Ninjakreborn

sometimes you have to put ./ before the file name, check hte php ini for the directory listing, then that is what is always required at the front of it.

It wouldn't be that difficult to build that system, so it's worth a shot, you'll get better results with that, by hand, than using pre-made scripts, because you can define your own featuers.

c-type

[code]srand((double)microtime()*1000000); $td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CFB, ''); $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); $ks = mcrypt_enc_get_key_size($td); $key = substr(sha1('I picked a random word for a key here'), 0, $ks); mcrypt_generic_init($td, $key, $iv); $ciphertext = mcrypt_generic($td, $password); mcrypt_generic_deinit($td); mcrypt_generic_init($td, $key, $iv); $plaintext = mdecrypt_generic($td, $ciphertext); mcrypt_generic_deinit($td); mcrypt_module_close($td); echo "{$password}<br />"; echo "{$ciphertext}<br />"; echo "{$plaintext}<br />";[/code] ok I redid my script some, for my decryption, I did some modification, it's running smoother, but it's not decrypting it.

well it entered it into the database, and I got it working faster, I had something wrong on it, now I am trying to decrypt but it's not decrypting the password at all what am I doing wrong. [code]$select = "SELECT username, password FROM userinfo WHERE username = 'joyel'"; $query = mysql_query($select); $numberrows = mysql_num_rows($query); while ($array = mysql_fetch_array($query)) { extract($array); echo "{$password}<br />"; echo "{$username}<br />"; srand((double)microtime()*1000000); $td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CFB, ''); $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); $ks = mcrypt_enc_get_key_size($td); $key = substr(sha1('I picked a random word for a key here'), 0, $ks); mcrypt_generic_init($td, $key, $iv); $password = mcrypt_generic($td, $ciphertext); mcrypt_generic_deinit($td); mcrypt_module_close($td); echo "{$password}<br />"; echo "{$ciphertext}<br />"; echo "{$newpass}<br />"; }[/code]

[code]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'businessman332211@hotmail.com', '3553 Marcia Dr', '', 'Smyrna', 'Ga', '30082', '' at line 1The sign up could not be completed, please try again[/code] and why in hell won't it let me database it:S

I looked around for almost 48 hours, and ran across the top 3 most powerful forms of encryption that a programmer can do.  I saw the one for asp, the one for jsp, and the one for php. Since I program php obviously I picked this. Here is what I am doing roughly, what I read is it's almost impossible to decode this, unless they get your key, and you just pick a different key each time. I started using this. [code]// Begin Password Encryption srand((double)microtime()*1000000); $td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CFB, ''); $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); $ks = mcrypt_enc_get_key_size($td); $key = substr(sha1('I picked a random word for a key here'), 0, $ks); mcrypt_generic_init($to, $key, $iv); $ciphertext = mcrypt_generic($td, $password); mcrypt_generic_deinit($td); mcrypt_module_close($td); // End Password Encryption echo "{$password}"; echo "{$iv}"; echo "{$ciphertext}";[/code] No I didn't copy and paste the code from somewhere, I found out about the functions, and studied all of them, until I had come up with this, I think it's working, but why is it taking so long to encrypt.  I started the process 10 minutes ago, and it's still incrypting, still loading the page from the server. I also echo'd those so I could see the reactions of what I Had done, but it's not loading, or taking forever, did I do something wrong, or what, I also can decrypt it, this is what I wanted in general, but not this long of an encryption time.  I read this was one of the most powerful libraries when encrypting, so I used the whole library almost to get something pretty powerful, basedon the examples off the php.net, and some stuff I put together. well nevermind, I got it to work, I had something wrong on it, now do I store the ciphertext into the database, because the iv and that both are pretty strange looking. THey look like satan. So another thing I was wondering, I have 1 key, I picked.  Does that mean all password are encrypted based on that key, so if 1 person get's my key all passwords get decrypted.  Or is there a way for me to pick a random key, but then picking a random key I wouldn't be able to decrypt any of them, anyone want to shed some general light on this whole thing. 

