Search the Community

Guys, Even though my Sha1 has string, I get this error: Fatal error: Uncaught TypeError: sha1() expects parameter 1 to be string, integer given in C:\xampp\htdocs\id\register.php:31 Stack trace: #0 C:\xampp\htdocs\id\register.php(31): sha1(16) #1 {main} thrown in C:\xampp\htdocs\id\register.php on line 31 <?php /* ERROR HANDLING */ declare(strict_types=1); ini_set('display_errors', '1'); ini_set('display_startup_errors', '1'); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); include 'config.php'; // check if user is already logged in if (is_logged() === true) { die("You are already logged-in! No need to register again!"); } if ($_SERVER['REQUEST_METHOD'] == "POST") { if (isset($_POST["username"]) && isset($_POST["password"]) && isset($_POST["password_confirmation"]) && isset($_POST["email"]) && isset($_POST["email_confirmation"]) && isset($_POST["first_name"]) && isset($_POST["gender"]) && isset($_POST["surname"])) { // create random hash for email confirmation $account_activation_code = sha1(mt_rand(5, 30)); $account_activation_link = "http://www.".$site_domain."/".$social_network_name."/activate_account.php?email=".$_POST['email']."&account_activation_code=".$account_activation_code.""; // remove space in start of string /* * passwords and email are leaved unescaped here because * if you put them into mysqli_real_escape_string they are not empty */ $username = trim(mysqli_real_escape_string($conn, $_POST["username"])); $password = $_POST["password"]; $password2 = $_POST["password_confirmation"]; $first_name = trim(mysqli_real_escape_string($conn, $_POST["first_name"])); $surname = trim(mysqli_real_escape_string($conn, $_POST["surname"])); $gender = trim(mysqli_real_escape_string($conn, $_POST["gender"])); $email = $_POST["email"]; $email_confirmation = $_POST["email_confirmation"]; $email2 = trim(mysqli_real_escape_string($conn, $email)); // Escaped email for inserting into database. $account_activation = 0; // 1 = active | 0 = not active //Hashed Password. $hashed_password = password_hash($password, PASSWORD_DEFAULT); //SEE IF BELOW CODE AFTER FOLLOWING WORKS OR NOT AS SUBSTITUTE FUNCTION OVER mysqli_stmt_get_result FUNCTION //Select Username and Email to check against Mysql DB if they are already registered or not. $stmt = mysqli_prepare($conn, "SELECT usernames, emails FROM users WHERE usernames = ? OR emails = ?"); mysqli_stmt_bind_param($stmt, 'ss', $username, $email_2); mysqli_stmt_execute($stmt); $result = mysqli_stmt_get_result($stmt); $row = mysqli_fetch_array($result, MYSQLI_ASSOC); // Check if inputted Username is already registered or not. if ($row['usernames'] == $username) { $_SESSION['error'] = "That username is already registered."; // Check if inputted Username is between 8 to 30 characters long or not. } elseif (strlen($username) < 8 || strlen($username) > 30) { $_SESSION['error'] = "Username must be between 8 to 30 characters long!"; // Check if inputted Email is already registered or not. } elseif ($row['emails'] == $email_2) { $_SESSION['error'] = "That email is already registered."; // Check if both inputted EMails match or not. } elseif ($email != $email_confirmation) { $_SESSION['error'] = "Emails don't match!"; // Check if inputed Email is valid or not. } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $_SESSION['error'] = "Invalid email! Insert your real Email in order for us to email you your account activation details."; // Check if both inputted Passwords match or not. } elseif ($password != $password_confirmation) { $_SESSION['error'] = "Passwords don't match."; // Check if Password is between 8 to 30 characters long or not. } elseif (strlen($password) < 8 || strlen($password) > 30) { $_SESSION['error'] = "Password must be between 6 to 30 characters long!"; } else { //Insert the user's input into Mysql database using php's sql injection prevention method. $stmt = mysqli_prepare($conn, "INSERT INTO users(usernames, passwords, emails, first_names, surnames, genders, accounts_activations_codes, accounts_activations) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"); mysqli_stmt_bind_param($stmt, 'sssssssi', $username, $hashed_password, $email2, $first_name, $surname, $gender, $account_activation_code, $account_activation); mysqli_stmt_execute($stmt); //Check if user's registration data was successful submitted or not. if (mysqli_stmt_insert_id($stmt)) { echo "<h3 style='text-align:center'>Thank you for your registration!<br /> Check your email for details on how to activate your account you just registered.</h3>"; //Send account activation link by email for user to confirm his email and activate his new account. $to = $email; $subject = "Your ".$site_name." account activation!"; $body = nl2br(" ===============================\r\n ".$site_name." \r\n ===============================\r\n From: ".$site_admin_email."\r\n To: ".$email."\r\n Subject: Yours ".$subject." account activation \r\n Message: ".$first_name." ".$surname."\r\n You need to click on following <a href=".$account_activation_link.">link</a> to activate your account by confirming your email address. \r\n"); $headers = "From: " . $site_admin_email . "\r\n"; if (mail($to,$subject,$body,$headers)) { $_SESSION['error'] = "Registration sucessful! Check your email for further instructions!"; //Clear the Session Error so it can no longer be used. unset($_SESSION['error']); unset($_POST); exit(); //Redirect user to login page after 5 seconds. header("refresh:5;url=login.php"); } else { $_SESSION['error'] = "Email not sent, please contact website administrator!"; } } else { $_SESSION['error'] = "There was a problem in trying to register you! Try again some other time."; } } } } ?> <!DOCTYPE html> <html> <head> <title><?php $social_network_name ?> Signup Page</title> </head> <body> <div class ="container"> <?php // error messages if (isset($_SESSION['error']) && !empty($_SESSION['error'])) { echo '<p style="color:red;">'.$_SESSION['error'].'</p>'; } ?> <form method="post" action=""> <center><h2>Signup Form</h2></center> <div class="form-group"> <center><label>Username:</label> <input type="text" placeholder="Enter a unique Username" name="username" required [A-Za-z0-9] value="<?php if(isset($_POST['username'])) { echo htmlentities($_POST['username']); }?>"></center> </div> <div class="form-group"> <center><label>Password:</label> <input type="password" placeholder="Enter a new Password" name="password" required [A-Za-z0-9]></center> </div> <div class="form-group"> <center><label>Repeat Password:</label> <input type="password" placeholder="Repeat a new Password" name="password_confirmation" required [A-Za-z0-9]></center> </div> <div class="form-group"> <center><label>First Name:</label> <input type="text" placeholder="Enter your First Name" name="first_name" required [A-Za-z] value="<?php if(isset($_POST['first_name'])) { echo htmlentities($_POST['first_name']); }?>"></center> </div> <div class="form-group"> <center><label>Surname:</label> <input type="text" placeholder="Enter your Surname" name="surname" required [A-Za-z] value="<?php if(isset($_POST['surname'])) { echo htmlentities($_POST['surname']); }?>"></center> </div> <div class="form-group"> <center><label>Gender:</label> <input type="radio" name="gender" value="male" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Male<input type="radio" name="gender" value="female" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Female</center> </div> <div class="form-group"> <center><label>Email:</label> <input type="email" placeholder="Enter your Email" name="email" required [A-Za-z0-9] value="<?php if(isset($_POST['email'])) { echo htmlentities($_POST['email']); }?>"></center> </div> <div class="form-group"> <center><label>Repeat Email:</label> <input type="email" placeholder="Repeat your Email" name="email_confirmation" required [A-Za-z0-9] value="<?php if(isset($_POST['email_confirmation'])) { echo htmlentities($_POST['email_confirmation']); }?>"></center> </div> <center><button type="submit" class="btn btn-default" name="submit">Register!</button></center> <center><font color="red" size="3"><b>Already have an account ?</b><br><a href="login.php">Login here!</a></font></center> </form> </div> </body> </html>

