Search the Community

I am using this https://github.com/ircmaxell/password_compat I have no problem using it on a local server. But as soon as I test it on a live server, it gives me an error like this. Parse error: syntax error, unexpected '{' in /home/public_html/sub/snippets/password.php on line 19 The error is on the same line as the beginning of the code in that library. Why is this happening?

Unfortunately my ideas out pace my skills. I have a database that I would like certain people to access their own info, but nobody else's. It's not super sensitive info and won't mean much to anyone other than the end user but we don't like the idea of others accessing it so we'd like to put some protection on it. What I was hoping for is a dropdown list (there's about 30 or so clients that would be in a mysql table) where they can pick out their name, then text box for the password. When they hit submit button it would lead them to their own page with a table and their own info from a mysql table. I can get each one of these details to work separately, but I'm having trouble putting them all together (the password is where things get muddled). Can anyone point me to a place where they've already figured this out? Thanks!

Hello! I am very new to coding, and need some help in getting javascript to verify whether a password has upper- and lowercase letters, and a number. I've already written a part where it checks if the password matches the second time you write it, but for the life of me I can't get the other shit to work. Here is what I have in the scripting department so far: { var password1 = document.getElementById('password1'); var password2 = document.getElementById('password2'); var message = document.getElementById('confirmMessage'); var goodColor = "#66cc66"; var badColor = "#ff6666"; if(password1.value == password2.value){ password2.style.backgroundColor = goodColor; message.style.color = goodColor; message.innerHTML = "Passwords Match!" }else{ password2.style.backgroundColor = badColor; message.style.color = badColor; message.innerHTML = "Passwords Do Not Match!" }

i want seperate error messages for username and password ..but in below code i am not getting ..can anybody check this and make changes ...thanks <html> <head> </head> <body> <form action='login.php' method='post'> User name:<input type='text' name='name'/> Password:<input type='password' name='pwd'/> <input type='submit' name='submit' value='Submit'/> </form> <?php session_start(); if(isset($_POST['submit'])) { mysql_connect('localhost','root','saibaba92@'); mysql_select_db('new'); $name=$_POST['name']; $pwd=$_POST['pwd']; if($name != '' && $pwd != '') { $query=mysql_query("select * from login1 where Name='$name' AND password='$pwd'"); $sql=mysql_fetch_array($query); if(($sql['Name']==$name)&&($sql['password']==$pwd)) { $_SESSION['name']=$name; header("Location:welcome.php"); } else if(($sql['password']==$pwd)&&($sql['Name']!=$name)) { echo 'username is incorrect'; } else{ echo 'password is incorrect'; } } else { echo'Enter both username and password'; } } ?> </body> </html>

I think the title is very clear but i have a site that has 2 user databases, one for web mail (Round cube) and one for a directory of content that the user has to be authenticated for. I was wondering if i should throw the password in $_SESSION and authenticate web mail if the user is logged in? Obviously i should not send that password back to the client if it be encrypted or not but i would inject the username and password into the web mail authentication handler as if the user had already filled in the form. Due to certain circumstances i am unable to merge the user databases. If there are any other possibilities do recommend them instead.

Hi guys I would like to get whole content of html file after I submitted a password. The problem is that the my code doesn't access the value for the file. I tried to create a session but i doesn't work. What other option do I have to get the content of the html file? session_start(); $selected_file = $_POST['radio1']; // get the filename of the file $fileinfo = pathinfo($selected_file); $filename = $fileinfo['dirname'] . DIRECTORY_SEPARATOR . $fileinfo['filename']; $password = 'code'; $lines = file("$filename.html"); $_SESSION['selectedfile'] = $selected_file; $_SESSION['file'] = $filename; $_SESSION['Scipt'] = ("$filename.html"); $_SESSION['Scipttext'] = $lines; $_SESSION['file2'] = $fileinfo; if (isset($_POST['submitradio'])) { echo '<div class="imageselected">'; echo '<img src="'.$_SESSION['selectedfile'].'" /></br>'.PHP_EOL; echo '</div>'; // check to see if a html file named the same also exists if(file_exists($_SESSION['Scipt'])) { echo "<form action='test_result.php' method='post'>"; echo '<div class="Password">'; echo 'Type in password to view full Script'; echo "<label><div class=\"Input\"><input type='password' name='passIT' value='passit'/></div>"; echo "<input type='submit' name='submitPasswordIT' value='Submit Password'/></div>"; echo '</div>'; echo "$filename.html shares the same name as $selected_file"; for($x = 1;$x<=15;$x++) { header( "Content-Type: file/html" ); $lines = ($_SESSION['Scipttext']); $new = strip_tags($lines); echo $lines[rand(0, count($lines)-1)]."<br>"; } // end of forloop } // end of check // start Sorrytext else { echo '<div class="NoScript">'; echo "Nothing available at the moment."; echo '</div>'; } // end Sorrytext } // End of submitradio if($_POST['submitPasswordIT']){ if ($_POST['passIT']== $password ){ echo "You entered correct password"; readfile($_SESSION['Scipt']); } else{ echo "You entered wrong password"; } } echo '</form>'; I would be grateful for help.

