Jump to content

Destramic

Members
  • Content Count

    954
  • Joined

  • Last visited

Everything posted by Destramic

  1. sorry i couldn't edit the message above here is the correct headers etc from my debug array [17] => Content-Type: multipart/related; boundary="60a7083d603d0f8a9d35a0776030d8e5" [18] => This is a multi-part message in MIME format. [19] => --60a7083d603d0f8a9d35a0776030d8e5 [20] => Content-Type: multipart/alternative; boundary="acabb8838a7d2b2a9ec0661d699c96bc" [21] => --acabb8838a7d2b2a9ec0661d699c96bc [22] => Content-Type: text/plain; charset="utf-8" [23] => Content-Transfer-Encoding: quoted-printable [24] => Content-Transfer-Encoding:
  2. hey guys i'm having problems with gmail showing inline images when sending a email from my server...for some strange reason it shows as an attachment, but works prefectly for hotmail. here is what i'm getting.. hotmail gmail i can't find nothing obvious about inline image problems with gmail so i wondered if any of you guys have come across this problem and what i could do to solve it. here is my headers and boundarys set for the email... Content-Type: multipart/related; boundary="e3b811c438657c9d0f9ae45330038d29" This is a multi-part message in MIME fo
  3. ok thank you i made the changes that you said could you elaborate on this a little please jacques? thank you for your help
  4. the reason i have the extra user_permissions table was so that i was able to give extra permissions out of the given role...but after thinking on what you said i deleted the table...in fact i'm going to role with all you suggestions. note i changed names on some tables to make more sense. here is how i'm getting my permissions SELECT p.permission FROM permissions p LEFT JOIN role_permission_mappings rpm ON rpm.permission_id = p.permission_id LEFT JOIN roles r ON r.role_id = rpm.role_id LEFT JOIN user_role_mappings urm ON urm.role_id = r.role_id AND urm.user_id = 3 and my roles SEL
  5. my main concern was knowing if the user is a client or employee...here is my database diagram i think im on the right track here...a user has a specific roles give to he/her but also able to give addition permissions out of the role. i'm able to detect if the user is a client by his/her role (ie. client)...and the same with an employess (ie. client_employee) and also linking the client user_id to the emplyee user account via the client_id in the users table regarding my concern of clients adding user accounts for employees, and giving that employee specific permissions, i was
  6. Could I get some help with this design please guys?
  7. i so over thought the whole process and the answer was right infront of me! ...sorry jacques. i can see clearly how this works now thank you for your time, patience and help
  8. ok i think i may have made some progress here after a lot of hard thinking and detemination... i read about mysql sha2() and had a little play about with it SELECT SHA2('abc', 256) > '936a185caaa266bb9cbe981e9e05cb78cd732b0b3280eb944412bb6f8f8f07af' i stored the hash into my hashed column and ran this: SELECT * FROM development.hash_test WHERE hashed = SHA2('abc', 256); which brings up the correct row....so i though if i create a hmac and save it in a row it should work also...but no i used the following and turned removed true on the raw parameter public function seal(st
  9. i'm finding it really hard to keep up as most of this is going over my head...although i think i've made some progress after some reading about...also the reason i base64 encode is so thats easy to store in db as a blob here is what i got as it stands, but i'm stuck now and i'm strugging to see how this is going to work. <?php class Encryption { private $private_key; public function __construct(string $private_key) { if (!extension_loaded('libsodium')) { throw new Exception('Encryption: PHP libsodium extension not loaded.'); }
  10. actually my example isn't going to work...email address is encrypted and placed inside the hmac but the seal will obviously be different everytime...so there would be no way for me to compare. i'm completely lost here
  11. i'd suggest displaying errors you should be using this code and put it at the top of you php while developing ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); what errors are you getting? ps. please use the code tags so your code is more visible
  12. now that is smart...i wish i thought of it i had a mess about with hmac over the weekend, as i've decided to use it with the users cookies...is what i made for hmac more than suitable? here is a working example <?php class Encryption { private $private_key; public function __construct(string $private_key) { if (!extension_loaded('libsodium')) { throw new Exception('Encryption: PHP libsodium extension not loaded.'); } $private_key = trim($private_key); if (!preg_match('/^[a-z\d+\/]{43}=$/i', $private_key))