I was going to call the username and password, test it, set it in sessions username and password, test them on each page using sessions, and if they don't exist, don't show the page.

<IfModule mod_rewrite.c> RewriteEngine on RewriteBase / RewriteCond %{HTTPS} != on RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=permanent] </IfModule> I am trying to do a mod rewrite but it's not working, it's giving me a 500 server error, it should redirrect to https when someone tries to visit the site, am I doing something wrong.

Sounds good, so I was going to call the data from the database, and check if the username and password are correct, register the username and password into sessions, and run them at the top of each page, without them initialized then the pages don't get viewed, I will set a decent max lifetime, but not rediculous. I am trying to learn about encoding and decoding I know mysql has encode, decode functions, but everything with php is irreversable, I need the features, for them to be able to retrieve lost passwords, so inretrievable methods are unacceptable what is this going to do, is this worth it, if so which one would be the key I create and use during decrypting Encryption [code]<?php     srand((double)microtime()*1000000 );     $td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CFB, '');     $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);     $ks = mcrypt_enc_get_key_size($td);     $key = substr(sha1('Your Secret Key Here'), 0, $ks);     mcrypt_generic_init($td, $key, $iv);     $ciphertext = mcrypt_generic($td, 'This is very important data');     mcrypt_generic_deinit($td);     mcrypt_module_close($td);     print $iv . "\n";     print trim($ciphertext) . "\n"; ?> [/code] Decryption [code]<?php     srand((double)microtime()*1000000 );     $td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CFB, '');     $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);     $ks = mcrypt_enc_get_key_size($td);     $key = substr(sha1('Your Secret Key Here'), 0, $ks);     mcrypt_generic_init($td, $key, $iv);     $ciphertext = mcrypt_generic($td, 'This is very important data');     mcrypt_generic_deinit($td);     mcrypt_generic_init($td, $key, $iv);     $plaintext = mdecrypt_generic($td, $ciphertext);     mcrypt_generic_deinit($td);     mcrypt_module_close($td);     print $iv . "\n";     print trim($ciphertext) . "\n";     print trim($plaintext) . "\n"; ?> [/code] I think these will be good, because I can use it with passwords, credit card numbers, session id's and everything. Also what about permanent ssl connection, routing it to where even when people type www.whatever.com or http://www.whatever.com into the browser, it redirects automatically to https://www.whatever.com are there downsides to ALWAYS using ssl, if not then why doesn't more people already use it this way, I have been confusing about that, I don't mean ssl for like 3 pages for some forms, but instead the entire website, will that decrease my chances of session hijacking?

Here are some things I was thinking, I wanted advice on. I am recently starting to do log in pages, I already know everything about how to do them, anyway, sessions, cookies, databases, whatever. What I want to find out, is my current idea was to use the database to pull the information and check it to make sure it's valid, registering them into session variables, and using that throughout the site, for authentification, what are the chances of a session hijacker, is it as big of a deal as some of the books made it out to be. If ebay for instance did it that way, would it get hacked all the time, or is it a good idea to never use sessions, just looking for a little insight before I start stepping into this.

[code]<a href="downloadhandler.php?redirect=dw/LDO150mA.pdf&email=<?=$_POST['email']?>" class="n" target="_blank">ASIC IP LDO 150mA</a> <br />[/code] [code]<?php if (!$_GET['redirect']=='dw') exit('bad link'); $page = $_GET['redirect']; $email = $_GET['email']; mail("businessman332211@hotmail.com", "Asic Ip Download Access", "Someone has access {$page} using {$email}"); header('Location: ' . $page); ?>[/code] I figured it out myself that time, I started thinking you can't pass a php variable straight into the middle of html somewhere, I tried doing this with <?php echo " "?> with it written out there, inside the link, but it didn't wor k it kept returning errors and making the screen go white, so I said screw it, and just did it this way.