Hey, nooby here I am looking for a PHP solution for password protect pages. I have successfully implemented this code which check a user name and password to grant access. The problem is that each user needs a different (password protected) page. What I would like to do is take it a step further and have each user directed to a specific page. visitor1 => www.mysite.com/visitor1.com visitor2 => www.mysite.com/visitor2.com Since I am not going to have anymore than three users I don't want the complication of a database and keep everything PHP. Any idea please? Cheers, This is the login page: <?php $LOGIN_INFORMATION = array( 'visitor1' => 'password1', 'visitor2' => 'password2' ); define('USE_USERNAME', true); define('LOGOUT_URL', 'http://www.mysite.com/logout.php'); define('TIMEOUT_MINUTES', 0); define('TIMEOUT_CHECK_ACTIVITY', true); if(isset($_GET['help'])) { die('Include following code into every page you would like to protect, at the very beginning (first line):<br><?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?>'); } $timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60); if(isset($_GET['logout'])) { setcookie("verify", '', $timeout, '/'); // clear password; header('Location: ' . LOGOUT_URL); exit(); } if(!function_exists('showLoginPasswordProtect')) { function showLoginPasswordProtect($error_msg) { ?> <!DOCTYPE HTML> <html> <head> </head> <body class="loading"> <div style="width:500px; margin-left:auto; margin-right:auto; text-align:center"> <form method="post"> <p>Please enter password</p><br /> <font color="red"><?php echo $error_msg; ?></font><br /> <?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?> <input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" /> </form> </div> </body> </html> <?php die(); } } if (isset($_POST['access_password'])) { $login = isset($_POST['access_login']) ? $_POST['access_login'] : ''; $pass = $_POST['access_password']; if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION) || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) ) { showLoginPasswordProtect("Incorrect password."); } else { setcookie("verify", md5($login.'%'.$pass), $timeout, '/'); unset($_POST['access_login']); unset($_POST['access_password']); unset($_POST['Submit']); } } else { if (!isset($_COOKIE['verify'])) { showLoginPasswordProtect(""); } $found = false; foreach($LOGIN_INFORMATION as $key=>$val) { $lp = (USE_USERNAME ? $key : '') .'%'.$val; if ($_COOKIE['verify'] == md5($lp)) { $found = true; // prolong timeout if (TIMEOUT_CHECK_ACTIVITY) { setcookie("verify", md5($lp), $timeout, '/'); } break; } } if (!$found) { showLoginPasswordProtect(""); } } ?> And here is the code I used at the top of each protected page: <?php include("/home/user/public_html/clients/login.php"); ?>[/code]

I have a basic username/password form that uses AJAX to login: Submit the two values in an AJAX request If the values are correct, sets session variable for the user and returns success Client receives success and redirects to the start page. All of this is basic stuff, works fine. But now some customers say they want the form to remember passwords. I've done some basic work: Added FORM tags around these input fields. Returns false Gave the input fields NAME attributes This seems to make Firefox prompt to remember the password. But I'm having no luck with Chrome, IE, or Safari. I've googled extensively and there are basically two or three solutions, but I can't get anything to work on these other browsers. It's getting to be quite frustrating. I'm thinking of abandoning this AJAX form and just going to crappy old POST. What are you using for AJAX login pages? Are passwords remembered by the browser? How are you doing it?

I am trying to create a forget password option. For some reason, it's not working. Please check the code below to see what is wrong with it. if(isset($_POST['submit'])) { if(!empty($_POST['email'])) { $email = escape($_POST['email']); $getData = DB::getInstance()->query("SELECT * FROM users WHERE email = {$email}"); if($getData->count()) { foreach($getData->results() as $row) { $username = escape($row->username); $full_name = escape($row->full_name); $password = escape($row->password); $db_email = escape($row->email); } } else { echo 'No data returned!'; } if($email == $db_email) { $new_password = substr(md5(rand(999, 999999)), 0, ; $to = $db_email; $subject = "Password Reset"; $body = "Hello " . $full_name . ",\n\nYour new password is: " . $new_password . "\n\n-Favecave"; $updatePass = DB::getInstance()->query("UPDATE users SET password = {$new_password} WHERE email= {$email}"); mail($to,$subject,$body); } else { echo 'Email not found'; } } else { echo 'Please enter field'; } } ?> <form action="" method="post"> <span>Enter your email address:<span><br> <input type="email" name="email" size="40"><br> <input type="submit" value="Recover"> </form>

I have an old website with users and password (not hashed) and want to import them into mysql, then run a script to create a new user_password_hash and update the database: what I tried is something like this: require 'application/config/config.php'; #Define Connection String Using PDO. $dbh = new PDO('mysql:host='.DB_HOST.';dbname='.DB_NAME.';charset=utf8',DB_USER,DB_PASS); $sth = $dbh->prepare("SELECT user_id, password, user_password_hash FROM users"); $sth->execute(); $result = $sth->fetchAll(); foreach($result as $key => $value) { $query = "UPDATE users SET user_password_hash = password_hash('result.password', PASSWORD_DEFAULT) WHERE user_id = 'result.user_id'"; } echo 'Done'; but not working tried it a few different ways but unsuccessfully frustrating, new to php, used cfm in the past, trying to get my php feet wet !!! any suggestions are appreciated !!!

Hello I am trying to create a password storing application, but cannot figure out the best way to store account passwords. The application wont store just user passwords to login, but passwords for other accounts. For example Client wants to be able to store all their Facebook and twitter passwords on the site, then log in when they want to find it. I was going to make it so the admin needed repeat their password they used to login to the application to retrieve another password, all of this is no problem, its just encrypting the passwords and being able to "un-encrypt" it later so they can see it. Any help would be appreciated, the person doesn't really care if its secure, they just want me to store the strings in the Database to be retrieved later, but I want to make it secure. Thank you

Hey , i have a problem in encrypting a password in mysql in the register form if anyone registered make their password encrypt in mysql database but when i want to login i must used the encrypting password ,, is there's a way to use that password i entered in register form for e.g ( 1234 ) not the encrypted password

