Jump to content

lovephp

Members
  • Posts

    530
  • Joined

  • Last visited

Everything posted by lovephp

  1. wow it was this simple , really appreciate it alot Jacques
  2. can i upload the sciprt in here to show you guys?
  3. Jacques1 i will bind them but how am i suppose to verify the password? the password password_verify() required 2 parameters
  4. Heyya guy, another issue i ran into now, i need to make change password but it just wont work. here is the part i try to verify. example of password is $2y$10$2QsvMvranDkaB7XYCMIFIOfNWRczae5tpFmqXGmUCVQrFw26dg6wK $stmt = "SELECT password, memberID FROM members WHERE memberID = '".$uid ."'"; $stmt = $db->prepare($stmt); $stmt->execute(); $row = $stmt->fetch(); if(password_verify($uid,$row['password']) == 0){ $error[] = 'Old password is incorrect.'; }else if($_POST['newpassword'] == ''){ $error[] = 'New password is required.'; }else if(strlen($_POST['newpassword']) < 6){ $error[] = 'New password is too short. (6 Chars)'; }else if(strlen($_POST['confirmpassword']) < 6){ $error[] = 'Confirm password was too short. (6 Chars)'; }else if($_POST['newpassword'] != $_POST['confirmpassword']){ $error[] = 'Passwords do not match.'; } the password.php script is <?php if (!defined('PASSWORD_BCRYPT')) { define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } Class Password { public function __construct() {} function password_hash($password, $algo, array $options = array()) { if (!function_exists('crypt')) { trigger_error("Crypt must be loaded for password_hash to function", E_USER_WARNING); return null; } if (!is_string($password)) { trigger_error("password_hash(): Password must be a string", E_USER_WARNING); return null; } if (!is_int($algo)) { trigger_error("password_hash() expects parameter 2 to be long, " . gettype($algo) . " given", E_USER_WARNING); return null; } switch ($algo) { case PASSWORD_BCRYPT : // Note that this is a C constant, but not exposed to PHP, so we don't define it here. $cost = 10; if (isset($options['cost'])) { $cost = $options['cost']; if ($cost < 4 || $cost > 31) { trigger_error(sprintf("password_hash(): Invalid bcrypt cost parameter specified: %d", $cost), E_USER_WARNING); return null; } } // The length of salt to generate $raw_salt_len = 16; // The length required in the final serialization $required_salt_len = 22; $hash_format = sprintf("$2y$%02d$", $cost); break; default : trigger_error(sprintf("password_hash(): Unknown password hashing algorithm: %s", $algo), E_USER_WARNING); return null; } if (isset($options['salt'])) { switch (gettype($options['salt'])) { case 'NULL' : case 'boolean' : case 'integer' : case 'double' : case 'string' : $salt = (string)$options['salt']; break; case 'object' : if (method_exists($options['salt'], '__tostring')) { $salt = (string)$options['salt']; break; } case 'array' : case 'resource' : default : trigger_error('password_hash(): Non-string salt parameter supplied', E_USER_WARNING); return null; } if (strlen($salt) < $required_salt_len) { trigger_error(sprintf("password_hash(): Provided salt is too short: %d expecting %d", strlen($salt), $required_salt_len), E_USER_WARNING); return null; } elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) { $salt = str_replace('+', '.', base64_encode($salt)); } } else { $buffer = ''; $buffer_valid = false; if (function_exists('mcrypt_create_iv') && !defined('PHALANGER')) { $buffer = mcrypt_create_iv($raw_salt_len, MCRYPT_DEV_URANDOM); if ($buffer) { $buffer_valid = true; } } if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) { $buffer = openssl_random_pseudo_bytes($raw_salt_len); if ($buffer) { $buffer_valid = true; } } if (!$buffer_valid && is_readable('/dev/urandom')) { $f = fopen('/dev/urandom', 'r'); $read = strlen($buffer); while ($read < $raw_salt_len) { $buffer .= fread($f, $raw_salt_len - $read); $read = strlen($buffer); } fclose($f); if ($read >= $raw_salt_len) { $buffer_valid = true; } } if (!$buffer_valid || strlen($buffer) < $raw_salt_len) { $bl = strlen($buffer); for ($i = 0; $i < $raw_salt_len; $i++) { if ($i < $bl) { $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255)); } else { $buffer .