Richard_Grant

I'm not going to lie, i wasn't thinking about bytes when i wrote that. (i will update that now). In my case speed is not an issue, i am sacrificing speed for security. TBH i haven't decided if i want to store the binary string as a BINARY in the database or convert the binary string to byte array and add it to the database as a BLOB,

Thank you @jcbones that was EXTREMELY helpful. So here is the function i will be using for password hashing: (tell me what you would do differently if anything) <?php class password_handle{ public static function hashbinary($password){//converts string to binary $hash = password_hash($password, PASSWORD_BCRYPT, array('cost'=>14)); $bin_layer = ""; $hash_split = str_split($hash); for($i = 0; $i < count($hash_split);$i++){ $bin = decbin(ord($hash_split[$i])); $bin_l = strlen($bin); if($bin_l < 7){ $pad =""; for($j =0; $j < 7 - $bin_l;$j++){ $pad .= "0"; } $bin = $pad . $bin; } $char = chr(bindec($bin)); $bin_layer .= $bin; } return $bin_layer; } public static function verifyhash($password, $bin_password){//verifies that the hash is equal to the password return (password_verify($password, self::binarystring($bin_password))) ? true : false; } private function binarystring($binary){//converts binary to string $char_layer = ""; $bin_split = str_split($binary, 7); for($i = 0; $i < count($bin_split); $i++){ $char_layer .= chr(bindec($bin_split[$i])); } return $char_layer; } } $password = "HelloWorld!"; $p_h = new password_handle(); $hashbin = $p_h::hashbinary($password); //Store this in database /* 01001000110010111100101001000110001011010001001000110111111011101101001101000011100011001011000010 11110001011001011100001011101000101101010110110101010000111011011001101001011111101011101101110110 10011111101010100110110010111101101101100101011101001101111101010101011101001101000011001101011010 11100010110001110011011010101010001011001010101111000010111010011110101001111100001010000101110000 110011010010111001010010111 */ if($p_h::verifyhash($password,$hashbin)){//if password is the same as the hash echo "true"; }else{ echo "false"; } ?> What is happening there is: i password_hash the string with PASSWORD_BCRYPT allowing they method to determine its own salt I convert the hash to a binary string for storing in my mysql database I check if the binary hash is equal to the password string.

I would like to have the option of thanking people by the press of a button. Currently there is a like button but that's entirely different than a thank you button.

Okay so i just learned how to use passowrd correctly: $password = "HelloWorld!"; $options = [ 'cost' => 14 ]; $hash = password_hash($password, PASSWORD_BCRYPT, $options); echo $hash . "<br>"; if(password_verify($password, $hash)){ echo "Match"; } I was unaware of the password_verify function, which is why i chose to use PASSWORD_DEFAULT but i opened up the manual . Which brings me to my next point... If password_verify checks if $password & $hash are equal, doesn't that mean that $hash is being (de-hashed)?

I have been out of the game for a while and i need a bit of guidance on this. Password: HelloWorld! Salt: mySaltForMyReallyCoolPasswordThatiMadeForPHPFREAKS MD5 . SALT = 072ce1d7fd7e6f14ba12053a9e057b26 SHA1 . SALT = d580f4880e29ed757d942623f4d96dab1976d929 Crypt . SALT = my7LFLALq6s3c password_hash = $2y$13$mySaltForMyReallyCoolO9t3RUqt1WbzVeqqQGxDHqOF/nu2Zhs2 Which security protocol is most prefered. SALT . MD5 . SALT http://php.net/manual/en/function.md5.php SHA1 . SALT http://php.net/manual/en/function.sha1.php Crypt http://php.net/manual/en/function.crypt.php password_hash http://php.net/manual/en/function.password-hash.php (new) function: <?PHP $password = "HelloWorld!"; $salt = "mySaltForMyReallyCoolPasswordThatiMadeForPHPFREAKS"; $md5 = md5($password . $salt); $sha1 = $sha1($password . $salt); $crypt = crypt($password, $salt); $o = [ 'cost' => 13, 'salt' => $salt, ]; $password_hash = password_hash($p, PASSWORD_DEFAULT, $o); ?> After i get the encrypted password, i will convert it to binary and then store it in the database as a binary. Which of these methods do you prefer and why? (ps. i might have used password_hash incorrectly). i don't need any source code, just fill me in

I agree, i use prepared statements in mysqli, mysql is depreciated. Good point out.

