just thought that since sessions are global variables they somehow get affected by the behavior of different documents even when they are not included into the file. Than you so much for helping me!

^^ I tried rewriting the code but it is still accessed somehow! <?php //Requests the user to be logged in before seeing this page if(!isset($_SESSION['user_id'])){ die('Sorry must be a registered user to view this page! Please <a href="index.php">Log in</a> or <a href="register.php">Register!</a>'); }

Thank you, but It is included, and still doesn't work.

Hello, I have a document logged_in.php that checks whether the user has logged in, in order to display a protected page. Here is the code: <?php //Requests the user to be logged in before seeing this page if(isset($_SESSION['user_id'])){ return true; }else{ die('Sorry must be a registered user to view this page! Please <a href="index.php">Log in</a> or <a href="register.php">Register!</a>'); } I include this file on the top of the document I want to protect. However I have come across a very funny problem. No idea why, but every time I want to prevent certain links to appear if the user has not logged in, the logged_in.php file is accessed even tho I haven't included it! Here, for example in the code below, I want to prevent the user from seeing these links unless they are logged in: if(isset($_SESSION['user_id'])){ ?> <a href="edit_topic.php?category=<?php echo $category;?>&post_id=<?php echo $topic_id;?>" class="up_links">Edit topic</a> <a href="delete_topic.php?category=<?php echo $category;?>&post_id=<?php echo $topic_id;?>" class="up_links">Delete topic</a> <?php } And if the user hasn't logged in, the logged_in.php document kills off the rest of the page, and again I will state it isn't include so I have no idea why is it doing that. Please give me some directions on what to do. Thank you very much! Best Regards Stefany

Sorry for the late reply everyone, thank you very much for the help. I applied base64_encode and it worked great like you said! Christian, thank you very much for the great idea to automatically login the user when cookies are detected.

Terribly sorry for posting in the wrong section. May the staff relocate the thread, please!

Hello, I am creating a forum and I have put a "Remember me" box next to the login form that basically remembers the user's password and username by writing it to cookies and giving it 1 year expiration date. So far so good, but I read that is it dangerous to store the user username and password in plain text in cookies so I decided to encrypt them and here where the problems started. Here is the code I use for encrypting cookies: if(isset($_POST['remember']) and !empty($_POST['remember'])){ $remember = $_POST['remember']; // encryping the username $username_cookie = serialize($username); $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $key = 'key'; $encrypted_username = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $username_cookie, MCRYPT_MODE_CBC, $iv); setcookie('username',$encrypted_username.':'.$iv,time() + 31536000); // encrypting the password $password_cookie = serialize($password); $iv_size_pass = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC); $iv_pass = mcrypt_create_iv($iv_size_pass, MCRYPT_RAND); $encrypted_password = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $password_cookie, MCRYPT_MODE_CBC, $iv_pass); setcookie('password',$encrypted_password.':'.$iv_pass,time() + 31536000); } So the code above encrypts the username and the password cookies. Later when the user returns to the page, they have the username and the password populated in the login form automatically for them so they can login only by clicking the button "Submit" Here is the code I use to decrypt the cookies. I decrypt the username cookie on the login page and the password cookie I leave it encrypted and decrypted it later when the user clicks "Submit" //decrypting the username cookie if(isset($_COOKIE['username'], $_COOKIE['password'])){ list($encrypted_username, $iv) = explode(':', $_COOKIE['username']); $raw_cookie1 = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, 'key', $encrypted_username, MCRYPT_MODE_CBC, $iv); $cookie1 = unserialize($raw_cookie1); } And here I decrypt the password cookie on the login process page: list($encrypted_password, $iv_pass) = explode(':',$_COOKIE['password']); $raw_cookie2 = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, 'key', $encrypted_password, MCRYPT_MODE_CBC, $iv_pass); $password = unserialize($raw_cookie2); $password = sha1($password); So far so good, everything works normally, but sometimes, not every time, but sometimes when the user tries to log in using cookies to automatically populate the login forms for them, they get this error: And naturally, the user can't log in. Sometimes they get no error while signing in, but when they do sign in, they get another error: And after this error the cookies won't work the next time the user visits the website when clicked "Remember me" So could you please give me some clue why sometimes it gives me this error and sometimes it works perfectly fine. I am really lost. If you need more code, please let me know and I will provide it. Thank you very much! Best Regards Stefany

To be honest I didn't get it...

A revolution - I like the idea

^^ I usually do like that when I have to get a numerical value from a query string: $category = filter_input(INPUT_GET, 'category', FILTER_SANITIZE_NUMBER_INT); Filter_input is an awesome function for security.

^^ Thank you Kevin, very nicely explained, I got it now.

I think it is pretty good. Even the design is awesome for a programmer!

It says the website's currently under construction...

^^ Thank you very much KevinM1, your post helped me a great deal. There is a very little competition in the Bulgarian programmer freelance market since few Bulgarians know programming so guess I don't have to charge that much then just like you suggested.

^^ Yeah well thousands of blogs for myself I never sold of any them Thank you for the help tho.

Hello, I received a project to create a custom blog with comments. How much do you think I should charge for it? I was thinking something like 300$. Is it too much or too little? I created like thousands of blogs so I can do that one quickly. Best Regards Stefany

Right, thank you very much. So use CSS when possible and when not then JS.

Sorry I pressed the wrong button

One piece of advice, we programmers are not meant to be designers. If we want something pretty, he have to work with designers. Do not deal with design if you want to be a programmer. I have never seen programmers who are good with designs and vice versa. I once met a designer who wanted to learn programming aside designing, so I spend hours and hours of teaching him and at the end he couldn't even understand what a variable is. So he gave up and continued being what he was good at. People are just different.