andy_b_1502 Posted June 6, 2012 Share Posted June 6, 2012 Hi all, I am using update to SET fields in mySQL table, my question is; do i have to update hash/salt as well as password or can i just update password as hash and salt are unique? The path goes like this: index.php > login.php > view01.php?id= > view02.php > ^ <<< < < <back to view01.php view01.php: <?PHP session_start(); if(!isset($_SESSION['id']) || !isset($_SESSION['valid_user']) || $_SESSION['valid_user'] != "yes") { $_SESSION = array(); session_destroy(); header("Location: index.php"); exit(); } include ('php only scripts/db.php'); $id = $_GET['id']; $query ="SELECT * FROM companies WHERE id = '$id'"; $result = mysql_query($query) or die(mysql_error()); $row = mysql_fetch_array($result); ?> <!DOCTYPE html> <head> <title>Removalspace.com</title> <style type="text/css"> <!-- body { background-image: url(styles/downloaded%20styles/todo/todo/images/bg.png); } --> </style> <link href="styles/downloaded styles/todo/todo/css/style.css" rel="stylesheet" type="text/css" /> <link rel="stylesheet" type="text/css" href="styles/downloaded styles/todo/todo/css/style9.css" /> <link rel="stylesheet" type="text/css" href="styles/downloaded styles/todo/todo/css/demo.css" /> <link href='http://fonts.googleapis.com/css?family=Terminal+Dosis' rel='stylesheet' type='text/css' /> <style type="text/css"> <!-- .Stile1 {color: #333333} --> </style> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-31656176-1']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> </head> <body> <!--start container --> <div id="container"> <header> <nav> <div id="logo"><a href="index.php"><img src="images/header2.png" alt="Logo here" width="219" height="161" /></a> </div> <div id="search-top"><img src="styles/downloaded styles/todo/todo/images/quote-right.png" alt="images" /><span class="cursive">Enter your postcode here</span><img src="styles/downloaded styles/todo/todo/images/quote-left.png" alt="images" /> <form method="post" action="search.php"> <input type="text" name="strSearch" onFocus="if(this.value=='Search Area')this.value='';" onBlur="if(this.value=='')this.value='Search Area';" value="Search Area" id="search-field"/> <input type="submit" value="" id="search-btn"/> </form> </div> <div id="nav_social"><a href="http://www.facebook.com/pages/Removalspace/181434181939226"><img src="styles/downloaded styles/todo/todo/images/facebook_32.png" alt="Become a fan" width="32" height="32" /></a><a href="#"><img src="styles/downloaded styles/todo/todo/images/twitter_32.png" alt="Follows on Twitter" /></a><a href="id=183427956&trk=tab_pro"><img src="styles/downloaded styles/todo/todo/images/linkedin_32.png" alt="Linked in" /></a><a href="contact.php"><img src="styles/downloaded styles/todo/todo/images/email_32.png" alt="Contact" width="32" height="32" /></a><!-- Place this tag where you want the +1 button to render --> <g:plusone size="small" annotation="inline"></g:plusone> <!-- Place this render call where appropriate --> <script type="text/javascript"> (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })(); </script> </div> </nav> </header> <p><figure><a href="removals.php">Search Removals</a></figure> |</p> <p><figure><a href="storage.php">Search Storage</a></figure> |</p> <p><figure><a href="register00.php">Add Listing</a></figure> |</p> <p><figure><a href="about.php">About</a></figure> |</p> <p><figure><a href="contact.php">Contact</a></figure> |</p> <p><figure><a href="login00.php">Login</a></figure></p> <div class="content"> <!--star main --> <main></main> <!--end main --> <!--start middle --> <middle> <div class="section_slogan"><table> <tr> <td valign="top"><div class="abox"> <figure> <fcapion> <h1><img src="images/thumbs/<?PHP echo $row['upload']; ?>" alt="logo"/></h1> </fcaption></figure></div></td> <td valign="top"> <div class="abox"> <figure> <fcapion> <h1><?PHP echo $row['street1'] . "<br>" . $row['street2'] . "<br>" . $row['city'] . "," . $row['postcode'] . "<br>phone: " . $row['phone'] . "<br>email: " . $row['email'] . "<br>website: " . $row['website'] ; ?