  13. hey guys im currently using libsodium to encrypt users data which is stored in a database...my concern is when a user registers an account on my website, i want to check that the email provided is not already registered to another account, but the problem is that the email address stored in the database is encrypted...so how do i check? i have perviouslt been suggested to store the email as: a separate HMAC ECB mode no encryption as long as the e-mail addresses are kept away from the web frontend but even when using HMAC the email can easily be viewed, MySQL's ECB mode i've read so man
  14. use forward slashes insead of backslashes D:/xampp/htdocs/xampp/kicken/.dirindex.php you want to check file exists and that the file is readable if (!file_exists($path) && !is_readable($path)){ die('Cannot access '.$path); } you using is_dir() which is checking if the $path is a directory...which it isn't, so that is why you are seening an error message
  15. sorry jacques i didn't explain myself very well...yes the username will be used as the users identifier, but what i'm trying to get at here is that i don't really want people to create multiple account. this would be me checking for username availablity aswell as ensuring that the user isin't trying to register another account with the same email address...life would so much simpler if encryptions were cross compatiable i just don't see a simple way of checking this...
  16. i have no plans to go down the ECB mode route, or to use email address as a login credential either, why go half hearted with security but sorry jacques you've lost me a little here are we talking about all new registration beening put into a seperate table from the users? and a possible cron job running every hour or so doing a check? before actually creating a user and sending a activation token? thank you
  17. hey guys i'm currently creating role and permission for my users which looks like this: users ------------------------ user_id role_id ------------------------ user_permissions ------------------------ user_permission_id name ------------------------ user_roles ------------------------ user_role_id name ------------------------ user_role_permissions ------------------------ user_role_permission_id role_id permission_id ------------------------ a role can be created and permissions are added to that role, giviing user access to certian pages. the problem i face is that my website has
  18. benanamen has shown you perfectly what to do: try this <!DOCTYPE html> <html> <head> <title></title> </head> <body> <?php if ($_SERVER['REQUEST_METHOD'] == 'POST'){ echo 'well done you have submitted the form'; } else { ?> <form action="<?= $_SERVER['SCRIPT_NAME'] ?>" method="post"> <input type="text" name="name" /> <input type="submit" name="submit" value="submit"/> </form> <?php } ?> </body> </html>
  19. 1. its not a valid html document 2. why echo html when there is no need? <div> <form id = 'form1' action='#' method='post' > <select name='room' id='room'> <?php if(isset($displayed)) echo "<option selected>".$displayed."</option>"; $i = 0; while($i < count($rooms)) { $room = $rooms[$i]; if($room === $displayed)echo ""; else echo "<option value = ".$room." > ".$room." </option>"; $i++; } ?> </select> <noscript><input type='submit' value='Submit'></noscript> </form> </div> 3. i don't really understa
  20. i know this thread is answered now, but one thing did pop into my head which i have been meaning to ask. in the scenario that every email address is encrypted, how do you check that an email address isn't already registered with an account? the only method i can think of is to loop all the email address, where they are decrypted and compared...just seems a bit long winded and probably a bit heavy on cpu and memory, depending on user count (i will post a new thread if needed, sorry) thank you
  21. Guess I won't be using an email address as a login credential. Thank you for great explanations
  22. I'd try to use phpmailer instead of php's mail function. https://github.com/PHPMailer/PHPMailer Or why not allow the contact data to be inserted into a db table?...atleast that way you know your going to receive it
  23. I suppose you need to cover all angles...im just put off with the catcha for my site at the moment as I believe it could scare people away. I do like the invisible field method though. @requinix you mentioned wait until bots become problem...just wonder how I would know that bots were registering on my site? thank you
  24. Thank you for clearing that up...what confused me also in my thinking is that you see companies like Facebook, PayPal etc using email address as a username. Would you need to select all users, decrypt email address and compare to select row? Or would there be a simpler approach? thank you
  25. hey guys, i want to encrypt email address and passwords (after password_hash) but this then makes things very awkward when it comes to login...if your asking a user to put username/email address and he provides an email address (which is encyrpted in db)...how on earth do get user's row? the only answer i can think of is not to encrypt email address', but i'd say its sensitive data and needs to be just a little boggled with this, if someone can please shine some light. thank you.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.