Search the Community

hi, im trying to create a website and only now started thinking about the security part(noob mistake). say for example i have home.php page and an index.php page. index.php is where users would sign up/log in. the login and sign up processes are all done but i was thinking of creating a unique id of some sort for when the user logs in. or something like this site (forum.phpfreaks) when we sign in, you are signed but the url stays the same = forums.phpfreaks.com. like if we were signed out we will be permanantly signed out and typing in forums.phpfreaks.com would just land us at the main page where we need to sign in. right now ,my home.php can be accessed with or without logging in even with sessions. hope im making sense, thanks in advanced! **haha that rhymed. i tried adding: <?php echo $_SERVER[php_SELF] . '?name=' . $userData['name'];?> in the index.php: <?php ob_start(); session_start(); if(isset($_POST['login'])) { $email = $_POST['email']; $password = $_POST['pass']; require "connection.php"; $emails = mysqli_real_escape_string($con, $email); $query = "SELECT id, name, email, password, salt FROM users WHERE email = '$emails';"; $result = mysqli_query($con, $query); if(mysqli_num_rows($result) == 0) // User not found. So, redirect to login_form again. { echo "<script>alert(\"User does not exist!\")</script>"; } $userData = mysqli_fetch_array($result, MYSQLI_ASSOC); $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) ); if($hash != $userData['password']) { echo "<script>alert(\"Incorrect Password!\")</script>"; }else{ session_regenerate_id(); $_SESSION['sess_user_id'] = $userData['id']; $_SESSION['sess_name'] = $userData['name']; session_write_close(); header('Location: home.php?user='); } } ob_flush(); ?> <!DOCTYPE html> <form name="login" method="post" action="<?php echo $_SERVER[PHP_SELF] . '?name=' . $userData['name'];?>"> but i got access forbidden!

Hi, I have a list of products in CSV format, but I need to following to take place: I need PHP to read CSV file and compare it with a previous CSV file For product additions, generate a new CSV file with just new items called "Additions.CSV" For product deletions, generate a new CSV file with just deleted products called "Deleted.CSV" Any guidance would be appreciated. Thanks!

For instance, say I have a metas.php file. It includes the meta tags for 20 other pages in the website. What is the best way to generate relevant meta tags from metas.php and into 20 individual pages?

Hi All! I'm working on a PHP contact form with a drop down for the year. Right now the drop down is in HTML, but I'd like to change it to be automatically generated starting with the current year and go for the next, say, 4 years. This is what I have at the moment: <select name="year" id="contact-year" tabindex="7"> <option value="{$this->year}">{$this->year}</option> <option value="2010">2010</option> <option value="2011">2011</option> <option value="2012">2012</option> <option value="2013">2013</option> <option value="2014">2014</option> <option value="2015">2015</option> <option value="2016">2016</option> </select> If I can make it so that we (my company) don't have to go in every few years to add more, that'd be ideal. I'm not a developer by any means, nor do I know anything about PHP, so I'm just editing something that I inherited. Thanks for your help in advance!

As a part of a project I'm working on, I just updated an old function of mine. Seeing as a lot of people still keep using time-based[1] techniques for generating password, I thought I should share this one with you all. Hopefully someone will find it useful. /** * Generates and returns a random password, of a random length between min and max. * * Hard limits are minimum 10 chars and maximum 72. * * @author Christian Fagerheim (Fagerheim Software) * @link www.fagsoft.no * @license Creative Commons Attribution-ShareAlike 3.0. http://creativecommons.org/licenses/by-sa/3.0/. * * @param int[optional] $minLen = 10 * @param int[optional] $maxLen = 14 * @return string */ function generatePassword ($minLen = 10, $maxLen = 14) { if ($minLen < 10) { $minLen = 10; } // Discard everything above 72 characters for the password (bcrypt limitation). if ($maxLen > 72) { $maxLen = 72; } $numChars = mt_rand ($minLen, $maxLen); // Create an secure random password, and cut it down to length. $password = base64_encode (mcrypt_create_iv (256, MCRYPT_DEV_URANDOM)); $password = substr ($password, 0, $numChars); // Define the replacements sets and values for strtr (). $find = "10lIO"; $replace = "_-*!?"; // Replace the similar-looking characters with special characters. $password = strtr ($password, $find, $replace); // Save the hashed password in the object, and return it to calling method. return $password; } A copy can be found here: http://pastebin.com/se0YfEx1 [1]Time-based techniques are bad because they are very easy to predict, meaning that an attacked can quite easily guess the generated value as long as he knows the time of a request. Something which completely invalidates the point of having it be random in the first place.

Hello, I am working on a personal project which is to generate a set of unique codes and store them in a database. The concept of the project is for me to be able to determine the numbers of codes I want to generate and insert each of them into the database. I have been able to come up with something with the help of a tutorial which is working but not inputting into database and it allows one generation at a time. Please see my code below $username = "root"; $password = "password"; $hostname = "localhost"; $database = "gencode"; $dbhandle = mysql_connect($hostname, $username, $password) or die("Unable to connect to MySQL"); $selected = mysql_select_db($database,$dbhandle) or die("Could not select $database"); $unique_ref_length = 11; $unique_ref_found = false; $possible_chars = "23456789ABCDFGHJKLMNPQRSTWXYZ"; while (!$unique_ref_found) { $unique_ref = ""; $i = 0; while ($i < $unique_ref_length) { $char = substr($possible_chars, mt_rand(0, strlen($possible_chars)-1), 1); $unique_ref .= $char; $i++; } $query = "SELECT `order_ref_no` FROM `orders` WHERE `order_ref_no`='".$unique_ref."'"; $result = mysql_query($query) or die(mysql_error().' '.$query); if (mysql_num_rows($result)==0) { $unique_ref_found = true; } } echo 'Our unique reference number is: '.$unique_ref; Your assistance will be greatly appreciated.

Thank you for taking the time to help me. I am trying to generate a string of sixteen characters that can look like 0000000000000000 to 9999999999999999 and set it as the global variable of $User_ID Here is the part of the code I am having trouble with: function genRandomString() { global $User_ID; $length = 16; $characters = "0123456789"; for ($p = 0; $p < $length; $p++) { $User_ID .= $characters[mt_rand(0, strlen($characters))]; } } Here is my whole code: <?php $con = mysql_connect("localhost","******","******"); if (!$con){ die('Could not connect: . mysql_error()'); } mysql_select_db("******", $con); echo "Connected to: " . $con; $eMail="$_POST[eMail]";$User_ID=""; echo "<br>My eMail: " . $eMail; $eMailResult = mysql_query("SELECT * FROM eMail WHERE eMail='$eMail'"); if (mysql_num_rows($eMailResult) == 0){ echo "<br>eMail is Unique"; } else { echo "eMail is NOT Unique<br>";} function genRandomString() { global $User_ID; $length = 16; $characters = "0123456789"; for ($p = 0; $p < $length; $p++) { $User_ID .= $characters[mt_rand(0, strlen($characters))]; } } echo "<br>User ID: " . $User_ID; mysql_close($con); ?>