[code]<a href="downloadhandler.php?redirect=dw/LDO150mA.pdf&email=$_POST['email']" class="n" target="_blank">ASIC IP LDO 150mA</a>[/code] That is my link [code]<?php if (!$_GET['redirect']) exit('bad link'); $page = $_GET['redirect']; $email = $_GET['email']; mail("businessman332211@hotmail.com", "Asic Ip Download Access", "Someone has access {$page} using {$email}"); header('Location: ' . $page); ?>[/code] this is my handler. There are 3 pages total someone clicks on thelogin page, it comes up with a page, that is seperate from all these, with a form they can register When they do, it takes them to download.php at the top of download.php it checks to make sure they came from the other page, then it emails all the registration information.  Then he wants for each and every link they click on it emails him again, with the pagename and the email address so it comes through post over to the download.php page then they click on the link and it takes them to the processor, does anyone see why this might not be working, I have tried every single idea I have ran across here and more, nothing is pulling my variable information through that link.

Doesn't anyone have advice onthis

[code]Someone has access dw/LDO150mA.pdf using $email[/code] That is my output in the email.

[quote]Someone has access dw/LDO150mA.pdf using $_POST[\'email\'][/quote] That is the output I am getting inside the email [code]<?php if (!$_GET['redirect']) exit('bad link'); $page = $_GET['redirect']; mail("businessman332211@hotmail.com", "Asic Ip Download Access", "Someone has access {$page} using {$email}"); header('Location: ' . $page); ?>[/code] That is exactly what I am using to process it, after I changed my line like you siad, but that output is all I get in teh email, this is the part that is confusing me.

Ok, I sitll don't understand why this isn't working, I saw some sample script and I tried this "downloadhandler.php?redirect=dw/LDO150mA.pdf" In here I had "downloadhandler.php?redirect=dw/LDO150mA.pdf&emailaddress=$_POST[emailaddress]" but nothing is working, it's still leaving my email blank, I was going to scrap this feature, but he said he needed it, he would call me in 30 minutes, I just need to figure this out, does anyone have advice on this.  I always try to use register globals off, but sometimes I am forced to because of yahoo, I try to deter my clients from using yahoo, they suck.

I am not saying your wrong, I am also not saying I am right.  All I am saying is so far, when I ahve worked on a server using register_globals on I have been able to still access my variables in the same way I access them when it is off, if it's not suppose to be that way, then maybe it has something to do with my server settings but I have done this on multiple servers, I have even done it on this website asic ip before, numerous times.  I can access them directly but I liked hte $_POST[''] and $_GET[''] maybe you can show video to prove me wrong, I am not saying you can't but it won't change the fact that when I have so far worked on different servers with it off, it still allows me to access them that way, if that is abnormal then only nobody knows why it allows me too.

Here. For a test run, go onto some sort of test server change register_globals on Then create a form [code]<form name="testform" action="page.php" method="post"> <input name="username" id="username" type="text" maxlength="80" /> <input name="password" id="password" type="text" maxlength="80" /> <input name="emailaddress" id="emailaddress" type="text" maxlength="80" /> <input name="submit" id="submit" type="submit" value="Submit" /> </form>[/code] In the form type in [quote] test123 thisisapassword youremailhere [/quote] In your script do this [code]<?php echo "$_POST['username']"; echo "$_POST['password']"; echo "$_POST['submit']"; ?>[/code] You will get the output [quote]test123 thisisapassword youremailhere[/quote] After that rewrite your form to do method="get" then redo your code to [code]<?php echo "$_GET['username']"; echo "$_GET['password']"; echo "$_GET['submit']"; ?>[/code] You will get the output in the browser [quote]test123 thisisapassword youremailhere[/quote] The reason I found this out, I was really into security when I first got started, but I realized some servers don't let me, so I came up with this, for when people do that If you do your registration $emailaddress = $_GET['emailaddress'] and so forth it sets them so someone can't use them against you, I do this everytime when I have to work with register globals on which I try to do whenever I can, also I tried that htaccess and it didn't work.  It won't let me upload it those filetypes are restricted/ with yahoo.

