Search the Community

Hi, I have a login/register system based on this tutorial: http://pt.wikihow.com/Criar-um-Script-de-Login-Seguro-em-PHP-e-MySQL In my localhost everything works fine. When I uploaded it to godaddy servers, I can register the new user but I cannot login into the users' pages. It looks like password or salt does not match, or after compare login data, it´s telling me the message: You don´t have permission to see this page, please login. Do you have any idea of what might be? Godaddy support told me they cannot help. They just fix their own services. Thanks in advance.

I've been struggling around about learning how HOTP (counter-based HOTP codes for Android Google Authenication ). I've found this code, which has the ability to share a secret key between the server and client ( Mobile APP ). <?php function oath_hotp($key,$counter) { // Convert to padded binary string $data = pack ('C*', $counter); $data = str_pad($data,8,chr(0),STR_PAD_LEFT); // HMAC return hash_hmac('sha1',$data,$key); } function oath_truncate($hash, $length = 6) { // Convert to dec foreach(str_split($hash,2) as $hex) { $hmac_result[]=hexdec($hex); } // Find offset $offset = $hmac_result[19] & 0xf; // Algorithm from RFC return ( (($hmac_result[$offset+0] & 0x7f) << 24 ) | (($hmac_result[$offset+1] & 0xff) << 16 ) | (($hmac_result[$offset+2] & 0xff) << 8 ) | ($hmac_result[$offset+3] & 0xff) ) % pow(10,$length); } print "<pre>"; print "Compare results with:"; print " http://tools.ietf.org/html/draft-mraihi-oath-hmac-otp-04\n"; print "Count\tHash\t\t\t\t\t\tPin\n"; for($i=0;$i<10;$i++){ print $i."\t".($a=oath_hotp("mysecretvalue",$i)); print "\t".oath_truncate($a)."\n"; } ?> This Output the following - Compare results with: http://tools.ietf.org/html/draft-mraihi-oath-hmac-otp-04 Count Hash Pin 0 f25e6c58cc7a2dfedae7eb48a1bff891aa0c0189 472801 1 b52adf13022511f08740566fb44c0b267d7c2604 983856 2 3c693c66f6e04178943dc9badc0dd41318dbc7f7 981065 3 1225cf508043a59fe2e39e335ff5f3e5795131ba 683381 4 21a9756e8de58df5e10c9292e0147823ba03539b 675192 5 7339c3496cebdaf3a035eaba888f61d8c19d8cf9 575624 6 c7c03ce2174f144a329664d35cc90e70a3686596 406934 7 431a75f26b9950f0206911667f3a2ed7fdfc43c7 172241 8 81e05a2d9e060a25f515b1e53170dce4daad5cc7 818865 9 ff2068918dc53db45a0c338d8de99419cf3cb571 723917 Now my problem is that I can not manage for above code to work properly on both Client and Server side. I've used the same Secret key print $i."\t".($a=oath_hotp("mysecretvalue",$i)); The output is completely different. Please note this is counter based which means there is no time sync like TOTP. I've doubled check my secret code on my android phone and server side. What could be wrong? Please note I'm not really familiar with PHP security. So if the above does not work with Google's Authentication please provide me with a place to start with. Thank You

Hi, recently I've created a login form and I've used the salt method (which I've not really used before) and everything is working great apart from the login. Basically what happens is I can login with any password. So if my password was 'hello1234' and I put 'fndsjnmfosd' it would state that as correct; try it yourself at www.harvy.info Sign up and then try to login, you'll see that you can enter any password and it'll see that as correct. Thanks. Login proccess (What happens when you try to login) <?php include 'dbConfig.php'; include 'functions.php'; sec_session_start(); if(isset($_POST['email'], $_POST['p'])) { $email = $_POST['email']; $password = $_POST['p']; if(login($email, $password, $mysqli) == true) { header('Location: member.php?id='); } else { header('Location: login.php?error=1'); } } else { echo 'Invalid Request'; } ?>

<?php // $goto = $_GET['goto'] ; session_start() ; $useremail = $_POST['emailfield'] ; $passwording = $_POST['pwfield'] ; $salt = "@cmiplpnp##" ; $iterations = 4; $hash = crypt($passwording,$salt); for ($i = 0; $i < $iterations; ++$i) { $hash = crypt($hash . $passwording,$salt); } echo $passwording ; echo '<br>' ; echo $hash ; echo '<br>' ; require ('sqliauth2.php') ; /* create a prepared statement */ if ($stmt = $mysqli->prepare("SELECT * FROM userregistry WHERE email= ? AND password11=? ")) ; { /* bind parameters for markers */ $stmt->bind_param("ss",$email, $hash); /* execute query */ $stmt->execute(); /* bind result variables */ $stmt->bind_result($email,$hash); $stmt->fetch(); $row_cnt = $result->num_rows ; /* close statement */ $stmt->close(); } /* close connection */ $mysqli->close(); echo $row_cnt ; ?> ERRORS :::: Warning: mysqli_stmt::bind_result(): Number of bind variables doesn't match number of fields in prepared statement in D:\xampp\htdocs\bullet2\sqlilogincheck.phpon line 39 Notice: Undefined variable: result in D:\xampp\htdocs\bullet2\sqlilogincheck.php on line 41 Notice: Trying to get property of non-object in D:\xampp\htdocs\bullet2\sqlilogincheck.php on line 41 Trying to understand why, but no clue HELP !!!