ajbarlow87

Yeah, I've been reading on this, and it seems everyone and their Mom says not to do this, and the MySQL manual specifies not to use it either. Thanks for pointing out the changes. This is why I'm a wannabe. This answer should have been clear to me... I'm going to end up using crypt I believe. Thanks for the nudge in the right direction.

I'm not really sure where to post this topic... it touches on MySQL, PHP, Javascript, and best practices. I want to force users to update their password after 90 days. I can force them to the update page no problemo, but I'm having troubles forcing them to pick a new password, something different than what they have already stored in the database. Currently when a user registers for an account on my site, the password is passed in plain text and I let the MySQL Password() function hash it (I've come to understand this is bad practice). This makes it kind of difficult, because I am having a hard time verifying their new, plain text entry on the update page to the Password() hashed old one. The closest I've gotten is this: <script type="text/javascript"> function newpassword() { var oldpw = "<?php echo $XXXXXX->UserPassword; ?>"; var newpw = "<?php echo '*' . strtoupper(sha1(pack('H*',sha1('<script type="text/javascript">document.write(document.FORMNAME["UserPassword"].value);</script>'))));?>"; .... </script> And I would then compare the two variables. I'm wondering if this is even possible. I've seen a few suggestions online using UNHEX or CryptoJS, but when I use those functions my page loads with nothing on it. I've thought about passing the value as a md5 hashed value, and just storing that in the database instead, but I've read a bit that md5 isn't very secure anymore. I'm kind of at a loss of what to do at this point. Any help/guidance?

THANK you! You've definitely set me on the right track! Other than matching a few other variable names in the scripts so some other calculations add correctly, this is solving my infinite loop!

Hi guys. I've built an application for my company, and everyone likes it, but on some of the "events" they create, there is an infinite loop. It doesn't always happen, so i was investigate the 'else' part of it. I've looked over the script a few times over the past few months, not religiously until today. i still can't seem to find the issue. Can someone please help me? <?php $rowtot=0; while($rowtot<count($resultsIOCC['IOCC'])){ foreach ($resultsIOCC['IOCC'] as $IOCC ) { if( $IOCC->ioccCostID == $Cost->CostID ) { if( ($IOCC->ioccLabor + $IOCC->ioccTravel + $IOCC->ioccMileage) > 0 ) { $rowtot = $IOCC->ioccLabor + $IOCC->ioccTravel + $IOCC->ioccMileage; echo money_format('$%i',$rowtot) . '<br>'; $rowstot += $rowtot; } else { echo "$" . number_format("0", 2) . '<br>'; $rowstot = ($rowstot + 0); } } $rowtot++; } } ?> I can post more of it if necessary, but I believe it's in this part of the script. I know the script is not very "professional" looking and the variables are terribly named (like rowstot and rowtot), but it was a learning experience at the time, I didn't know PHP and it was my first project.