With register globals on, you can still access them with $_GET and $_POST, it's just not working on this situation for some reason, I always initialize my variables, everytime I work on a server that has register globals off, for instance, what he showed about the other thing, it works, even though it's get, $_GET is a safe way to do it, with or without register globals, $_GET can be used by both but straight accessing the variable can't so I use $_GET always to make sure it's compatible in both

I hate register_globals on, but my client is using yahoo, this wasn't my project, I picked up where another developer left off, and yahoo restricts ini access, I cused them out 2-3 times already for it.  I do however always call them with $_POST[''] and $_GET[''] anyway, but I like register globals off whenever I have a choice. Here is the gateway code leading to the links page. [code]<form name="gatewayform" action="download.php" method="post"> <label for="emailaddress">Email Address:</label> <input name="emailaddress" id="emailaddress" type="text" maxlength="80" /> <input name="submit" id="submit" type="submit" value="Gain Access!" /> </form>[/code] This sends the email address variable to the page with the links, here [code]<?php if ($_POST['emailaddress'] != "") { ?> <?php mail("businessman332211@hotmail.com", "Asic Ip Download Page Access", "Someone has accessed the download page on asic ip with the email address {$_POST[emailaddress]}"); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <link href="style.css" rel="stylesheet" type="text/css" /> <title>ASIC IP</title> </head> <body bgcolor="#9aa8c7" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0"> <script type="text/javascript"> <!-- if (parseInt(navigator.appVersion.substring(0,1))>=3) { // 3.0 or greater. ch1_on  = new Image();  ch1_off  = new Image(); ch2_on  = new Image();  ch2_off  = new Image(); ch3_on  = new Image();  ch3_off  = new Image(); ch4_on  = new Image();  ch4_off  = new Image(); ch5_on  = new Image();  ch5_off  = new Image(); ch6_on  = new Image();  ch6_off  = new Image(); ch7_on  = new Image();  ch7_off  = new Image(); ch8_on  = new Image();  ch8_off  = new Image(); ch1_on.src  = 'images/b_homeap.gif'; ch1_off.src  = 'images/b_home.gif'; ch2_on.src  = 'images/b_aboutap.gif'; ch2_off.src  = 'images/b_about.gif'; ch3_on.src  = 'images/b_infoap.gif'; ch3_off.src  = 'images/b_info.gif'; ch4_on.src  = 'images/b_downloadap.gif'; ch4_off.src  = 'images/b_download.gif'; ch5_on.src  = 'images/b_careerap.gif'; ch5_off.src  = 'images/b_career.gif'; ch6_on.src  = 'images/b_teamap.gif'; ch6_off.src  = 'images/b_team.gif'; ch7_on.src  = 'images/b_pressap.gif'; ch7_off.src  = 'images/b_press.gif'; ch8_on.src  = 'images/b_contactap.gif'; ch8_off.src  = 'images/b_contact.gif'; } function activate(image) {   if (parseInt(navigator.appVersion.substring(0,1))>=3) { // 3.0 or greater.       imagesrc = eval(image + '_on.src');       document[image].src = imagesrc;   } } function deactivate(image) {   if (parseInt(navigator.appVersion.substring(0,1))>=3) { // 3.0 or greater.       imagesrc = eval(image + "_off.src");       document[image].src = imagesrc;   } } --> </script> <center> <table border="0" cellpadding="0" cellspacing="0" width="100%"> <tr> <td align="right" valign="top">&nbsp;</td> <td align="center"><table border="0" cellpadding="0" cellspacing="0" bgcolor="#000000" width="700"> <tr> <td bgcolor="#9aa8c7"><? include("incs/top_menu.inc.php");  ?