Hey All, I have built a website using PHP and MySQL where users have to log in to use the site. I'm now trying to create a page on the site where logged in users can change their password if they need/want to. I thought this would be fairly easy and straight forward but I'm having a ton of issues. I've never been formally trained in PHP and MySQL, I've just picked up stuff along the way throughout the years so when I get into advanced stuff I start to struggle. I'm using MD5 hashing for the passwords right now. I already know this isn't the most secure method but since I'm familiar with it I'm just going to go with it for now. I'll worry about changing the hashing later. Anyway, the PHP code lives on the same page as the form. The HTML portion of the form has the following fields: Current Password (id="cur_password") New Password (id="password1") Confirm New Password (id="password2") Within the script I'm trying to verify that the Current Password and the password in the database match, but because of the MD5 I'm not exactly sure how to do this. Here is what I have so far: $sql = "SELECT * FROM users WHERE username='$log_username'"; $query = mysqli_query($db_conx, $sql); while ($row = mysqli_fetch_array($query, MYSQLI_ASSOC)) { $username = $row[username]; $password = $row[password]; } $cur_password=md5($_POST['cur_password']); $password1=md5($_POST['password1']); $password2=md5($_POST['password2']); if (empty ($_POST['cur_password'])){ echo "Fill out all fields."; } else if ($cur_password != $password) { echo "There was a problem. Wrong Password."; } else if ($passord1 != $password2) { echo "Passords don't match."; } else { $sql = "UPDATE users SET password = MD5('$password1') WHERE username='$log_username' LIMIT 1"; $query = mysqli_query($db_conx, $sql); echo "Success! Password has been changed."; } When I test I keep getting the "Fill out all fields." message even though I submitted the form and none of the fields were blank. If I take the "empty" statement out I just keep getting the "There was a problem. Wrong Password." message which should happen only if the current password typed in and the current password in the database don't match. I know that I'm putting in the correct matching password. Anyway, any help you could give would be greatly appreciated. Thanks so much.

Dear pals, I am using Wordpress 3.6 for my activity logging purpose . I need to authenticate user from REST , using their username/password . But Wordpress use a framework named "phpass" . I cannot identify how to compare my given password with database table password . Please advise a method to compare it. Thanks, Anes

Hey, i want the '***' to change depending on the length of the persons password. any way to echo a variable like this?

Hiya jees I'm having a nightmare if you can help me please you'd be saving my life! I'm using wamp and phpmyadmin. I created a database and then decided to add a password to it in phpmyadmin by going to users > root > and copy and pasted my password in twice. As soon as it saved I was kicked out of phpmyadmin. Since then I have been trying to use command prompt to get access to the database but the passwors is not being accepted. So I tried resetting the password by creating a mysql-init.txt using the code "UPDATE mysql.user SET Password=PASSWORD('worldpeace') WHERE User='root'; FLUSH PRIVILEGES;" Then I shut down mysql service and pathed in using "C:\wamp\bin\mysql\mysql5.5.24\bin mysqld --init-file=C:\\mysql-init.txt --console" This doesn't work for me! It just hangs at the end and never restarts the service, which is when the password is suppose to be changed. Please see screenshot of command prompt. Ok so after this attempt I have tried to get in by: mysql -u root -h 127.0.0.1 -P 3306 -p Enter password which I leave blank I then wanted to try and see the database so used show databases and was presented with ONLY the information_scheme and test! Surely I can't have deleted the database!!??? OMG I'm gona get fired. Additionally i have tried: mysql.exe -u=root -p=admin. I get an error "Error 1045 (28000) : Access denied for user '=root'@'localhost (using password: Yes) " If anybody can please please help me get my password reset you ill be saving my life! Thank you p.s. please note i have just used mysql.exe -u=root -p Enter password leave blank And from here I can show databases; and can see my database, so its not deleted! I just need to rest the password so I can get in.

I am trying to login to the website in the below example. This script logs in using a username and password but then is directed to a page with a security question. This is where the problem is, I am unable to POST my answer on this page. The result of my output is just the page with the security question. $username = 'XXXX'; $password = 'XXXX'; $loginUrl = 'https://www.dandh.ca/v4/dh'; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $loginUrl); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, 'Login='.urlencode($username).'&PW='.urlencode($password).'&Request=Login&formName=Login&jsEnabled=0&queryString=&Platform=Full&btLogin='.urlencode('Log In')); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/cookies.txt"); curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/cookies.txt"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_exec($ch); // process main login curl_setopt($ch, CURLOPT_POSTFIELDS, 'securityAnswer=XXXX&Request=postForm&formName=loginChallengeValidation&btContinue=Continue'); echo curl_exec($ch); // process security question curl_close($ch); Here is the source code of the security question HTML form: <form name="securityForm" id="secForm" method="post" action="/v4/dh"> <input type="hidden" name="Request" value="postForm"><input type="hidden" name="formName" value="loginChallengeValidation"> <table border="0" align="center" cellpadding="10" cellspacing="0"> <tr> <td><span style="font-weight:bold;">Security Response</span> <br> <p> Please answer the following security question. Once the answer is confirmed you can continue. </p> <p style="margin-left: 20px;"> Question: What is the name of your best friend from childhood?</p> <p style="margin-left: 20px;"> Answer: <input type="text" id="securityAnswer" name="securityAnswer" size="50" maxlength="50"> </p> <p style="margin-left: 20px;"> <input type="submit" name="btContinue" value="Continue"> </p> <p> <i>If you do not know the answer to the security question, please email <a href="mailto:passwords@dandh.com">passwords@dandh.com</a> and they will send you a temporary password. <a href="/v4/dh?Request=postForm&formName=LogOut">Click here</a> to return to login page.</i> </p> </td> </tr> </table> </form>

I am working on a site where the user clicks on a video to watch. When clicked I want to redirect them to a registration form that basically asks name, email and a password. The password is predetermined by the company I work for and are sent to the users. They do not create their own passwords, this not a login system it is just to verify what users are watching the video. after they enter their information and the password is verified it goes to the video. I know how I could do this for each individual video but that would create 100's of registration forms. I am looking for a way to use 1 form to check the passwords in the database and continue on. Any suggestions? I am a novice at PHP. (in reality, I wanted to use a real login system, but my boss didn't , so I am having to work in the constraints of the boss's wishes)