I'm curious to get opinions on using strip_tags() for fields that will be encrypted in a database. I often see websites that say "choose a password that contains X certain characters but not Z other characters." And I got curious. Let's say there's a registration form where a new user creates a username and password, and the server will store the password as ... sha1( $user_entered_value ) ... or some other sort of hashed/encrypted string. In this case, why would it ever matter that a user had entered <div> or some other such text in their password? The password will only ever be hashed into something before it is matched... so why would you bother stripping tags? Why bother preventing any "special" characters? Thoughts?

Hi Guys I am fairly new to php, I am trying to build a registration form but I am struggling with encrypting the password (I will also be salting the password at a later stage to make it more secure). The below line of code encrypts the password but saves the values as the values states in the code e.g password saves as 'pass' $q = "INSERT INTO users (first_name,last_name,email,pass,registration_date) VALUES ('first_name','last_name','email', SHA1('pass'), NOW())"; The below code saves all the values that the user inputs xcept the password which is blank and the message 'Undefined index: SHA1('pass')' is returned $q = "INSERT INTO users (first_name,last_name,email,pass,registration_date) VALUES ('".$_POST["first_name"]."','".$_POST["last_name"]."','".$_POST["email"]."','".$_POST["SHA1('pass')"]."', NOW())"; I am hoping someone may be able to help me as I have no idea how to fix this. Thank you in advance