> <table border="0" cellpadding="0" cellspacing="0" width="700" bgcolor="#FFFFFF"> <tr> <td><table border="0" cellpadding="0" cellspacing="0" width="700"> <tr> <td width="6">&nbsp;</td> <td width="164" valign="top" bgcolor="#f1f1f1"><table  border="0" cellpadding="0" cellspacing="0"> <tr> <td width="6"></td> <td height="24"><font class="titlu2">Downloads : :</font> </td> </tr> </table> <img src="images/p.gif" width="164" height="1" border="0" /><br /> <table  border="0" cellpadding="0" cellspacing="0"> <tr> <td width="10" height="20"></td> <td><a href="downloadgateway.php" class="n">Downloads</a> </td> </tr> </table> <img src="images/p.gif" width="164" height="1" border="0" /><br /> <br /> </td> <td width="10">&nbsp;</td> <td width="510" valign="top"><img src="images/linie.gif" /><br /> <br /> &nbsp;&nbsp;<font class="titlu">Downloads</font> <br /> <br /> <img src="images/linie.gif" /><br /> <br /> <table  border="0" cellpadding="0" cellspacing="0"> <tr> <td valign="top"><img src="images/rosu.gif" border="0" /> &nbsp; <a href="dw/100mABoost.pdf" class="n" target="_blank">ASIC IP 100mA Boost</a> <br /> <br /> <img src="images/rosu.gif" border="0" /> &nbsp; <a href="downloadhandler.php?redirect=dw/Adair100b.pdf&$_GET[emailaddress]" class="n" target="_blank">ASIC IP Adair 100b</a> <br /> <br /> <img src="images/rosu.gif" border="0" /> &nbsp; <a href="dw/Adair80211andnetworktester.pdf" class="n" target="_blank">ASIC IP Adair 802.11 and network tester (UBT)</a> <br /> <br /> <img src="images/rosu.gif" border="0" /> &nbsp; <a href="dw/Adair900and2.4G.pdf" class="n" target="_blank">ASIC IP Adair 900 and 2.4G</a> <br /> <br /> <img src="images/rosu.gif" border="0" /> &nbsp; <a href="dw/AntennaModules.pdf" class="n" target="_blank">ASIC IP Antenna Modules</a> <br /> <br /> <img src="images/rosu.gif" border="0" /> &nbsp; <a href="dw/BandgapRef.pdf" class="n" target="_blank">ASIC IP Bandgap Ref</a> <br /> <br /> <img src="images/rosu.gif" border="0" /> &nbsp; <a href="dw/BoosPS0100.pdf" class="n" target="_blank">ASIC IP Boost PS0100</a> <br /> <br /> <img src="images/rosu.gif" border="0" /> &nbsp; <a href="dw/Controllerboard.pdf" class="n" target="_blank">ASIC IP Controller board</a> <br /> <br /> <img src="images/rosu.gif" border="0" /> &nbsp; <a href="dw/LDO150mA.pdf" class="n" target="_blank">ASIC IP LDO 150mA</a> <br /> <br /> <img src="images/rosu.gif" border="0" /> &nbsp; <a href="dw/LDO300mA.pdf" class="n" target="_blank">ASIC IP LDO 300mA</a> <br /> <br /> <img src="images/rosu.gif" border="0" /> &nbsp; <a href="dw/LDO50mA.pdf" class="n" target="_blank">ASIC IP LDO 50mA</a> <br /> <br /> <img src="images/rosu.gif" border="0" /> &nbsp; <a href="dw/R2400RadioModule.pdf" class="n" target="_blank">ASIC IP R2400 Radio Module</a> <br /> <br /> <img src="images/rosu.gif" border="0" /> &nbsp; <a href="dw/RFModules.pdf" class="n" target="_blank">ASIC IP RF Modules</a> <br /> <br /> <img src="images/rosu.gif" border="0" /> &nbsp; <a href="dw/LDO300mA.pdf" class="n" target="_blank">IP Intranet Supplier Station</a> <br /> <br /> <img src="images/rosu.gif" border="0" /> &nbsp; <a href="dw/LDO50mA.pdf" class="n" target="_blank">IP Provider Station</a> <br /> <br /> <img src="images/rosu.gif" border="0" /> &nbsp; <a href="dw/IPReuseStation.pdf" class="n" target="_blank">IP Reuse Station</a> <br /> <br /> <img src="images/rosu.gif" border="0" /> &nbsp; <a href="dw/IPSoCCollaborativePlatform.pdf" class="n" target="_blank">IP SoC Collaborative Platform</a> <br /> <br /></td> </tr> </table> <br /> <br /> <img src="images/linie.gif" /><br /> <table border="0" cellpadding="0" cellspacing="0"> <tr> <td><img src="images/sigla_jos.gif" /><br /></td> <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Trademarks/Copyright ©2006 ASIC IP. All Rights Reserved.