Jump to content

Search the Community

Showing results for tags 'sha1'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Welcome to PHP Freaks
    • Announcements
    • Introductions
  • PHP Coding
    • PHP Coding Help
    • Regex Help
    • Third Party Scripts
    • FAQ/Code Snippet Repository
  • SQL / Database
    • MySQL Help
    • PostgreSQL
    • Microsoft SQL - MSSQL
    • Other RDBMS and SQL dialects
  • Client Side
    • HTML Help
    • CSS Help
    • Javascript Help
    • Other
  • Applications and Frameworks
    • Applications
    • Frameworks
    • Other Libraries
  • Web Server Administration
    • PHP Installation and Configuration
    • Linux
    • Apache HTTP Server
    • Microsoft IIS
    • Other Web Server Software
  • Other
    • Application Design
    • Other Programming Languages
    • Editor Help (Dreamweaver, Zend, etc)
    • Website Critique
    • Beta Test Your Stuff!
  • Freelance, Contracts, Employment, etc.
    • Services Offered
    • Job Offerings
  • General Discussion
    • PHPFreaks.com Website Feedback
    • Miscellaneous

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Age


Donation Link

Found 2 results

  1. I'm curious to get opinions on using strip_tags() for fields that will be encrypted in a database. I often see websites that say "choose a password that contains X certain characters but not Z other characters." And I got curious. Let's say there's a registration form where a new user creates a username and password, and the server will store the password as ... sha1( $user_entered_value ) ... or some other sort of hashed/encrypted string. In this case, why would it ever matter that a user had entered <div> or some other such text in their password? The password will only ever be hashed into something before it is matched... so why would you bother stripping tags? Why bother preventing any "special" characters? Thoughts?
  2. Guys, Even though my Sha1 has string, I get this error: Fatal error: Uncaught TypeError: sha1() expects parameter 1 to be string, integer given in C:\xampp\htdocs\id\register.php:31 Stack trace: #0 C:\xampp\htdocs\id\register.php(31): sha1(16) #1 {main} thrown in C:\xampp\htdocs\id\register.php on line 31 <?php /* ERROR HANDLING */ declare(strict_types=1); ini_set('display_errors', '1'); ini_set('display_startup_errors', '1'); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); include 'config.php'; // check if user is already logged in if (is_logged() === true) { die("You are already logged-in! No need to register again!"); } if ($_SERVER['REQUEST_METHOD'] == "POST") { if (isset($_POST["username"]) && isset($_POST["password"]) && isset($_POST["password_confirmation"]) && isset($_POST["email"]) && isset($_POST["email_confirmation"]) && isset($_POST["first_name"]) && isset($_POST["gender"]) && isset($_POST["surname"])) { // create random hash for email confirmation $account_activation_code = sha1(mt_rand(5, 30)); $account_activation_link = "http://www.".$site_domain."/".$social_network_name."/activate_account.php?email=".$_POST['email']."&account_activation_code=".$account_activation_code.""; // remove space in start of string /* * passwords and email are leaved unescaped here because * if you put them into mysqli_real_escape_string they are not empty */ $username = trim(mysqli_real_escape_string($conn, $_POST["username"])); $password = $_POST["password"]; $password2 = $_POST["password_confirmation"]; $first_name = trim(mysqli_real_escape_string($conn, $_POST["first_name"])); $surname = trim(mysqli_real_escape_string($conn, $_POST["surname"])); $gender = trim(mysqli_real_escape_string($conn, $_POST["gender"])); $email = $_POST["email"]; $email_confirmation = $_POST["email_confirmation"]; $email2 = trim(mysqli_real_escape_string($conn, $email)); // Escaped email for inserting into database. $account_activation = 0; // 1 = active | 0 = not active //Hashed Password. $hashed_password = password_hash($password, PASSWORD_DEFAULT); //SEE IF BELOW CODE AFTER FOLLOWING WORKS OR NOT AS SUBSTITUTE FUNCTION OVER mysqli_stmt_get_result FUNCTION //Select Username and Email to check against Mysql DB if they are already registered or not. $stmt = mysqli_prepare($conn, "SELECT usernames, emails FROM users WHERE usernames = ? OR emails = ?"); mysqli_stmt_bind_param($stmt, 'ss', $username, $email_2); mysqli_stmt_execute($stmt); $result = mysqli_stmt_get_result($stmt); $row = mysqli_fetch_array($result, MYSQLI_ASSOC); // Check if inputted Username is already registered or not. if ($row['usernames'] == $username) { $_SESSION['error'] = "That username is already registered."; // Check if inputted Username is between 8 to 30 characters long or not. } elseif (strlen($username) < 8 || strlen($username) > 30) { $_SESSION['error'] = "Username must be between 8 to 30 characters long!"; // Check if inputted Email is already registered or not. } elseif ($row['emails'] == $email_2) { $_SESSION['error'] = "That email is already registered."; // Check if both inputted EMails match or not. } elseif ($email != $email_confirmation) { $_SESSION['error'] = "Emails