Hello, okay, so I need some help, before i start i must warn you that i'm not very good at explaining. Using a WYSIWYG Web Builder i have built a website with a membership system. Now when i make an account with the membership system, and enter the password 'htmlforums' it will show '2810bd8735116c769d9d4f6d6b53c3e1' in my mySQL database. Now I have also downloaded a forum script and have linked the two to the same database. The only problem is that the user password is different and therefore both don't work with one user. If make an account with the same password using the forums script it will show '2a9e532f806c272ecb01d58c503bc9a96f7b3ad8' in my mySQL database under passowrd. So both use a different system to login, but if i manually change the password's in the database (swap them) they will work, (as in with password one (2810bd8735116c769d9d4f6d6b53c3e1), i can sign in to the site and if i change it password 2 (2a9e532f806c272ecb01d58c503bc9a96f7b3ad8) i can sign in to the forum) so i'm not far off. I have very little knowledge of how they work, so can someone help me to get them both generating and accepting the same password. P.S I can't edit the code from the WYSIWYG web builder, as it generates it automatically. Here is the code for the login page by the WYSIWYG Web Builder. <?php if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'loginform') { session_start(); $success_page = isset($_SESSION['page_from'])?$_SESSION['page_from']:'/../../library/'; $error_page = basename(__FILE__); $mysql_server = 'localhost'; $mysql_username = '???????'; $mysql_password = '???????'; $mysql_database = '???????'; $mysql_table = 'USERS'; $crypt_pass = md5($_POST['password']); $found = false; $fullname = ''; $db = mysql_connect($mysql_server, $mysql_username, $mysql_password); if (!$db) { die('Failed to connect to database server!<br>'.mysql_error()); } mysql_select_db($mysql_database, $db) or die('Failed to select database<br>'.mysql_error()); $sql = "SELECT password, fullname, active FROM ".$mysql_table." WHERE username = '".mysql_real_escape_string($_POST['username'])."'"; $result = mysql_query($sql, $db); if ($data = mysql_fetch_array($result)) { if ($crypt_pass == $data['password'] && $data['active'] != 0) { $found = true; $fullname = $data['fullname']; } } mysql_close($db); if($found == false) { header('Location: '.$error_page); exit; } else { if (session_id() == "") { session_start(); } $_SESSION['username'] = $_POST['username']; $_SESSION['fullname'] = $fullname; $rememberme = isset($_POST['rememberme']) ? true : false; if ($rememberme) { setcookie('username', $_POST['username'], time() + 3600*24*30); setcookie('password', $_POST['password'], time() + 3600*24*30); } header('Location: '.$success_page); exit; } } $username = isset($_COOKIE['username']) ? $_COOKIE['username'] : ''; $password = isset($_COOKIE['password']) ? $_COOKIE['password'] : ''; ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Login</title> <meta name="description" content="Login page for Techyoucation.com"> <meta name="keywords" content="techyoucation, tutorials, technology, under construction,"> <meta name="author" content="Aled Daniel Evans"> <meta name="categories" content="Technology, Tutorials"> <link rel="shortcut icon" href="icon.ico"> <link rel="stylesheet" href="Site.css" type="text/css"> <link rel="stylesheet" href="index.css" type="text/css"> <script type="text/javascript" src="jquery-1.7.2.min.js"></script> <script type="text/javascript" src="wb.stickylayer.min.js"></script> <script type="text/javascript" src="jquery.effects.core.min.js"></script> <script type="text/javascript" src="jquery.effects.blind.min.js"></script> <script type="text/javascript" src="jquery.effects.bounce.min.js"></script> <script type="text/javascript" src="jquery.effects.clip.min.js"></script> <script type="text/javascript" src="jquery.effects.drop.min.js"></script> <script type="text/javascript" src="jquery.effects.explode.min.js"></script> <script type="text/javascript" src="jquery.effects.fold.min.js"></script> <script type="text/javascript" src="jquery.effects.highlight.min.js"></script> <script type="text/javascript" src="jquery.effects.pulsate.min.js"></script> <script type="text/javascript" src="jquery.effects.scale.min.js"></script> <script type="text/javascript" src="jquery.effects.shake.min.js"></script> <script type="text/javascript" src="jquery.effects.slide.min.js"></script> <script type="text/javascript" src="../../searchindex.js"></script> <script type="text/javascript"> <!-- var features = 'toolbar=no,menubar=no,location=no,scrollbars=yes,resizable=yes,status=no,left=,top=,width=,height='; var searchDatabase = new SearchDatabase(); var searchResults_length = 0; var searchResults = new Object(); function searchPage(features) { var element = document.getElementById('search_box_keyword'); if (element.value.length != 0 || element.value != " ") { var value = unescape(element.value); var keywords = value.split(" "); searchResults_length = 0; for (var i=0; i<database_length; i++) { var matches = 0; var words = searchDatabase[i].title + " " + searchDatabase[i].description + " " + searchDatabase[i].keywords; for (var j = 0; j < keywords.length; j++) { var pattern = new RegExp(keywords[j], "i"); var result = words.search(pattern); if (result >= 0) { matches++; } else { matches = 0; } } if (matches == keywords.length) { searchResults[searchResults_length++] = searchDatabase[i]; } } var wndResults = window.open('about:blank', '', features); setTimeout(function() { var html = '<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Search results<\/title><\/head>'; html = html + '<body style="background-color:#FFFFFF;margin:0;padding:2px 2px 2px 2px;">'; html = html + '<span style="font-family:Arial;font-size:13px;color:#000000">'; for (var n=0; n<searchResults_length; n++) { html = html + '<b><a style="color:#0000FF" target="_parent" href="'+searchResults[n].url+'">'+searchResults[n].title +'<\/a><\/b><br>Description:' + searchResults[n].description + '<br>Keywords:' + searchResults[n].keywords +'<br><br>\n'; } if (searchResults_length == 0) { html = html + 'No results'; } html = html + '<\/span>'; html = html + '<\/body><\/html>'; wndResults.document.write(html); },100); } return false; } // --> </script> <script src="http://www.geoplugin.net/javascript.gp" type="text/javascript"></script> <script src="cookieControl-5.1.min.js" type="text/javascript"></script> <script type="text/javascript">//<![CDATA[ cookieControl({ introText:'<p>This site uses some unobtrusive cookies to store information on your computer.</p>', fullText:'<p>Some of these cookies are essential to make our site work and have already been set. Others help us to improve by giving us some insight into how the site is being used or help to improve the experience of using our site but will only be set if you consent.</p><p>By using our site you accept the terms of our <a href="http://www.whatnews.co.uk/privacy">Privacy Policy</a></p>', position:'left', // left or right shape:'triangle', // triangle or diamond theme:'light', // light or dark startOpen:true, autoHide:3000, subdomains:true, protectedCookies: ['analytics', 'twitter'], //list the cookies you do not want deleted ['analytics', 'twitter'] consentModel:'implicit', onAccept:function(){ccAddAnalytics()}, onReady:function(){}, onCookiesAllowed:function(){ccAddAnalytics()}, onCookiesNotAllowed:function(){}, countries:'United Kingdom,Netherlands' // Or supply a list ['United Kingdom', 'Greece'] }); function ccAddAnalytics() { jQuery.getScript("http://www.google-analytics.com/ga.js", function() { var GATracker = _gat._createTracker(''); GATracker._trackPageview(); }); } //]]> </script> <script type="text/javascript" src="./wwb8.js"></script> <script type="text/javascript"> $(document).ready(function() { $("#FB-Over a").hover(function() { $(this).children("span").stop().fadeTo(200, 0); }, function() { $(this).children("span").stop().fadeTo(200, 1); }) $("#G-Over a").hover(function() { $(this).children("span").stop().fadeTo(200, 0); }, function() { $(this).children("span").stop().fadeTo(200, 1); }) $("#T-Over a").hover(function() { $(this).children("span").stop().fadeTo(200, 0); }, function() { $(this).children("span").stop().fadeTo(200, 1); }) $("#YT-Over a").hover(function() { $(this).children("span").stop().fadeTo(200, 0); }, function() { $(this).children("span").stop().fadeTo(200, 1); }) $("#Layer3").stickylayer({orientation: 1, position: [0, 0], delay: 0}); $("#RollOver1 a").hover(function() { $(this).children("span").stop().fadeTo(500, 0); }, function() { $(this).children("span").stop().fadeTo(500, 1); }) $("#header_inc_layer1").stickylayer({orientation: 2, position: [0, 0], delay: 0}); var $search = $('#search_box_form'); var $searchInput = $search.find('input'); var $searchLabel = $search.find('label'); if ($searchInput.val()) { $searchLabel.hide(); } $searchInput.focus(function() { $searchLabel.hide(); }).blur(function() { if (this.value == '') { $searchLabel.show(); } }); $searchLabel.click(function() { $searchInput.trigger('focus'); }); }); </script> <!