Jump to content

[SOLVED] php help - mcrypt error?

flemingmike

By flemingmike
in PHP Coding Help

 Share

Recommended Posts

flemingmike Advanced Member

flemingmike

Posted
Posted

hi all, im having a problem while trying to signup to my site.

 

here is the error message im recieveing. (everything else on the site is working)

 

Warning: mcrypt_generic() [function.mcrypt-generic]: An empty string was passed in /home/content/m/a/s/mash905/html/nfl/includes/classes/crypto.php on line 69

 

Warning: Cannot modify header information - headers already sent by (output started at /home/content/m/a/s/mash905/html/nfl/includes/classes/crypto.php:69) in /home/content/m/a/s/mash905/html/nfl/signup.php on line 55

 

 

if i can provide any further info, please let me know what to provide.

 

thanks.

mike

Link to comment
Share on other sites
mikesta707 Member

mikesta707

Posted
Posted

post your code? but you seem to be passing an empty string into the mcrypt function... if you read the error code. check to make sure the string you are passing into the function is populated with data. try echoing before you call the function.

 

as far as the header error, its completely unrelated, and caused because you are outputting something before the call. The header must be sent before any output (basically before any echos, and before the body tag of your HTML)

Link to comment
Share on other sites
flemingmike Advanced Member

flemingmike

Posted
  • Author
Posted

here is line 55 from signup:

 

header('Location: login.php');

 

here is line 69-81 from crypt0:

 

{

      /*

        the iv must remain the same from encryption to decryption and is usually

        passed into the encrypted string in some form, but not always.

      */

      die('In order to use encryption modes other then ecb, you must specify a unique and consistent initialization vector.');

    }

Link to comment
Share on other sites
flemingmike Advanced Member

flemingmike

Posted
  • Author
Posted

sorry about that, here is signup.php

 

<?php
require('includes/application_top.php');
require('includes/classes/crypto.php');
include('includes/classes/class.formvalidation.php');
include('includes/classes/class.phpmailer.php');

if (!$allow_signup) {
header('location: login.php?signup=no');
exit;
}

if (isset($_POST['submit'])) {

$my_form = new validator;
$mail = new PHPMailer();

if($my_form->checkEmail($_POST['email'])) { // check for good mail

	if ($my_form->validate_fields('firstname,lastname,email,username,password')) { // comma delimited list of the required form fields
		if ($_POST['password'] == $_POST['password2']) {
			//create new user, disabled
			$username = mysql_real_escape_string(str_replace(' ', '_', $_POST['username']));
			$sql = "SELECT userName FROM " . $db_prefix . "users WHERE userName='".$username."';";
			$result = mysql_query($sql);
			if(mysql_numrows($result) > 0){
				$display = '<div class="responseError">User already exists, please try another username.</div><br/>';
			} else {
				$sql = "SELECT email FROM " . $db_prefix . "users WHERE email='".$email."';";
				$result = mysql_query($sql);
				if(mysql_numrows($result) > 0){
					$display = '<div class="responseError">Email address already exists.  If this is your email account, please log in or reset your password.</div><br/>';
				} else {
					$crypto = new phpFreaksCrypto;
					$salt = substr($crypto->encrypt((uniqid(mt_rand(), true))), 0, 10);
					$secure_password = $crypto->encrypt($salt . $crypto->encrypt($password));
					$sql = "INSERT INTO " . $db_prefix . "users (userName, password, salt, firstname, lastname, email, status) 
						VALUES ('".$username."', '".$secure_password."', '".$salt."', '".$firstname."', '".$lastname."', '".$email."', 1);";
					mysql_query($sql) or die(mysql_error());

					//send confirmation email
					$mail->IsHTML(true);

					$mail->From = $user->email; // the email field of the form
					$mail->FromName = 'NFL Pick \'Em Admin'; // the name field of the form

					$mail->AddAddress($_POST['email']); // the form will be sent to this address
					$mail->Subject = 'NFL Pick \'Em Confirmation'; // the subject of email

					// html text block
					$mail->Body = '<p>Thank you for signing up for the NFL Pick \'Em Pool.  Please click the below link to confirm your account:<br />' . "\n" . 
					$siteUrl . 'signup.php?confirm=' . $crypto->encrypt($username) . '</p>';

					//$mail->Send();

					header('Location: login.php');
				}
			}
		} else {
			$display = '<div class="responseError">Passwords do not match, please try again.</div><br/>';
		}
	} else {
		$display = str_replace($_SESSION['email_field_name'], 'Email', $my_form->error);
		$display = '<div class="responseError">' . $display . '</div><br/>';
	}
} else {
	$display = '<div class="responseError">There seems to be a problem with your email address, please check.</div><br/>';
}
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>NFL Pick 'Em Signup</title>
<link href="includes/css/main.css" rel="stylesheet" type="text/css" media="screen" />
<link rel="shortcut icon" href="favicon.ico" type="image/x-icon" />
</head>