= chr(mt_rand(0, 255)); } } } $salt = str_replace('+', '.', base64_encode($buffer)); } $salt = substr($salt, 0, $required_salt_len); $hash = $hash_format . $salt; $ret = crypt($password, $hash); if (!is_string($ret) || strlen($ret) <= 13) { return false; } return $ret; } /** * Get information about the password hash. Returns an array of the information * that was used to generate the password hash. * * array( * 'algo' => 1, * 'algoName' => 'bcrypt', * 'options' => array( * 'cost' => 10, * ), * ) * * @param string $hash The password hash to extract info from * * @return array The array of information about the hash. */ function password_get_info($hash) { $return = array('algo' => 0, 'algoName' => 'unknown', 'options' => array(), ); if (substr($hash, 0, 4) == '$2y$' && strlen($hash) == 60) { $return['algo'] = PASSWORD_BCRYPT; $return['algoName'] = 'bcrypt'; list($cost) = sscanf($hash, "$2y$%d$"); $return['options']['cost'] = $cost; } return $return; } /** * Determine if the password hash needs to be rehashed according to the options provided * * If the answer is true, after validating the password using password_verify, rehash it. * * @param string $hash The hash to test * @param int $algo The algorithm used for new password hashes * @param array $options The options array passed to password_hash * * @return boolean True if the password needs to be rehashed. */ function password_needs_rehash($hash, $algo, array $options = array()) { $info = password_get_info($hash); if ($info['algo'] != $algo) { return true; } switch ($algo) { case PASSWORD_BCRYPT : $cost = isset($options['cost']) ? $options['cost'] : 10; if ($cost != $info['options']['cost']) { return true; } break; } return false; } /** * Verify a password against a hash using a timing attack resistant approach * * @param string $password The password to verify * @param string $hash The hash to verify against * * @return boolean If the password matches the hash */ public function password_verify($password, $hash) { if (!function_exists('crypt')) { trigger_error("Crypt must be loaded for password_verify to function", E_USER_WARNING); return false; } $ret = crypt($password, $hash); if (!is_string($ret) || strlen($ret) != strlen($hash) || strlen($ret) <= 13) { return false; } $status = 0; for ($i = 0; $i < strlen($ret); $i++) { $status |= (ord($ret[$i]) ^ ord($hash[$i])); } return $status === 0; } } what is it i am doing wrong? i get incorrect old password
  5. Ah ucstring is a function to Capitalize the first word. thanks requinix solved my problem appreciate it. oh and yes i also use function noHTML($input, $encoding = 'UTF-8') { return htmlentities($input, ENT_QUOTES | ENT_HTML5, $encoding); } on most of the places, i will keep your advice in mind.
  6. or is this a better solution <IfModule mod_rewrite.c> RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule .* index.php [F,L] </IfModule>
  7. hey ya guys, first of all a very happy new year to all. ok my following code is prone to XSS how could this be prevented? <?php function updateDataArray($value) { if(preg_match("#[a-z]#i", $value)) { return str_replace("-", " ", $value); } return $value; } if(!empty($_GET)){ echo '<br/>'; foreach ($_GET as $key => $value) { $key = str_replace('_', ' ', $key); echo '<small><b>'.ucstring($key). ':</b> ' .ucstring(updateDataArray($value)). ', </small>'; } echo '<br/>'; } ?>
  8. Like mac_gyver said it's all in the session, if you need further help post ur coding here.
  9. for that create a table as comments store id, product id, user id, post text, post date. thats all you need. i believe you already have the table ready so where is the issue?
  10. That depends on what you want them to post? A blog, forum or what? U create a mysql table posts with auto increment of id then store users id to a field and whatsoever fields of your choice.
  11. Something like this it should be if($record["rstatus"] == "0"){ echo 'waiting'; }elseif($record["rstatus"] == "1"){ echo 'shipping'; } else { echo 'delivered'; } Its just an example, you can use elseif to add more.
  12. Post the code please within proper tags . That's more convenient than to be downloading files.
  13. Its ok no iasue guess i could not explain it well. Thanks
  14. Well in my classified post page im stopping users for an hour till they can make another post, the current nextpost var displays the time an hour from post the original post time. I do i make it reverse as in 130 seconds remaining until you make your next post. I hope you get my point?
  15. Classified post i don't want users to post non stop thts why i added this to make users wait for an hour till they can make another post
  16. hey all hope all good? well am back after sometime with an issue. well i got my anti flood working ok but what i need is instead of showing time i need to show backward countdown seconds types for next post. my current code which i wrote looks like this what must i do to get anti clock seconds till 1hours is over? $stmt = "SELECT * FROM floodcontrol WHERE memberID = :memberID AND time >= DATE_SUB(NOW(), INTERVAL 1 HOUR)"; $stmt = $db->prepare($stmt); $stmt->bindParam(':memberID', $uid, PDO::PARAM_STR); $stmt->execute(); $f = $stmt->fetch(); $floodcontrol = $stmt->rowCount(); $nextpost = date("H:i:s A", strtotime($f['time'].' +1 hour')); regards
  17. Ginjerjm did i do something wrong by referring that? I just thought it would be of his help
  18. Google for addthis and use their api
  19. Happy friendship day to all
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.