></h1> </fcaption></figure> </div> </td> </tr> <tr> <td><div class="abox"> <figure> <fcapion> <h1><?PHP echo nl2br($row['premiumuser_description']); ?></h1> </fcaption></figure> </div></td> </tr></table> <?PHP /* create an email validation function */ function validateEmailAddress($email) { return filter_var($email, FILTER_VALIDATE_EMAIL) && preg_match('/@.+\./', $email); } /** * CALLBACK - determine if the provided postcode is valid. * * @param string $postcode * @return bool TRUE if valid, FALSE otherwise * @author George Edwards */ function is_valid_uk_postcode($postcode) { $pattern = "/^([A-PR-UWYZ0-9][A-HK-Y0-9][AEHMNPRTVXY0-9]?[ABEHMNPRVWXY0-9]? {1,2}[0-9][ABD-HJLN-UW-Z]{2}|GIR 0AA)$/"; if (preg_match($pattern, $postcode)) { return TRUE; } $this->validation->set_message('is_valid_uk_postcode', 'That is not a valid %s.'); return FALSE; } /* FUNCTION TO CREATE SALT */ function createSalt() { $string = md5(uniqid(rand(), true)); return substr($string, 0, 3); } /* check if form was submitted */ if (isset($_POST['Submit'])){ $error_message = ""; /* This is the directory where images will be saved */ $target = "/home/users/web/b109/ipg.removalspacecom/images/COMPANIES/"; $target = $target . basename( $_FILES['upload']['name']); /* include validation script */ include ('php only scripts/validation.php'); $uploadDir = 'images/COMPANIES'; /* main picture folder */ $max_height = 450; /* largest height you allowed; 0 means any */ $max_width = 450; /* largest width you allowed; 0 means any */ $max_file = 2000000; /* set the max file size in bytes */ $image_overwrite = 1; /* 0 means overwite; 1 means new name */ /* add or delete allowed image types */ $allowed_type01 = array( "image/gif", "image/pjpeg", "image/jpeg", "image/png", "image/x-png", "image/jpg"); $do_thumb = 1; /* 1 make thumbnails; 0 means do NOT make */ $thumbDir = "/images/thumbs"; /* thumbnail folder */ $thumb_prefix = ""; /* prefix for thumbnails */ $thumb_width = 90; /* max thumb width */ $thumb_height = 70; // max thumb height //Writes the photo to the server if(move_uploaded_file($_FILES['upload']['tmp_name'], $target)) { /* HERE IS WHERE WE WILL DO THE ACTUAL RESIZING */ /* THESE SIX PARAMETERS MAY BE CHANGED TO SUIT YOUR NEEDS */ $upload = $_FILES['upload']['name']; $o_path ="images/COMPANIES/"; $s_path = "images/thumbs/"; $file = $upload; $save = $file; $t_w = 200; $t_h = 150; /* DO NOT CHANGE THIS NEXT LINE */ Resize_Image($save,$file,$t_w,$t_h,$s_path,$o_path); }else{ //Gives and error if its not $error_message .= "Sorry, there was a problem uploading your file."; } /* PREPARE DATA FOR INSERTION INTO TABLE */ //Writes the information to the database if(strlen(trim($error_message)) <1){ $salt = createsalt(); $username = trim($_POST['username']); $password = trim($_POST['password']); $hash = hash('sha256', $salt, $password); $approved = 0; $company_name = mysql_real_escape_string(trim($_POST['company_name'])); $website = mysql_real_escape_string(trim($_POST['website'])); $contact_name = mysql_real_escape_string(trim($_POST['contact_name'])); $location = mysql_real_escape_string(trim($_POST['location'])); $postcode = mysql_real_escape_string(trim($_POST['postcode'])); $street1 = mysql_real_escape_string(trim($_POST['street1'])); $street2 = mysql_real_escape_string(trim($_POST['street2'])); $city = mysql_real_escape_string(trim($_POST['city'])); $phone = mysql_real_escape_string(trim($_POST['phone'])); $phone2 = mysql_real_escape_string(trim($_POST['phone2'])); $email = mysql_real_escape_string(trim($_POST['email'])); $premiumuser_description = mysql_real_escape_string(trim($_POST['premiumuser_description'])); $salt = mysql_real_escape_string($salt); $upload = mysql_real_escape_string($upload); $query ="INSERT INTO `companies` (company_name, what_services, website, contact_name, location, postcode, street1, street2, city, phone,phone2, email, premiumuser_description, username, password, salt, approved, upload) VALUES ('$company_name', '$what_services', '$website', '$contact_name', '$location', '$postcode', '$street1', '$street2', '$city', '$phone', '$phone2', '$email', '$premiumuser_description', '$username', '$hash', '$salt', '$approved', '$upload')"; $result = mysql_query($query) or die(mysql_error()); if ($result) { } /* at this point we can send an email to the admin as well as the user. DO NOT send the user's password to ANYONE!!!! */ } }//if (isset($_POST['submit'])) ?> <?php if (!empty($error_message)){ echo $error_message; } ?> <hr> <form action="view02.php" method="get" enctype="multipart/form-data" class="cursive"> <table width="316" border="0"> <tr> <td colspan="2"><h1>Edit Your details </h1><p>fill out the form with your details...</p></td> </tr> <tr> <td> </td> <td><p> </p> <p>Click submit to update...</p><p> </p></td> </tr> <tr> <td> </td> <td><p> </p><p></p><p><input type="hidden" name="id" value="<?php echo $row['id']; ?>"/><p> </p></td> </tr> <tr> <td>Website:</td> <td><p> </p><p><input name="website" type="text" id="website" /></p> <p> </p></td> </tr> <tr> <td>Primary Number:</td> <td><p> </p><p><input name="phone" type="text" id="phone" /></p> <p> </p></td> </tr> <tr> <td>Secondary Number:</td> <td><p> </p> <p><input name="phone2" type="text" id="phone2" /></p> <p> </p></td> </tr> <tr> <td>Company Description:</td> <td><p><em>Write a description of what your company does, the services it offers and any additional information here.</em> </p> <p><textarea rows="10" cols="100" name="premiumuser_description" id="premiumuser_description"></textarea></p> <p> </p></td> </tr> <tr> <td>Username:</td> <td><p> </p> <p><input name="username" type="text" id="username" /></p> <p> </p></td> </tr> <tr> <td>Password:</td> <td><p> </p> <p><input name="password" type="text" id="password" /></p> <p> </p></td> </tr> <tr> <td> </td> </tr> <tr> <td colspan="2"><input type="submit" name="submit" value="submit" /></td> </tr> </table> </form> </div> </middle> </div> <!--end middle --> <!--start footer --> <footer> <div id="footer"></div> </footer> <!--end footer --> </div> <!--end container --> <!-- Free template distributed by http://freehtml5templates.com --> </body> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js"></script> </html> view02.php: <?PHP session_start(); include ('php only scripts/db.php'); $setArray = array(); $setstr = ''; $id = intval($_GET['id']); if (isset($_GET['website']) && $_GET['website']) { $website = mysql_real_escape_string($_GET['website']); $setArray[] = "website = '$website'"; } if (isset($_GET['phone']) && $_GET['phone']) { $phone = mysql_real_escape_string($_GET['phone']); $setArray[] = "phone = '$phone'"; } if (isset($_GET['phone2']) && $_GET['phone2']) { $phone2 = mysql_real_escape_string($_GET['phone2']); $setArray[] = "phone2 = '$phone2'"; } if (isset($_GET['premiumuser_description']) && $_GET['premiumuser_description']) { $premiumuser_description = mysql_real_escape_string($_GET['premiumuser_description']); $setArray[] = "premiumuser_description = '$premiumuser_description'"; } if (isset($_GET['username']) && $_GET['username']) { $website = mysql_real_escape_string($_GET['username']); $setArray[] = "username = '$username'"; } if (isset($_GET['password']) && $_GET['password']) { $website = mysql_real_escape_string($_GET['password']); $setArray[] = "password = '$password'"; } if (count($setArray) > 0) { $setstr = join (', ', $setArray); $query = "UPDATE companies SET $setstr WHERE id = $id"; mysql_query($query); } header("Location: view01.php?id=" . $id); exit(0); ?> I have already used update to update the password but what about salt/hash iv'e got? Many thanks in advance Link to comment https://forums.phpfreaks.com/topic/263766-update-set-password/ Share on other sites More sharing options...