Problem fixed

nononono... window.onscroll = function(){ scrollisAt(0,100, function(){ alert("at 100"); }); };function scrollTop(x,y,func){ var x_ = (window.pageXOffset || document.documentElement.scrollLeft) - (document.documentElement.clientLeft || 0); var y_ = (window.pageYOffset || document.documentElement.scrollTop) - (document.documentElement.clientTop || 0); if(x == x && y==y){ func(x,y); } };

<?php $conn = mysql_connect("localhost", "mysql_user", "mysql_password"); if (!$conn) { echo "Unable to connect to DB: " . mysql_error(); exit; } if (!mysql_select_db("mydbname")) { echo "Unable to select mydbname: " . mysql_error(); exit; } $sql = "SELECT id as userid, fullname, userstatus FROM sometable WHERE userstatus = 1"; $result = mysql_query($sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysql_error(); exit; } if (mysql_num_rows($result) == 0) { echo "No rows found, nothing to print so am exiting"; exit; } // While a row of data exists, put that row in $row as an associative array // Note: If you're expecting just one row, no need to use a loop // Note: If you put extract($row); inside the following loop, you'll // then create $userid, $fullname, and $userstatus while ($row = mysql_fetch_assoc($result)) { echo $row["userid"]; echo $row["fullname"]; echo $row["userstatus"]; } mysql_free_result($result); ?> Get the Values you need by running the php above, then store them in a session. and then change your .html file to a .php filetype. and then you can put <?PHP echo $_SESSION['value']; ?> where ever you want.

Any included source files without a file name hurt your google ranking. (unless its a blob)

I don't have time to actually help you but here is a .htaccess file i am currently using: DirectoryIndex board/index.php ############################################################################################ RewriteEngine on ########################## Redirect name/firstname/lastname ################################ RewriteCond %{REQUEST_URI} user/(.*)/(.*)/ RewriteRule user/(.*)/(.*)/ %{DOCUMET_ROOT}/board/test.php?firstname=$1&lastname=$2 RewriteCond %{REQUEST_URI} /user/(.*)/ RewriteRule user/(.*)/ %{DOCUMET_ROOT}/board/test.php?firstname=$1 RewriteCond %{REQUEST_URI} /user RewriteRule user/ %{DOCUMET_ROOT}/board/test.php RewriteCond %{REQUEST_URI} !(/$|\.) RewriteRule (.*) %{REQUEST_URI}/ ############################################################################################# RewriteCond %{REQUEST_URI} BETA/ [NC] RewriteRule BETA/ %{DOCUMET_ROOT} [NC] RewriteCond %{REQUEST_URI} construction/ [NC] RewriteRule construction/ %{DOCUMET_ROOT}/board/ECT/SITE_STATUS_/construction.php [NC] RewriteCond %{REQUEST_URI} ACCESS_DENIED/ [NC] RewriteRule ACCESS_DENIED/ %{DOCUMET_ROOT}/board/ECT/SITE_STATUS_/ACCESS_DENIED.php [NC] My directory is like this: Hope this helped Also press the Thanks on requinix

Store images in the file system and store the directory in the database, or create a directory in your file system for each user (which is what i would do) -User -Profile -Images *Myimage.jpg ________________________ If your looking after protecting the images, get the binary data from the image then store it in the database as a BLOB. I've been programming websites for a long time now and these are the 2 main options.

My gravitar is not working please fix that.

Cronix is wrong, it would not use alot of processing Dont use any libraries.. you newb.. Get the number of paragraphs, then the number of letters in the paragraph (ignoring spaces). Then surround each letter with a span with an id of the current increment then create an animation to fade out a range of spans. Not that hard really.

you are probably on your localhost you need to set up your sendmail.ini. If your not on your localhost then make sure your server is set up correctly. the problem is not with the code.

I agree with Requinix, i don't think your skilled enough to be attempting this project. However, I will baby step you on how i would go about doing it. I would create a Seperate piped server (write it in C# or C++) then decide if you want this as a webbrowser extension or just make them download and install it. Install to c:/users/USER/appdata/local.... And now you can open the client pipe with php (http://stackoverflow.com/questions/19126424/launch-notepad-exe-from-a-php-file) You can make the client look for certain protocols to identify the computer such as Machine ID to identify the machine. To get this running slick would be a bit of work but it shouldn't be to hard. ________ Other than that i would say that you really cant do what you are requesting with PHP, maybe look into Silverlight C#, but then that requires the user has silverlight installed and macs have an issue with silverlight if the application is not developed correctly.

you have a lot of options here,,, You can check the string is it contains a character other than a number. you can use is_nummeric http://php.net/manual/en/function.is-numeric.php (i suggest this) you can use is_int http://php.net/manual/en/function.is-int.php (i suggest this) you can use is_string http://php.net/manual/en/function.is-string.php a cheap way to do this could be: (i wouldnt suggest this) $allow = "1234567890."; //Remove end decimal if you dont wish to allow decimals $myvalue = 1; $allow_split = str_split($allow); for($i =0; $i < count($allow_split); $i++){ if(strpos($allow_split[$i], (string)$myvalue)) { // i only wrote this for single didget numbers you can write another for loop to loop trough your myvalue variable just like i did with the allowed variables. } }

I have absolutely no clue what your using but it looks like some trashy 3rd party php libraries are being used.. it looks like the problem is this line: $searchwhere[] = 'pm.cat_id IN ('.implode(',', $cats).')'; looks like your searching the database (or what ever) for the $cats string. you need to append to that array for the other values you want to search and in the mysql query (you should really be using mysqli pdo) you just change OR to and.