--[if lt IE 7]> <style type="text/css"> img { behavior: url("pngfix.htc"); } </style> <![endif]--> <!-- no cache headers --> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="no-cache"> <meta http-equiv="Expires" content="-1"> <meta http-equiv="Cache-Control" content="no-cache"> <!-- end no cache headers --> </head> <body> <div id="container"> <div id="wb_Shape1" style="position:absolute;left:3px;top:74px;width:994px;height:412px;z-index:66;"> <img src="images/img0010.png" id="Shape1" alt="" style="border-width:0;width:994px;height:412px;"></div> <div id="wb_Text1" style="position:absolute;left:33px;top:103px;width:102px;height:29px;z-index:67;text-align:left;"> <span style="color:#2A2B30;font-family:Arial;font-size:24px;"><strong>Login</strong></span></div> <hr id="Line1" style="margin:0;padding:0;position:absolute;left:30px;top:155px;width:933px;height:1px;z-index:68;"> <div id="wb_Text2" style="position:absolute;left:30px;top:166px;width:76px;height:12px;text-align:justify;z-index:69;"> <span style="color:#D9D9D9;font-family:Arial;font-size:9.3px;">PLEASE LOGIN</span></div> <div id="wb_loginform" style="position:absolute;left:336px;top:218px;width:322px;height:214px;z-index:70;"> <form name="loginform" method="post" action="<?php echo basename(__FILE__); ?>" id="loginform"> <input type="hidden" name="form_name" value="loginform"> <div id="wb_Text6" style="position:absolute;left:45px;top:118px;width:91px;height:16px;z-index:58;text-align:left;"> <span style="color:#666666;font-family:Arial;font-size:13px;">Remember me</span></div> <input type="checkbox" id="rememberme" name="rememberme" value="on" style="position:absolute;left:23px;top:117px;z-index:59;"> <input type="submit" id="login_button" name="login" value="Log In" style="position:absolute;left:92px;top:148px;width:138px;height:33px;z-index:60;"> <div id="wb_Shape2" style="position:absolute;left:23px;top:16px;width:283px;height:40px;z-index:61;"> <img src="images/img0011.png" id="Shape2" alt="" style="border-width:0;width:283px;height:40px;"></div> <div id="wb_Shape3" style="position:absolute;left:23px;top:66px;width:283px;height:40px;z-index:62;"> <img src="images/img0012.png" id="Shape3" alt="" style="border-width:0;width:283px;height:40px;"></div> <input type="text" id="username" style="position:absolute;left:23px;top:16px;width:280px;height:38px;line-height:38px;z-index:63;" name="username" value="<?php echo $username; ?>Username" autocomplete="off"> <input type="password" id="password" style="position:absolute;left:23px;top:66px;width:280px;height:38px;line-height:38px;z-index:64;" name="password" value="<?php echo $password; ?> Password" autocomplete="off"> <div id="wb_Text3" style="position:absolute;left:83px;top:185px;width:160px;height:16px;z-index:65;text-align:left;"> <span style="color:#2A2B30;font-family:Arial;font-size:13px;"><strong>Not a member? <a href="./../register/index.php" class="Bold_Grey">Register</a></strong></span></div> </form> </div> <div id="wb_Extension1" style="position:absolute;left:0px;top:0px;width:100px;height:100px;z-index:72;"> </div> </div> <div id="Layer2" style="position:fixed;text-align:center;left:0px;top:0px;right:0px;height:56px;z-index:73;" title=""> <div id="Layer2_Container" style="width:994px;position:relative;margin-left:auto;margin-right:auto;text-align:left;"> <div id="wb_Header_Master_Page" style="position:absolute;left:0px;top:0px;width:991px;height:56px;z-index:13;"> <div id="Layer3" style="position:absolute;text-align:right;left:0px;top:0px;width:220px;height:56px;z-index:11;" title=""> <div id="Layer3_Container" style="width:220px;position:relative;margin-left:auto;margin-right:auto;text-align:left;"> <div id="RollOver1" style="position:absolute;overflow:hidden;left:0px;top:5px;width:219px;height:47px;z-index:0"> <a href="./../../index.html" target="_top"> <img class="hover" alt="" src="images/techyoucation_grey.png" style="left:0px;top:0px;width:219px;height:47px;"> <span><img alt="" src="images/full_logo.png" style="left:0px;top:0px;width:219px;height:47px"></span> </a> </div> </div> </div> <div id="header_inc_layer1" style="position:absolute;text-align:right;left:561px;top:0px;width:430px;height:56px;z-index:12;" title=""> <div id="header_inc_layer1_Container" style="width:430px;position:relative;margin-left:auto;margin-right:auto;text-align:left;"> <div id="signup" style="position:absolute;overflow:hidden;left:231px;top:8px;width:86px;height:41px;z-index:2"> <a href="./../register/index.php"> <img class="hover" alt="" src="images/signup-hover.png" style="left:0px;top:0px;width:86px;height:41px;"> <span><img alt="" src="images/signup-off.png" style="left:0px;top:0px;width:86px;height:41px"></span> </a> </div> <div id="wb_login" style="position:absolute;left:329px;top:8px;width:86px;height:41px;z-index:3;"> <a href="./index.php" onclick="ShowObject('login_dialog', 1);return false;"><img src="images/login-small.png" id="login" alt="" border="0" style="width:86px;height:41px;"></a></div> <div id="wb_search_dark_bg" style="position:absolute;left:134px;top:8px;width:86px;height:41px;z-index:4;"> <img src="images/search.png" id="search_dark_bg" alt="" border="0" style="width:86px;height:41px;"></div> <div id="wb_Search-g" style="position:absolute;left:169px;top:8px;width:51px;height:41px;visibility:hidden;z-index:5;"> <img src="images/img0007.gif" id="Search-g" alt="" style="border-width:0;width:51px;height:41px;"></div> <div id="wb_search-w" style="position:absolute;left:17px;top:8px;width:152px;height:41px;visibility:hidden;z-index:6;"> <img src="images/img0008.gif" id="search-w" alt="" style="border-width:0;width:152px;height:41px;"></div> <div id="wb_Search_show" style="position:absolute;left:192px;top:17px;width:22px;height:22px;z-index:7;"> <a href="#" onclick="ShowObjectWithEffect('wb_search-w', 1, 'slideright', 500);ShowObject('wb_Search-g', 1);ShowObjectWithEffect('search_layer', 1, 'slideright', 500);ShowObject('wb_search_click', 1);return false;"><img src="images/icon-search-da7ca298c043e217cdaced7a129fef8f.png" id="Search_show" alt="" border="0" style="width:22px;height:22px;"></a></div> <div id="search_layer" style="position:absolute;text-align:left;visibility:hidden;left:32px;top:7px;width:149px;height:36px;z-index:8;" title=""> <div id="wb_search_box" style="position:absolute;left:0px;top:7px;width:149px;height:27px;z-index:1;"> <form action="" name="search_box_form" id="search_box_form" accept-charset="UTF-8" onsubmit="return searchPage(features)"> <input type="text" id="search_box_keyword" style="position:absolute;left:0px;top:0px;width:149px;height:27px;line-height:27px;;" name="SiteSearch1" value=""> <label id="search_box_label" style="position:absolute;left:0px;top:7px;" for="search_box_keyword">Search this website</label> </form> </div> </div> <div id="wb_search_click" style="position:absolute;left:192px;top:17px;width:21px;height:21px;visibility:hidden;z-index:9;"> <a href="#" onclick="searchPage();return false;"><img src="images/icon-search-da7ca298c043e217cdaced7a129fef8f.png" id="search_click" alt="" border="0" style="width:21px;height:21px;"></a></div> </div> </div> </div> </div> </div> <div id="footer_layer" style="position:absolute;text-align:center;left:0px;top:494px;width:100%;height:258px;z-index:74;" title=""> <div id="footer_layer_Container" style="width:994px;position:relative;margin-left:auto;margin-right:auto;text-align:left;"> <div id="wb_footer_master_page" style="position:absolute;left:0px;top:0px;width:994px;height:257px;z-index:29;"> <div id="Layer" style="position:absolute;text-align:center;left:1px;top:0px;width:99%;height:257px;z-index:28;" title=""> <div id="Layer_Container" style="width:993px;position:relative;margin-left:auto;margin-right:auto;text-align:left;"> <div id="wb_logo-g" style="position:absolute;left:0px;top:12px;width:219px;height:47px;z-index:14;"> <a href="./../../under_construction/index.html"><img src="images/techyoucation%20grey.png" id="logo-g" alt="" border="0" style="width:219px;height:47px;"></a></div> <div id="wb_mission-text" style="position:absolute;left:6px;top:72px;width:250px;height:48px;text-align:justify;z-index:15;"> <span style="color:#808080;font-family:Arial;font-size:13px;">We are on a mission, that mission is to teach everyone with the passion to learn Technology.