Jump to content


Photo

information not being inserted into data base


  • Please log in to reply
6 replies to this topic

#1 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 05 July 2006 - 05:37 AM

I am sure that this is a simple error but I am kind of lost at this point. I will post the entire script and then below that will post the section that I am referring to

[code]<?php
include 'db.php';
$first_name = $_POST['first_name'];
$lastname_name = $_POST['last_name'];
$username = $_POST['username'];
$email_address = $_POST['email'];

$first_name = stripslashes($first_name);
$last_name = stripslashes($last_name);
$username = stripslashes($username);
$email_address = stripslashes($email);

# Any errors in the posted fields? Lets check...
if((!$first_name) || (!$last_name) || (!$email) || (!$username)){
	echo 'You did not submit the following required information! <br/>';
if(!$first_name){
	echo '<font id=UserNameRed />First name <font id=UserPanelText />is a required field. Please enter it below. <br/>';
}
if(!$last_name){
	echo '<font id=UserNameRed />Last name <font id=UserPanelText />is a required field. Please enter it below. <br/>';
}
if(!$email){
	echo '<font id=UserNameRed />Email address <font id=UserPanelText />is a required field. Please enter it below. <br/>';
}
if(!$username){
	echo '<font id=UserNameRed />Username <font id=UserPanelText />is a required field. Please enter it below. <br/>';
}
include("../join.php");
exit();
}

$sql_email_check = mysql_query("SELECT email FROM users WHERE email='$email'");
$sql_username_check = mysql_query("SELECT username FROM users WHERE username='$username'");
 
$email_check = mysql_num_rows($sql_email_check);
$username_check = mysql_num_rows($sql_username_check);
 
if(($email_check > 0) || ($username_check > 0)){
	echo 'Please fix the following errors: <br/>';
	if($email_check > 0){
		echo '<strong>Your email address has already been used by another member in our database. Please use a different Email address!<br/>';
	unset($email);
}
if($username_check > 0){
	echo 'The username you have selected has already been used by another member in our database. Please choose a different Username!<br/>';
	unset($username);
}
include("../join.php"); // Show form again
exit();
}
 
function makeRandomPassword() { 
  $salt = "abchefghjkmnpqrstuvwxyz0123456789"; 
  srand((double)microtime()*1000000);  
      $i = 0; 
      while ($i <= 7) { 
            $num = rand() % 33; 
            $tmp = substr($salt, $num, 1); 
            $pass = $pass . $tmp; 
            $i++; 
      } 
      return $random_password; 
} 

$random_password = makeRandomPassword(); 

$db_password = md5($random_password);

 $sql = mysql_query("INSERT INTO users (first_name, last_name, email_address, username, password, signup_date,  

decrypted_password) 
        VALUES('$first_name', '$last_name', '$email_address', '$username', '$db_password', now(), '$random_password')") or die (mysql_error()); 

if(!$sql){ 
    echo 'There has been an error creating your account. Please contact the webmaster.'; 
} else { 
    $to = '$email_address';
    $subject = 'Your Membership at owpt.biz';
    $message = 'Dear $first_name $last_name, 
    You are now registered at our website, http://www.owpt.biz! 
     
    To activate your membership, please login here: http://www.owpt.biz/home/index.php 
     
    Once you activate your membership, you will be able to login with the following information: 
    Username: $username 
    Password: $random_password 
    Please keep this username and password in a location that is easily accessible by you. 
     
    Thanks! 
    WebMaster, Owpt.biz 
     
    This is an automated response, please do not reply!';
    $headers = "From: noreply@owpt.biz\r\n" .
       'X-Mailer: PHP/' . phpversion() . "\r\n" .
       "MIME-Version: 1.0\r\n" .
       "Content-Type: text/html; charset=utf-8\r\n" .
       "Content-Transfer-Encoding: 8bit\r\n\r\n";
    mail($to, $subject, $message, $headers)or die('something went wrong');
    echo 'Your membership information has been mailed to your email address! Please check it and follow the directions!'; 
} 
?>[/code]

And here is the part that I am having an issue with

[code]function makeRandomPassword() { 
  $salt = "abchefghjkmnpqrstuvwxyz0123456789"; 
  srand((double)microtime()*1000000);  
      $i = 0; 
      while ($i <= 7) { 
            $num = rand() % 33; 
            $tmp = substr($salt, $num, 1); 
            $pass = $pass . $tmp; 
            $i++; 
      } 
      return $random_password; 
} 

$random_password = makeRandomPassword(); 

$db_password = md5($random_password);
$decrypted_password = $random_password;
 $sql = mysql_query("INSERT INTO users (first_name, last_name, email_address, username, password, signup_date, decrypted_password) 
        VALUES('$first_name', '$last_name', '$email_address', '$username', '$db_password', now(), '$decrypted_password')") or die (mysql_error()); [/code]

The problem is with the decypted_password it is not being inserted into the database


Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#2 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 05 July 2006 - 05:51 AM

$db_password is being posted but not $decrypted_password

sorry was not clear as to what was being posted and what was not.

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#3 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 05 July 2006 - 05:57 AM

Your makeRandomPassword function doesnt return anything. Try...

return $pass;


#4 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 05 July 2006 - 05:58 AM

Out of curiosity, why would you want to store a decrypted version of the password?

There is no decryption going on. Just confusing variable and field names. You cannot decrypt an md5'd hash.

#5 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 05 July 2006 - 05:59 AM

Your makeRandomPassword function doesnt return anything. Try...

return $pass;


LOL I was looking at my post and realized that I had done that. :o

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#6 Mr.x

Mr.x
  • Members
  • PipPip
  • Member
  • 25 posts

Posted 05 July 2006 - 06:01 AM

Sorry wasn't clear, I meant like if your encrypting a copy of the password why would you want the original un-crypted password?

Would it decrease the security? (IE. Injections?)

#7 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 05 July 2006 - 06:02 AM

it is only for testing reasons. I am having some  difficulty with sending mail with mecury mail via php.

Once I get the issue solved I will no longer have a decrypted password option

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users