</td> </tr> </table> <img src="images/linie.gif" /><br /> <br /> </td> <td width="10">&nbsp;</td> </tr> </table></td> </tr> </table></td> </tr> </table></td> <td align="left" valign="top">&nbsp;</td> <td></td></td> </tr> </table> </center> <!-- Start of StatCounter Code --> <script type="text/javascript" language="javascript"> var sc_project=1721944; var sc_invisible=1; var sc_partition=16; var sc_security="1e4db6ff"; </script> <script type="text/javascript" language="javascript" src="http://www.statcounter.com/counter/counter.js"></script><noscript><a href="http://www.statcounter.com/" target="_blank"><img  src="http://c17.statcounter.com/counter.php?sc_project=1721944&amp;java=0&amp;security=1e4db6ff&amp;invisible=1" alt="web statistics" border="0"></a> </noscript> <!-- End of StatCounter Code --> </body> </html> <?php }else { echo "The proper parameters are not in place for you to view this page<br />"; echo "You have to have registered your email address with the gateway page<br />"; echo "As well this script must be activated from the gateway page, and<br />"; echo "Not an external source<br />"; echo "Please go to www.asicip.com and click on the downloads page<br />"; echo "and add your Email address properly to gain access to this page.<br />"; echo "Either that or the domain name of your email address was a<br />"; echo "non-existent one<br />"; } ?>[/code] That wil email my client upon page access, then in each url I am settnig up that redirect page someone showed me on here, but I can't get it to pass the form variable, with the email I tried multiple ways, the other page that takes care of this is [code]<?php if (!$_GET['redirect']) exit('bad link'); $page = $_GET['redirect']; mail("businessman332211@hotmail.com", "Asic Ip Download Access", "Someone has access {$page} from {$_GET[emailaddress]}"); header('Location: ' . $page); ?>[/code] it works with the name of the site, but it's not passing my email at all.

as far as I know to build paypal systems, you have to have access to that users password, if someone was making a donation to someone's email address, you have to have there username and password for paypal, that is the way I have had to do it with 2 clients they werne't too happy about it, but I seemed to have had no choice.  www.moondancedesign.com that entire paypal system was set up, using paypal, they auto generate the stuff, but you have to have access to that person's paypal account, that is the only way I know to do it, if there is another way then it's probably better, but maybe that is something to think about.  In there paypal account you just go to help, and there is information about setting up a paypal shopping cart, or whatever else there.

I don't think I understand how this works. I know how to pass standard urls but for some reason it's not reading my variable, I have it coming from orm. The form is post, into this page, then this page sends it out to like this. I have a form that records the email address, it sends it off to the other page, via post.  If the email address exists, there you go, if not then it doesn't show hte page.  Then when they click on a link, it sends it to that page, and redirects them to the page, while sending the email, it'sn ot picking up my email address from that variable, I tried get, post, and a combination of the 2, but it's not working properly.

That's what the forums are for, for people to learn.  Thanks for all the help everything is clear now.

Then does anyone have any small example code, or a test example, of any possible situation where isset can be effectively used in programming without taking any risks?