</span></div> <hr id="devide" style="margin:0;padding:0;position:absolute;left:8px;top:121px;width:222px;height:1px;z-index:16;"> <div id="wb_copyright-text" style="position:absolute;left:6px;top:172px;width:250px;height:48px;text-align:justify;z-index:17;"> <span style="color:#808080;font-family:Arial;font-size:13px;">© Techyoucation 2013 All trademarks and logos are the property of their respective owners!</span></div> <div id="wb_get-in" style="position:absolute;left:751px;top:7px;width:235px;height:32px;z-index:18;text-align:left;"> <span style="color:#000000;font-family:Arial;font-size:13px;"><strong><a href="./../../under_construction/contact_us/index.html" class="Bold_Grey">Get In Touch </a></strong></span><span style="color:#808080;font-family:Arial;font-size:13px;"><strong><a href="./../../under_construction/contact_us/index.html" class="Bold_Grey">→</a></strong></span><span style="color:#000000;font-family:Arial;font-size:13px;"><strong><br><a href="./../../legal/index.php" class="Bold_Grey">Privacy Policy / Terms Of Service</a></strong></span></div> <div id="wb_vision-logo" style="position:absolute;left:318px;top:12px;width:162px;height:60px;z-index:19;"> <a href="http://secure.thevisionworld.com/aff.php?aff=092" target="_top"><img src="images/VisionHelpdeskLogo.png" id="vision-logo" alt="" border="0" style="width:162px;height:60px;"></a></div> <div id="wb_Vision" style="position:absolute;left:286px;top:72px;width:230px;height:64px;text-align:justify;z-index:20;"> <span style="color:#808080;font-family:Arial;font-size:13px;">We would like to thank vision HelpDesk for supporting us with our mission by supplying us with a free copy of their amazing script.</span></div> <div id="wb_Navaldesigns" style="position:absolute;left:286px;top:152px;width:230px;height:48px;text-align:justify;z-index:21;"> <span style="color:#808080;font-family:Arial;font-size:13px;">We would also like to thank George <a href="http://www.dbtechnosystems.com/" class="Top_Nav">(Navaldesign)</a> for helping us with the membership system on this site.</span></div> <div id="FB-Over" style="position:absolute;overflow:hidden;left:38px;top:134px;width:29px;height:29px;z-index:22"> <a href="https://www.facebook.com/techyoucation"> <img class="hover" alt="" src="images/icon-facebook-new-7fd375259239b05ac8f42657988e351f-over.png" style="left:0px;top:0px;width:29px;height:29px;"> <span><img alt="" src="images/icon-facebook-new-7fd375259239b05ac8f42657988e351f.png" style="left:0px;top:0px;width:29px;height:29px"></span> </a> </div> <div id="G-Over" style="position:absolute;overflow:hidden;left:78px;top:134px;width:29px;height:29px;z-index:23"> <a href="https://plus.google.com/b/113434853007695128940/113434853007695128940/posts"> <img class="hover" alt="" src="images/icon-googleplus-f9e3bf613ef1807f53cc7e3c34fb9b1a-over.png" style="left:0px;top:0px;width:29px;height:29px;"> <span><img alt="" src="images/icon-googleplus-f9e3bf613ef1807f53cc7e3c34fb9b1a.png" style="left:0px;top:0px;width:29px;height:29px"></span> </a> </div> <div id="T-Over" style="position:absolute;overflow:hidden;left:118px;top:134px;width:29px;height:29px;z-index:24"> <a href="https://twitter.com/techyoucation"> <img class="hover" alt="" src="images/icon-twitter-new-47502fddb8222a283378a21e5b421c2d-over.png" style="left:0px;top:0px;width:29px;height:29px;"> <span><img alt="" src="images/icon-twitter-new-47502fddb8222a283378a21e5b421c2d.png" style="left:0px;top:0px;width:29px;height:29px"></span> </a> </div> <div id="YT-Over" style="position:absolute;overflow:hidden;left:158px;top:134px;width:29px;height:29px;z-index:25"> <a href="http://www.youtube.com/techyoucation"> <img class="hover" alt="" src="images/icon-youtube-a442f16454bb0a8fe31df4f93b5d8aa2-over.png" style="left:0px;top:0px;width:29px;height:29px;"> <span><img alt="" src="images/icon-youtube-a442f16454bb0a8fe31df4f93b5d8aa2.png" style="left:0px;top:0px;width:29px;height:29px"></span> </a> </div> <!-- Twitter Follow --> <div id="twitter" style="position:absolute;left:587px;top:6px;width:154px;height:47px;z-index:26"> <a href="https://twitter.com/techyoucation" class="twitter-follow-button" data-show-count="false">Follow @techyoucation</a> <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script></div> <div id="wb_HTML-image" style="position:absolute;left:610px;top:58px;width:99px;height:139px;z-index:27;"> <img src="images/html5_logo_small.png" id="HTML-image" alt="" border="0" style="width:99px;height:139px;"></div> </div> </div> </div> </div> </div> </body> </html> and here is the login code for the forum. <?php //signin.php include 'connect.php'; include 'header.php'; echo '<h3>Sign in</h3><br />'; //first, check if the user is already signed in. If that is the case, there is no need to display this page if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true) { echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.'; } else { if($_SERVER['REQUEST_METHOD'] != 'POST') { /*the form hasn't been posted yet, display it note that the action="" will cause the form to post to the same page it is on */ echo '<form method="post" action=""> Username: <input type="text" name="username" /><br /> Password: <input type="password" name="password"><br /> <input type="submit" value="Sign in" /> </form>'; } else { /* so, the form has been posted, we'll process the data in three steps: 1. Check the data 2. Let the user refill the wrong fields (if necessary) 3. Varify if the data is correct and return the correct response */ $errors = array(); /* declare the array for later use */ if(!isset($_POST['username'])) { $errors[] = 'The username field must not be empty.'; } if(!isset($_POST['password'])) { $errors[] = 'The password field must not be empty.'; } if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/ { echo 'Uh-oh.. a couple of fields are not filled in correctly..<br /><br />'; echo '<ul>'; foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */ { echo '<li>' . $value . '</li>'; /* this generates a nice error list */ } echo '</ul>'; } else { //the form has been posted without errors, so save it //notice the use of mysql_real_escape_string, keep everything safe! //also notice the sha1 function which hashes the password $sql = "SELECT id, username, userlevel FROM USERS WHERE username = '" . mysql_real_escape_string($_POST['username']) . "' AND password = '" . sha1($_POST['password']) . "'"; $result = mysql_query($sql); if(!$result) { //something went wrong, display the error echo 'Something went wrong while signing in. Please try again later.'; //echo mysql_error(); //debugging purposes, uncomment when needed } else { //the query was successfully executed, there are 2 possibilities //1. the query returned data, the user can be signed in //2. the query returned an empty result set, the credentials were wrong if(mysql_num_rows($result) == 0) { echo 'You have supplied a wrong user/password combination. Please try again.'; } else { //set the $_SESSION['signed_in'] variable to TRUE $_SESSION['signed_in'] = true; //we also put the id and username values in the $_SESSION, so we can use it at various pages while($row = mysql_fetch_assoc($result)) { $_SESSION['id'] = $row['id']; $_SESSION['username'] = $row['username']; $_SESSION['userlevel'] = $row['userlevel']; } echo 'Welcome, ' . $_SESSION['username'] . '. <br /><a href="index.php">Proceed to the forum overview</a>.'; } } } } } include 'footer.php'; ?> It looks like you many need the header two... <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nl" lang="nl"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta name="description" content="A short description." /> <meta name="keywords" content="put, keywords, here" /> <title>PHP-MySQL forum</title> <link rel="stylesheet" href="style.css" type="text/css"> </head> <div id="blog"> <div id="header"><a href="http://techyoucation.com" onmouseout="MM_swapImgRestore()" onmouseover="MM_swapImage('Logo','','images/techyoucation grey.png',1)"><img src="images/full logo.png" alt="techyoucation logo" width="219" height="47" id="Logo" /></a></div> <body> <h1><br></h1> <div id="wrapper"> <div id="menu"> <a class="item" href="/forum/index.php">Home</a> - <a class="item" href="/forum/create_topic.php">Create a topic</a> - <a class="item" href="/forum/create_cat.php">Create a category</a> <div id="userbar"> <?php if($_SESSION['signed_in']) { echo 'Hello <b>' . htmlentities($_SESSION['username']) . '</b>. Not you? <a class="item" href="signout.php">Sign out</a>'; } else { echo '<a class="item" href="signin.php">Sign in</a> or <a class="item" href="signup.php">create an account</a>'; } ?> </div> </div> <div id="content"> Thanks in advance Aled

