dlf1987

i got it to work by replacing the 2nd \b with a \s but then it removes the following whitespace... product and product.test to replace_with_meand product.test

im trying to preg_replace the word product in a string, but if i use something like .. $k = 'product'; $str = 'product and product.test' preg_replace("/\b$k\b/", 'replace_with_me', $str); it will replace product and product.test instead of just product.

Thanks for discussing this with me. I know i at least need to do something other than cookies since they can be logged on the server.

I dont have much knowledge in that area

i guess i could store the private key in a file on a local computer and create a local script that querys the webserver mysql db for the encrypted data and decrypts it locally, so that its not passed through cookies.

so let me ask this, everything else aside, whats a safer way of using the private key, than storing it in a cookie or is there?

Not true, we have multiple employees able to access the data this way, all employees have the private key. After making the openssl script, a couple days later i stumbled upon phpcreditcard.com. I bought it to see if they were doing the same thing i was, and they were, except that they used a desktop app that had the private key. But i didnt want employees to have to open the app and copy/paste the decrypted data when needed. So instead of using the app, i send the private key in a cookie so they can view the decrypted data directly on the website. --------------------------------- At this point im not really asking for help, im pretty happy with the way i got it, except that the private key is stored in employees browser cookie. But heres the code incase your interested. CREATES KEYS function create_keys() { $configargs = array( 'config' => 'C:/wamp/bin/php/php5.3.5/extras/openssl/openssl.cnf', 'digest_alg' => 'md5', 'private_key_bits' => 2048, 'private_key_type' => OPENSSL_KEYTYPE_RSA, 'encrypt_key' => true, ); $dn = array( "countryName" => "US", "stateOrProvinceName" => "STATE", "localityName" => "CITY", "organizationName" => "WEBSITE", "organizationalUnitName" => "WEBSITE", "commonName" => "WEBSITE", "emailAddress" => "EMAIL" ); $privkey = openssl_pkey_new($configargs); openssl_pkey_export($privkey, $pkeyout, "PASSWORD", $configargs); $pubkey=openssl_pkey_get_details($privkey); echo $pubkey["key"]."\n\n"; echo $pkeyout; } echo create_keys(); // Once i see the keys that have been output. I copy/paste the public key into a "public.pem" file. And copy/paste the private key in the local server file at our office. ENCRYPT WITH function encrypt_card($data) { $public = openssl_get_publickey('file://C:/inetpub/vhosts/mywebsite.com/httpdocs/includes/public.pem'); openssl_public_encrypt($data, $encrypted, $public, OPENSSL_PKCS1_PADDING); return base64_encode($encrypted); } DECRYPT WITH function decrypt_card($data, $private, $pass) { $data = base64_decode($data); $private = openssl_get_privatekey($private, $pass); openssl_private_decrypt($data, $decrypted, $private, OPENSSL_PKCS1_PADDING); return $decrypted; } echo decrypt_card($mysql_data['sensitive_info'], $_COOKIE['private_key'], $_COOKIE['private_pass']);

They cant decrypt the encrypted data in the mysql database. Because they dont have the private key to decrypt with. When i talk about openssl, im not talking about https. I used openssl to literally encrypt the data (just like using mcrypt) and the hacker would see gibberish instead of the original data. My original question wasnt very clear. Thats sort of what i did. Except i used the public key to encrypt the data and stored it in the mysql db. Employees will be the only ones able to decrypt the data because they have the private key. The reason why im using public/private keys to encrypt/decrypt data is because if a hacker was to gain full access to the web server, mcrypt is pretty worthless since the key would be stored on the webserver within the PHP code and they'd have everything they needed to decrypt the data.

ive used openssl to encrypt customers personal data. What ive done is, made a html file that is on our office server (not webserver) and is shortcut'd to employees desktops... <form method="post" action="https://www.mysite.com/admin/login.php"> <textarea name="private_key" cols="75" rows="20" style="display:none">{-----RSA PRIVATE KEY-----}</textarea> <input type="text" name="private_pass" value="****" style="display:none" /> <input type="submit" name="postBTN" value="mysite Login" style="font-size:20px;" /> </form> I have the employee open the file above and click the submit button, which posts the form data to the admin login page. The login page puts the post data in a cookie. The employee then enters their admin username and password. The html file isnt needed to login, but is needed to see customer personal data on certain pages of the admin section. If a employee tries to see customer data without using the above html file, theyll see "access denied" in place of the customers data. I didnt make this to keep out certain employees, i made it this way so that if someone outside the company got a hold of admin login info or if the webserver/mysql was hacked and the data stolen that they wouldnt have the private key, just the public. Seems to be working great right now. As far as i know the only way a hacker could decrypt the info would be to get the private key from our office and get the public key from the webserver. seems unlikely.

