Jump to content

Tom8001

Members
  • Content Count

    205
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Tom8001

  • Rank
    Advanced Member
  • Birthday 05/25/2000

Profile Information

  • Gender
    Male
  • Location
    Unk0wn
  1. Yeah File Permissions are 0644 and my server log, [25-Jul-2017 18:10:27 UTC] PHP Fatal error: Call to a member function bindParam() on string in /home/supernatural/public_html/forum/banappeal.php on line 16 [25-Jul-2017 18:14:15 UTC] PHP Fatal error: Call to a member function bindParam() on string in /home/supernatural/public_html/forum/banappeal.php on line 16 [26-Jul-2017 12:39:50 UTC] PHP Fatal error: Call to a member function bindParam() on string in /home/supernatural/public_html/forum/banappeal.php on line 16 [26-Jul-2017 12:52:54 UTC] PHP Warning: mysqli::prepare(): Couldn't fetc
  2. Hello, i am currently working on my forum for a minecraft server and am trying to code a banappeal submission form but when i run the code i get a 500 internal error and wanted to post my code here since I might have totally misunderstood the logic i am still fairly new to it all. And i was told not to use if($_SERVER['REQUEST_METHOD'] == "POST") { Does anyone know the reason for this? <?php require('con.php'); if($_SERVER['REQUEST_METHOD'] == "POST") { $user = htmlentities($_POST['mineuser'], ENT_QUOTES); $forumuser = htmlentities($_POST['forumuser'], ENT_QUOTES); $reason =
  3. Hello, how would i code a script that finds certain words or characters in a thread on my forum and then redirect the user? Thanks!
  4. I dont understand how i can get rid of the vulnerability in the url you can change the username and token and take over accounts with my current code i don't understand how i can prevent this
  5. Thanks, the password is able to be reset now, but i have a field in the database called 'hash' and i have the query to update it with the hashed token but it does not change, Here is my new updated code: <?php require('./includes/connect.php'); $encodedToken = $_GET['token']; $token = hex2bin($encodedToken); $tokenHash = hash('sha256', $rawToken); $username = $_GET['s']; $stmt = $handler->prepare("UPDATE users SET hash = :hash WHERE username = :u"); $stmt->bindParam(':u', $username, PDO::PARAM_STR, 255); $stmt->bindParam(':hash', $tokenHash, PDO::PARAM_STR, 255); $stmt-
  6. I don't see what you mean about not inserting the token hash in the query string?
  7. $encodedToken = $_GET['token']; $token = hex2bin($encodedToken); $tokenHash = hash('sha256', $token); $username = $_GET['s']; $stmt = $handler->prepare("UPDATE users SET reset = ".$tokenHash." WHERE username = :u"); $stmt->bindParam(':u', $username, PDO::PARAM_STR, 255); $stmt->execute(); Fatal error: Call to a member function prepare() on a non-object I get this error when clicking the reset link in the email, it says on line 10 which is the update query
  8. I read it on a stack overflow thread somewhere, And i don't know the token is what doesn't make sense to me.
  9. Hi, This is my forgot password code so far. <?php require('./includes/connect.php'); error_reporting(E_ALL | E_NOTICE); ini_set('display_errors', 1); if($_SERVER['REQUEST_METHOD'] == "POST") { $email = $_POST['email']; $email = htmlentities($email, ENT_QUOTES); $stmt = $handler->prepare("SELECT email FROM users WHERE email = :email"); $stmt->bindParam(':email', $email, PDO::PARAM_STR, 255); $stmt->execute(); if($stmt) { $fetch = $stmt->fetch(); if($email == $fetch['email']) {
  10. Sorry i'm still fairly new to PHP i don't understand what to do about the token am i ment to use the rand() function?
  11. What i don't understand is when they request to reset their password, I will be hashing the password using password_hash but how am i ment to let them see the password in the email in plaint text? Edit: Sorry we posted at the same time
  12. I was thinking to just reset the password when the form is submitted and then query the database for the new password, decrypt it and send it via email?
  13. I am currently using password_hash and password_verify in my code, I am unsure can i decrypt the password?
  14. Thanks, I will take a look at other threads.
  15. Hi, how can i create a Forgotten password script? I know security can be a real issue with this if the code isn't written correctly.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.