Hi, I'm just wondering but what is the best of best kind of encryption that you can get when encrypting passwords? Like what does Facebook use? Thanks

I'm not really sure where to post this topic... it touches on MySQL, PHP, Javascript, and best practices. I want to force users to update their password after 90 days. I can force them to the update page no problemo, but I'm having troubles forcing them to pick a new password, something different than what they have already stored in the database. Currently when a user registers for an account on my site, the password is passed in plain text and I let the MySQL Password() function hash it (I've come to understand this is bad practice). This makes it kind of difficult, because I am having a hard time verifying their new, plain text entry on the update page to the Password() hashed old one. The closest I've gotten is this: <script type="text/javascript"> function newpassword() { var oldpw = "<?php echo $XXXXXX->UserPassword; ?>"; var newpw = "<?php echo '*' . strtoupper(sha1(pack('H*',sha1('<script type="text/javascript">document.write(document.FORMNAME["UserPassword"].value);</script>'))));?>"; .... </script> And I would then compare the two variables. I'm wondering if this is even possible. I've seen a few suggestions online using UNHEX or CryptoJS, but when I use those functions my page loads with nothing on it. I've thought about passing the value as a md5 hashed value, and just storing that in the database instead, but I've read a bit that md5 isn't very secure anymore. I'm kind of at a loss of what to do at this point. Any help/guidance?