don't match!"; // Check if inputed Email is valid or not. } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $_SESSION['error'] = "Invalid email! Insert your real Email in order for us to email you your account activation details."; // Check if both inputted Passwords match or not. } elseif ($password != $password_confirmation) { $_SESSION['error'] = "Passwords don't match."; // Check if Password is between 8 to 30 characters long or not. } elseif (strlen($password) < 8 || strlen($password) > 30) { $_SESSION['error'] = "Password must be between 6 to 30 characters long!"; } else { //Insert the user's input into Mysql database using php's sql injection prevention method. $stmt = mysqli_prepare($conn, "INSERT INTO users(usernames, passwords, emails, first_names, surnames, genders, accounts_activations_codes, accounts_activations) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"); mysqli_stmt_bind_param($stmt, 'sssssssi', $username, $hashed_password, $email2, $first_name, $surname, $gender, $account_activation_code, $account_activation); mysqli_stmt_execute($stmt); //Check if user's registration data was successful submitted or not. if (mysqli_stmt_insert_id($stmt)) { echo "<h3 style='text-align:center'>Thank you for your registration!<br /> Check your email for details on how to activate your account you just registered.</h3>"; //Send account activation link by email for user to confirm his email and activate his new account. $to = $email; $subject = "Your ".$site_name." account activation!"; $body = nl2br(" ===============================\r\n ".$site_name." \r\n ===============================\r\n From: ".$site_admin_email."\r\n To: ".$email."\r\n Subject: Yours ".$subject." account activation \r\n Message: ".$first_name." ".$surname."\r\n You need to click on following <a href=".$account_activation_link.">link</a> to activate your account by confirming your email address. \r\n"); $headers = "From: " . $site_admin_email . "\r\n"; if (mail($to,$subject,$body,$headers)) { $_SESSION['error'] = "Registration sucessful! Check your email for further instructions!"; //Clear the Session Error so it can no longer be used. unset($_SESSION['error']); unset($_POST); exit(); //Redirect user to login page after 5 seconds. header("refresh:5;url=login.php"); } else { $_SESSION['error'] = "Email not sent, please contact website administrator!"; } } else { $_SESSION['error'] = "There was a problem in trying to register you! Try again some other time."; } } } } ?> <!DOCTYPE html> <html> <head> <title><?php $social_network_name ?> Signup Page</title> </head> <body> <div class ="container"> <?php // error messages if (isset($_SESSION['error']) && !empty($_SESSION['error'])) { echo '<p style="color:red;">'.$_SESSION['error'].'</p>'; } ?> <form method="post" action=""> <center><h2>Signup Form</h2></center> <div class="form-group"> <center><label>Username:</label> <input type="text" placeholder="Enter a unique Username" name="username" required [A-Za-z0-9] value="<?php if(isset($_POST['username'])) { echo htmlentities($_POST['username']); }?>"></center> </div> <div class="form-group"> <center><label>Password:</label> <input type="password" placeholder="Enter a new Password" name="password" required [A-Za-z0-9]></center> </div> <div class="form-group"> <center><label>Repeat Password:</label> <input type="password" placeholder="Repeat a new Password" name="password_confirmation" required [A-Za-z0-9]></center> </div> <div class="form-group"> <center><label>First Name:</label> <input type="text" placeholder="Enter your First Name" name="first_name" required [A-Za-z] value="<?php if(isset($_POST['first_name'])) { echo htmlentities($_POST['first_name']); }?>"></center> </div> <div class="form-group"> <center><label>Surname:</label> <input type="text" placeholder="Enter your Surname" name="surname" required [A-Za-z] value="<?php if(isset($_POST['surname'])) { echo htmlentities($_POST['surname']); }?>"></center> </div> <div class="form-group"> <center><label>Gender:</label> <input type="radio" name="gender" value="male" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Male<input type="radio" name="gender" value="female" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Female</center> </div> <div class="form-group"> <center><label>Email:</label> <input type="email" placeholder="Enter your Email" name="email" required [A-Za-z0-9] value="<?php if(isset($_POST['email'])) { echo htmlentities($_POST['email']); }?>"></center> </div> <div class="form-group"> <center><label>Repeat Email:</label> <input type="email" placeholder="Repeat your Email" name="email_confirmation" required [A-Za-z0-9] value="<?php if(isset($_POST['email_confirmation'])) { echo htmlentities($_POST['email_confirmation']); }?>"></center> </div> <center><button type="submit" class="btn btn-default" name="submit">Register!</button></center> <center><font color="red" size="3"><b>Already have an account ?</b><br><a href="login.php">Login here!</a></font></center> </form> </div> </body> </html>
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.