eaglelegend Posted May 25, 2008 Share Posted May 25, 2008 Hey, I am trying to get my files a little bit safer, and less security holes, however, md5 dont like it, look... Warning: md5() expects parameter 1 to be string, array given in /misc/39/000/171/334/2/user/web/eaglelegend.com/register.php on line 6 Warning: md5() expects parameter 1 to be string, array given in /misc/39/000/171/334/2/user/web/eaglelegend.com/register.php on line 7 here is register, however, for your conveniance, I have not inclided the actual form where you "sighn up", just the code. <?php include("header.php"); ?> <?php $username = strip_tags(stripslashes($_POST)); $password = strip_tags(stripslashes(md5($_POST))); $password_confirm = strip_tags(stripslashes(md5($_POST))); $email = strip_tags(stripslashes($_POST)); $sql = mysql_query("UPDATE members SET ip ='{$_SERVER['REMOTE_ADDR']}' WHERE username='$username' LIMIT 1"); if($username && $password && $password_confirm && $email) { Function RemoveXSS($val) { $val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val); $search = 'abcdefghijklmnopqrstuvwxyz'; $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $search .= '1234567890!@#$%^&*()'; $search .= '~`";:?+/={}[]-_|\'\\'; for ($i = 0; $i < strlen($search); $i++) { $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); $val = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); } $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base'); $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); $ra = array_merge($ra1, $ra2); $found = true; while ($found == true) { $val_before = $val; for ($i = 0; $i < sizeof($ra); $i++) { $pattern = '/'; for ($j = 0; $j < strlen($ra[$i]); $j++) { if ($j > 0) { $pattern .= '('; $pattern .= '(&#[xX]0{0,8}([9ab])'; $pattern .= '|'; $pattern .= '|(�{0,8}([9|10|13])'; $pattern .= ')*'; } $pattern .= $ra[$i][$j]; } $pattern .= '/i'; $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); $val = preg_replace($pattern, $replacement, $val); if ($val_before == $val) { $found = false; } } } return $val; } $siteurl = preg_replace( "/[^a-zA-Z0-9s]/", "", $siteurl ); $check_user = mysql_num_rows(mysql_query("SELECT * FROM `members` WHERE `username`=\"$username\"")); $check_site = mysql_num_rows(mysql_query("SELECT * FROM `members` WHERE `url`=\"$siteurl\"")); if($check_user == 0) { if($password == $password_confirm) { $newpass = md5($password); $date = date("m/d/y"); $sql = mysql_query("SELECT * FROM `sites` WHERE `url`='$Z'"); while($r = mysql_fetch_array($sql)) { $money = $r["money"]; $points = $r["points"]; } $insert = mysql_query("INSERT INTO `members` (`admin`, `date`, `username`, `password`, `email`, `points`, `money`) VALUES('0', '$date', \"$username\", \"$newpass\", \"$email\", '$points', '$money')"); $sql = mysql_query("UPDATE members SET ip ='{$_SERVER['REMOTE_ADDR']}' WHERE username='$username' LIMIT 1"); if($insert) { print "<h2>Congratulations!</h2><p> You are now a registered member of this site!<p> Username: $username<br> Password: $password<p> You can login using the form to the right!"; } else { print mysql_error(); } } else { print "<p>Passwords do not match!</p>"; } } else { if($check_user > 0) { print "<p>That username already exists!</p>"; } } } else { ?> Link to comment https://forums.phpfreaks.com/topic/107202-solved-md5-argument/ Share on other sites More sharing options...
.josh Posted May 25, 2008 Share Posted May 25, 2008 The error tells you the problem. $_POST is an array of all your posted variables. md5 expects a string. You need to break it down to $_POST['blah'] etc.. one for each of your posted vars EG: $username = strip_tags(stripslashes($_POST['username'])); //assuming 'username' is the name of your form var $password = strip_tags(stripslashes(md5($_POST['password']))); // ditto on 'password' Link to comment https://forums.phpfreaks.com/topic/107202-solved-md5-argument/#findComment-549607 Share on other sites More sharing options...
eaglelegend Posted May 25, 2008 Author Share Posted May 25, 2008 oh I see, OH thanks for the other post, that you helped solve with me XD Link to comment https://forums.phpfreaks.com/topic/107202-solved-md5-argument/#findComment-549609 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.