Hi, I am using PBKDF2 to crypt my passwords, but I am not sure whether or not I am using it correctly. I create a random 32 character string and use it as salt, and use it to crypt the password, then I store both the encrypted password and the salt into the database. Is this the correct way to use the PBKDF2 crypting? Also, for my remember me feature I store the encrypted password and the user ID into a cookie which is used to log the user in. This method doesn't look very secure to me for some reason. Is there a better way to implement the remember me feature?

I have a problem logging in so they sent me a temp password when I go to the email and password page to change my password it tells me to fill the whole form OK I think they must want me to fill in the email part too even though it displays my current email correctly so I enter my email as if it's a new email and it tells me my email is already in use. Looks like a catch 22 if I ever saw one. I hope I don't have to use a temp password every time I come here.

Hi, recently I've created a login form and I've used the salt method (which I've not really used before) and everything is working great apart from the login. Basically what happens is I can login with any password. So if my password was 'hello1234' and I put 'fndsjnmfosd' it would state that as correct; try it yourself at www.harvy.info Sign up and then try to login, you'll see that you can enter any password and it'll see that as correct. Thanks. Login proccess (What happens when you try to login) <?php include 'dbConfig.php'; include 'functions.php'; sec_session_start(); if(isset($_POST['email'], $_POST['p'])) { $email = $_POST['email']; $password = $_POST['p']; if(login($email, $password, $mysqli) == true) { header('Location: member.php?id='); } else { header('Location: login.php?error=1'); } } else { echo 'Invalid Request'; } ?>

Hi. im new to the site and i need a bit of help. im coding a website for my coursework and ive created a log in script. the script works but once the user has logged in i want to get a message saying welcome "firstname" instead of welcome "username" i have managed to get it to say welcome and there username but its not very formal i would like there name they use when they register. here is the code ive got so far. any help would be greatly appriciated. <?php session_start(); $user_name = "root"; $password = ""; $database = "fixandrun"; $server = "localhost"; $db_handle = mysql_connect($server, $user_name, $password); $db_found = mysql_select_db($database, $db_handle); $username = $_POST["username"]; $password = $_POST["password"]; echo"$password"; echo"$username"; if ($db_found) { $result =mysql_query("SELECT 1 FROM staff WHERE username= '$username' and password= '$password'"); if ($result && mysql_num_rows($result) == 1) { $sqlq = mysql_query("SELECT firstname FROM staff WHERE username = '$username'"); $_SESSION['name']=$sqlq; session_register("username"); header("location:homelogged.php"); } else { Echo "Username or Password is incorrect. Click <a href='home.php'>Here</a> to be taken back to the home page."; } } else { print "Database NOT Found."; mysql_close($db_handle); } ?> and on my home page i have : <?php echo "Welcome " . $_SESSION["name"] . "<br>"; echo "last logged in at " . date("l, F d, h:i" ,time())."<br>"; ?> this works but i get welcome and 0 instead of welcome and a name