toffler

Does this function use a second algorithm to encrypt the key? I'm trying to implement this function for sha512 in c++ using wincrypt, in that api the key itself is ecrypted using RC2 or RC4. Thank you!

as a general advice, yes. here it makes perfect sense though.

Hi, After reading some posts I came up with this code, I don't know much about security so I'll appreciate it if someone tells me it's a decent protection or not. The web site has a cms part with a login page and password protected pages inside and normal web pages which use session variables to save some personal display settings. Every normal (not password protected) page on the site starts with start_session(); Login page contains the following code: start_session(); login(); if(isset($_SESSION['logged']) && $_SESSION['logged']==='yes') { header('Location: 'a password protected page URL'); exit; } <form action="login.php" method="post"> <input type="hidden" name="form_name" value="login"> <input type="text" name="login"> <input type="password" name="password"> <input type="submit" value="Submit"> </form> Every password protected page starts with the following: start_session(); if(!isset($_SESSION['logged']) || $_SESSION['logged']!=='yes') { header('Location: 'login page URL'); exit; } ... Functions: function start_session() { ini_set('session.use_only_cookies', 1); if(isset($_GET['PHPSESSID'])) { // output error message exit ; } session_start(); // session expiration time: 30 min if(isset($_SESSION['expire']) && (date("U") - $_SESSION['expire'] > 60*30)) logout(); if(!isset($_SESSION['ini'])) { session_regenerate_id(true); $_SESSION['ini'] = 1; } $_SESSION['expire'] = date("U"); } function logout() { $_SESSION = array(); if (isset($_COOKIE[session_name()])) setcookie(session_name(), '', time() - 60*session_cache_expire() - 60, '/'); session_destroy(); } function login() { global $post, $get; // $post and $get arrays are created from $_GET and $_POST accordingly using mysql_real_escape_string() if(isset($post['form_name']) && $post['form_name']==='login' && isset($post['login']) && isset($post['password']) && $post['login']!='' && $post['password']!='') { $loginfo = get_data(); // get login and password from db where login = $post['login'] if(count($loginfo)>0) { $loginfo['password'] = decrypt($loginfo['password']); // the password stored in an encrypted form if($loginfo['password']===$post['password']) { $_SESSION['logged'] = 'yes'; } } } }

Thank you!

Yes, I read that one. But on the internet lots of people says something about php compiled codes and php bytecodes so I guess they present somewhere along that sequence I mentioned in the first post...

I don't know, that's why i'm asking somebody who knows the whole process...

Hi, Can anyone please clearify the difference between php opcode and php bytecode? Is it php text -> parsing -> tokens -> opcode -> php engine -> bytecode -> php engine interpretation -> machine code -> execution by hardware or is it (I guess) different? Thanks,