After hours of finally making a public and private key with openssl, im having trouble figuring out the best way to pull the private key from my local computer. I have the public key on the webserver and i have the private key on my local computer. I thought about just saving a bookmark on my computer like... https://mysite.com/admin/login.php?private={-----RSA PRIVATE KEY-----} and then have the page save the $_GET['private'] in a cookie. But that doesnt sound very safe. But whats the chances someone could break into my webserver and steal the public key... then break into my local computer and steal the private key from my cookies... Is there a better way to do it? PHP / 5.3.6 IIS7

I didnt know if there was a fancier/better way of doing it. Thanks, thats what ill do.

I built a address book for customers and i realize now im not sure the best way to allow the customer to edit/delete their addresses, but stopping them from pulling/editing other customers info. Even if i use post data only they could still view the page source and see the address ID being posted to the next page and change it, to see or edit someone elses data... Should i encrypt the ID? Is that even good enough? Im using PHP/MYSQL

i figured it out.. I didnt realize that i had to set the tables charset individually as well.

When i insert or update a mysql query field with a ° or ° in it, it saves as either a ? or � It shows the ° correctly in the database but outputs as a ? or � on the page. My database is charset: UTF-8 and my html doc is UTF-8 Not sure if its a php, mysql, or html issue... Thanks

i do, but id prefer storing the error page :/

I went in plesk and told it where my custom 404 page that looks like the rest of my site is. Works fine. On my 404 page i have a mysql insert that records data about the 404 page. But im having trouble finding the exact pages that are causing the 404's, ive tried using $_SERVER['HTTP_REFERER'], but that doesn't give me the correct page, ive tried getting the url of the 404 page, but that doesnt tell me what url caused the 404 error. thanks

I went in plesk and told it where my custom 404 page that looks like the rest of my site is. Works fine. On my 404 page i have a mysql insert that records data about the 404 page. But im having trouble finding the exact pages that are causing the 404's, ive tried using $_SERVER['HTTP_REFERER'], but that doesn't give me the correct page, ive tried getting the url of the 404 page, but that doesnt tell me what url caused the 404 error. thanks

but that would also make the new cart cookies only last one day as well. I just want to clear returning visitors cookies.

I'm releasing an updated shopping cart on my website and customers with older cart cookies will have some problems. Their cookies are set to expire 30 days after the cookie is created. So how can i force the cookies to expire that were created, lets say yesterday, without making the new customers cart cookies expire. I'm sure its simple, just cant figure it out :'(

i have a custom "page not found" error page which i assigned through plesk and right now i have a mysql insert record the HTTP_REFERER. But a lot of the time it doesnt record the HTTP_REFERER. Is there a better way to find out what url they visited that lead to "page not found"?

thanks guys.. didn't even think to use it explode twice

right now im using $cart2 = "100~Product1~2500~2,200~Product2~2900~1"; comma is the seperator $arr = explode(",", $cart2); reset($arr); foreach($arr as $line){ list($A, $B, $C, $D) = split('~', $line); echo $A; echo "<br>"; } the above seems to work fine.. but its giving me this error "Deprecated: Function split() is deprecated" Apparently "split" is removed as of PHP 6.0.0 according to php.net instead of hiding the error i would like to know if theres a better way to write the code for what im trying to do? Thanks

$_SESSION['CART'][***UNIQUEID***]['ITEMS'][] = array( 'pro_id' => $pro_id, 'pro_name' => $pro_name ); This code i previously put was the right way of doing it... and it was very simple. Guess i overlooked something...

I'm pretty sure what im asking is pretty simple. I even gave an example asking if my example was the way to go about making the carts unique. Im pretty sure your blowing this way out of proportion. You obviously haven't even read my post and i would appreciate it if you wouldn't post anymore on this thread. Im trying to be nice here. If the 2nd part of my code i wrote is possible, how do i make a "IF" that checks for the unqiue cart and only pulls that cart to the page?

I assume what I'm asking must be possible. I need it to work not just for multiple carts but to prevent other user errors which i don't need to talk about.