Digitry Designs
Members-
Posts
42 -
Joined
-
Last visited
Never
Profile Information
-
Gender
Not Telling
Digitry Designs's Achievements
Member (2/5)
0
Reputation
-
using md5 for database communication
Digitry Designs replied to Digitry Designs's topic in PHP Coding Help
No as it's one of the requirements for a hash-function. How do you MD5 these password's? Like: WHERE password = md5('$password'); Then your website is in danger as hacker's can use rainbow table's to retrieve a value that will match the MD5 stored in your database and it's best to use salt's like: WHERE password = md5( concat( password_salt, md5( '$password' ) ) ) The hacker now isn't able to use a rainbow table as the retrieved value wouldn't be correct. Thank you for your concern. I am not sure that it being required as a hash function answered my question or that maybe i did not understand it. Also I am a bit new with login scripting and so forth but here is what I have. <?php (((((my sql connect info)))))) function cleanString($string){ htmlentities(mysql_real_escape_string($string)); return $string; } if(!$_SESSION['username'] || !$_SESSION['password']){ $loggedIn = False; } else { $loggedIn = True; } <<<<<<<<this splits what is 2 files. Above is the session handler file, and the below is the login processing file.>>>>>>>>>> <there is an include_function here to include the above file> $username = cleanString($_POST['username']); $password = md5($_POST['password']); //If the fields are empty you must go back and fill them out if(empty($username) || empty($password)){ echo 'You must enter a username and password!'; } //lets compare the username to others in the database for a match else{ $sql = mysql_query("SELECT * FROM users WHERE username='$username'"); if(mysql_num_rows($sql) < 1){ echo 'That username does not exist.'; } //if we do have a username match, now we can compare the username password to see if it is a match as well else{ $sql2 = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); if(mysql_num_rows($sql2) < 1){ echo 'Your password is incorrect.'; } //since everything worked out, lets log the user in else{ $_SESSION['username'] = $username; $_SESSION['password'] = $password; echo '<meta HTTP-EQUIV="REFRESH" content="0; url=mail.php">'; } } } ?> how do I make it more secure and how do I make it so i can log in? every time i try it says i put in the wrong password. Any ideas? Thank you for your help. -
Hello and thank you for reading. I am using the md5 statement to send passwords to the database and verifying and what not. I have used this same code in the past and I am simply migrating it to another database and site. So my question is, Does collation matter if I am using the md5 statement? Thank you in advance
-
how do I add mysql_error() to my code
Digitry Designs replied to Digitry Designs's topic in PHP Coding Help
Wow, Thank you so much JAY. that worked and helped alot!! I really appreciate the help! By the way, I have been looking, How do I mark this post resolved? -
how do I add mysql_error() to my code
Digitry Designs replied to Digitry Designs's topic in PHP Coding Help
That would imply that you change the "or die" statement so that it also contains a mysqli_error(). You have two "or die()" statements. Which one are you receiving the output from, that you need to troubleshoot? ok, I got it fixed. I is the query statement, not the connect statement. Well not fixed, I got the error. The error is: MYSQL ERROR: Duplicate entry '0' for key 'PRIMARY' How do I ascend the id number? -
how do I add mysql_error() to my code
Digitry Designs replied to Digitry Designs's topic in PHP Coding Help
Ok, so where would I put it exactly? If I put it in between the query and the or die statement, I get syntax error. If I put it after the or die statement, it doesnt run because the code stops at or die and parses the custom error? -
how do I add mysql_error() to my code
Digitry Designs replied to Digitry Designs's topic in PHP Coding Help
Thank you JAY. Unfortunately it does nothing more then parse what is already there before I add the mysqli_error($dbc) it just says MySQL Error: We are sorry, your email could not be sent at this time. Please try again in a few minutes Any ideas? -
hello and thank you again for reading. Here is my problem. I am trying to connect to the database and post information from a form. It doesnt seem to be working. I have logged into my db and verified db name and table name is correct. I have verified the password is correct. Another person here suggested to add "mysql_error()" to the "or die" statement. how do I do this. I guess what I am asking is what would it look like? I googled the issue and came up with one solution that shows the mysql_error statement to go immediately after the table insert statement like this: $query = "INSERT INTO mail (name, organization, phone, email, description) " . "VALUES ('$name', '$organization', '$phone', '$email', '$description')"; echo "MySQL Error:" . mysqli_error(); I am afraid this is incorrect because I get this: Warning: mysqli_error() expects exactly 1 parameter, 0 given in C:\xampp\htdocs\digitrydesigns\templates\pro\include\process_mail.php on line 14 MySQL Error:We are sorry, your email could not be sent at this time. Please try again in a few minutes This is the entire code: <?php $name = $_POST['name']; $organization = $_POST['organization']; $phone = $_POST['phone']; $email = $_POST['email']; $description = $_POST['description']; $dbc = mysqli_connect('localhost', 'root', 'nuv1420', 'digitry') or die('We are sorry, due to extensive server overload we were unable to process your mail.'); $query = "INSERT INTO mail (name, organization, phone, email, description) " . "VALUES ('$name', '$organization', '$phone', '$email', '$description')"; echo "MySQL Error:" . mysqli_error(); $result = mysqli_query($dbc,$query) or die('We are sorry, your email could not be sent at this time. Please try again in a few minutes'); mysqli_close($dbc); echo '<meta HTTP-EQUIV="REFRESH" content="0; url=../admin/digitrycms_panel.php">'; ?> Can someone please help me out. I really appreciate it in advance. Thank you.
-
Ok so I am trying to send information from a form to a data base. I keeps giving me an error, to be specific, the error for querying the database. Any suggestions? Thank you in advance. <?php $name = $_POST['name']; $organization = $_POST['organization']; $phone = $_POST['phone']; $email = $_POST['email']; $description = $_POST['description']; $dbc = mysqli_connect('localhost', 'root', 'password', 'my_database') or die('We are sorry, due to extensive server overload we were unable to process your mail.'); $query = "INSERT INTO mail (name, organization, phone, email, description) " . "VALUES ('$name', '$organization', '$phone', '$email', '$description')"; $result = mysqli_query($dbc,$query) or die('We are sorry, your email could not be sent at this time. Please try again in a few minutes'); mysqli_close($dbc); echo '<meta HTTP-EQUIV="REFRESH" content="0; url=../admin/digitrycms_panel.php">'; ?>
-
Thank you for your help, I ended up have to simply move the .swf file into the root folder. I changed several areas where the url may have been indicated but no luck. Thank you again. I will just call this one not resolved but fixed enough.
-
Hello and thank you for reading. Simply put, I am building my site and I currently have one page that "include_once();" several pages that hold the divs. ie <html> <head> <title></title> here are all my <link rel css/text href=template/css/main.css> <link rel css/text href=template/css/flash.css> and so on </head> <body> <?php include_once('header.php'); include_once('menu.php'); include_once('content.php'); include_once('login.php'); include_once('sidebar.php'); include_once('footer.php'); </body> <html> sorry for the crudness in code but i think you get my point. Now I want to click on a link from the menu and say only the content.php and sidebar.php would change without forcing the user to reload the page on every click of a link. Any ideas? Thank you in advance.
-
ok, so I fixed the double tag issuse and now I am getting the bgcolor of the <object> to show, but still no .swf file is being played. I change what I think is the url to flash/main.swf and ../flash/main.swf and just main.swf but still nothing but a bgcolor is displayed. the url where I changed it is in the embed src="flash/main.swf" ... correct? I really dont know what else to do.