andy_b_1502 Posted June 6, 2012 Author Share Posted June 6, 2012 i have just tried this out (changed the password of my log in) it seems i do need to update everything password, hash and salt. how should i write the update query? something like: if (isset($_GET['password']) && $_GET['password']) { $password= mysql_real_escape_string($_GET['password']); $setArray[] = "password = '$password'"; } if (isset($_GET['hash']) && $_GET['hash']) { $hash= mysql_real_escape_string($_GET['hash']); $setArray[] = "hash= '$hash'"; } little help if any of you guys have any? Link to comment https://forums.phpfreaks.com/topic/263766-update-set-password/#findComment-1351680 Share on other sites More sharing options...
Skewled Posted June 6, 2012 Share Posted June 6, 2012 I would just use SHA: SHA('$password') Then for the update you just apply SHA('$password') to update the password in the database. <?php if (isset($_GET['password']) && $_GET['password']) { // These are the same so you'd need to make them different if your comparing the password to ensure they entered it correctly ex: $_GET['password1'] for another field in your form $password= mysql_real_escape_string($_GET['password']); // This is fine if the 2 values above are first compared $setArray[] = "password = SHA('$password')"; // If they are compared and validation checks out then just do the query to update the password here.. } ?> EDIT: $query ="INSERT INTO `companies` (company_name, what_services, website, contact_name, location, postcode, street1, street2, city, phone,phone2, email, premiumuser_description, username, password, salt, approved, upload) VALUES ('$company_name', '$what_services', '$website', '$contact_name', '$location', '$postcode', '$street1', '$street2', '$city', '$phone', '$phone2', '$email', '$premiumuser_description', '$username', 'SHA($password)', '$salt', '$approved', '$upload')"; Link to comment https://forums.phpfreaks.com/topic/263766-update-set-password/#findComment-1351690 Share on other sites More sharing options...
andy_b_1502 Posted June 6, 2012 Author Share Posted June 6, 2012 will that still work though as when the user registers it uses hash/salt for passwords? I'll test it now, thanks. Link to comment https://forums.phpfreaks.com/topic/263766-update-set-password/#findComment-1351693 Share on other sites More sharing options...
Skewled Posted June 6, 2012 Share Posted June 6, 2012 And I just realized I didn't answer your question grr. I am using update to SET fields in mySQL table, my question is; do i have to update hash/salt as well as password or can i just update password as hash and salt are unique? If they are unique and compared on a login.php type script then yes you will need to generate both of them just like it's done at sign up time. function createSalt() { $string = md5(uniqid(rand(), true)); return substr($string, 0, 3); } $hash = hash('sha256', $salt, $password); But from the login side I don't know how it's being compared. Link to comment https://forums.phpfreaks.com/topic/263766-update-set-password/#findComment-1351696 Share on other sites More sharing options...
andy_b_1502 Posted June 6, 2012 Author Share Posted June 6, 2012 that works perfectly! i was just a bit confused there, many thanks!!! Link to comment https://forums.phpfreaks.com/topic/263766-update-set-password/#findComment-1351697 Share on other sites More sharing options...
Skewled Posted June 6, 2012 Share Posted June 6, 2012 Your most welcome bud! Link to comment https://forums.phpfreaks.com/topic/263766-update-set-password/#findComment-1351698 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.