<body>
<style>
body {
	width: 550px;
}
#login {
	margin: 20px auto;
}
</style>
<div id="login">
<table>
	<tr valign="top">
		<td><img src="images/logos/nfl-logo.png" /></td>
		<td> </td>
		<td>
			<h1>NFL Pick 'Em Signup</h1>
			<?php 
				if(isset($display)) {
					echo $display;
				}
			?>
			<form action="signup.php" method="post" name="addnewuser">	
				<fieldset>
				<legend style="font-weight:bold;">Sign Up</legend>
					<table cellpadding="3" cellspacing="0" border="0">
						<tr><td>First Name:</td><td><input type="text" name="firstname" value="<?php echo $_POST['firstname']; ?>"></td></tr>
						<tr><td>Last Name:</td><td><input type="text" name="lastname" value="<?php echo $_POST['lastname']; ?>"></td></tr>
						<tr><td>Email:</td><td><input type="text" name="email" value="<?php echo $_POST['email']; ?>" size="30"></td></tr>
						<tr><td>User Name:</td><td><input type="text" name="username" value="<?php echo $_POST['username']; ?>"></td></tr>
						<tr><td>Password:</td><td><input type="password" name="password" value=""></td></tr>
						<tr><td>Confirm Password:</td><td><input type="password" name="password2" value=""></td></tr>
						<tr><td> </td><td><input type="submit" name="submit" value="Submit"></td></tr>
					</table>
				</fieldset>
			</form>
		</td>
	</tr>
</table>
<?php
include('includes/footer.php');
?>

 

 

here is crypto.php

 

<?php



/*

* crypto.php -> phpFreaksCrypto Class (PHP4)

* http://www.phpfreaks.com/tutorials/128/1.php

*/



/**

  * @author Dustin Whittle

  * @version 0.01

  */



if (realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME']))

{

  // tell people trying to access this file directly goodbye...

  exit('This file can not be accessed directly...');

}



class phpFreaksCrypto

{



  var $td;



  // this gets called when class is instantiated

  function phpFreaksCrypto($key = 'a843l?nv89rjfd}O(jdnsleken0', $iv = false, $algorithm = 'tripledes', $mode = 'ecb')

  {



    if(extension_loaded('mcrypt') === FALSE)

    {

      $prefix = (PHP_SHLIB_SUFFIX == 'dll') ? 'php_' : '';

      dl($prefix . 'mcrypt.' . PHP_SHLIB_SUFFIX) or die('The Mcrypt module could not be loaded.');

    }



    if($mode != 'ecb' && $iv === false)

    {

      /*

        the iv must remain the same from encryption to decryption and is usually

        passed into the encrypted string in some form, but not always.

      */

      die('In order to use encryption modes other then ecb, you must specify a unique and consistent initialization vector.');

    }



    // set mcrypt mode and cipher

    $this->td = mcrypt_module_open($algorithm, '', $mode, '') ;



    // Unix has better pseudo random number generator then mcrypt, so if it is available lets use it!

    //$random_seed = strstr(PHP_OS, "WIN") ? MCRYPT_RAND : MCRYPT_DEV_RANDOM;

    $random_seed = MCRYPT_RAND;



    // if initialization vector set in constructor use it else, generate from random seed

    $iv = ($iv === false) ? mcrypt_create_iv(mcrypt_enc_get_iv_size($this->td), $random_seed) : substr($iv, 0, mcrypt_enc_get_iv_size($this->td));



    // get the expected key size based on mode and cipher

    $expected_key_size = mcrypt_enc_get_key_size($this->td);



    // we dont need to know the real key, we just need to be able to confirm a hashed version

    $key = substr(md5($key), 0, $expected_key_size);



    // initialize mcrypt library with mode/cipher, encryption key, and random initialization vector

    mcrypt_generic_init($this->td, $key, $iv);

  }



  function encrypt($plain_string)

  {

    /*

      encrypt string using mcrypt and then encode any special characters

      and then return the encrypted string

    */

    return base64_encode(mcrypt_generic($this->td, $plain_string));

  }



  function decrypt($encrypted_string)

  {

    /*

      remove any special characters then decrypt string using mcrypt and then trim null padding

      and then finally return the encrypted string

    */

    return trim(mdecrypt_generic($this->td, base64_decode($encrypted_string)));

  }



  // since php 4 does not have deconstructors, we will need to manually call this function

  function __destruct()

  {

    // shutdown mcrypt

    mcrypt_generic_deinit($this->td);



    // close mcrypt cipher module

    mcrypt_module_close($this->td);

  }



}

?>

 

if you need any other files, let me know.

 

thx.

Link to comment
Share on other sites
mikesta707 Member

mikesta707

Posted
Posted

in this area of code

if ($_POST['password'] == $_POST['password2']) {
            //create new user, disabled
            $username = mysql_real_escape_string(str_replace(' ', '_', $_POST['username']));

 

you never seem to set the $password variable, which is what you are passing into the encrypt function. try doing this

 

if ($_POST['password'] == $_POST['password2']) {
            //create new user, disabled
            $username = mysql_real_escape_string(str_replace(' ', '_', $_POST['username']));
            $password = $_POST['password'];

 

and it should work. by the way you are encrypting your password twice. Wasn't sure if you were aware or not just letting you know.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.