forumnz Posted January 2, 2007 Share Posted January 2, 2007 Does anyone know how to put "base64_encode" into this script to encrypt the password?Script:[code]<?php session_start(); $con = mysql_connect("localhost","$$$","###"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("my_db", $con);if( isset($_POST['Submit']) ) { //Store/validate/escape $password = $_POST['password']; $email = $_POST['email']; $area = $_POST['area']; $phone = $_POST['phone']; $age = $_POST['age']; $message = $_POST['message']; //Reset unset($_POST); $id = $_SESSION['userid']; $query = "UPDATE members SET password='$password', email='$email', area='$area', phone='$phone', age='$age', message='$message' WHERE id='$id'"; mysql_query($query); //echo "$query\n\n"; if( mysql_errno() ) { echo "\n\nERROR: " . mysql_error(); }} $valid = false; if( isset($_SESSION['userid']) ) { //do whatever appropriate validation is necessary on id //if we encounter errors abort? $id = $_SESSION['userid']; //No errors... proceed //connect to database $query = "SELECT password, email, area, phone, age, message FROM members WHERE id = '$id'"; //echo "$query\n\n"; $result = mysql_query($query); if( mysql_errno() ) { echo "\n\nERROR: " . mysql_error(); } $row = mysql_fetch_row($result); $password = ""; //echo "PASSWORD: $password\n"; $email = ""; //echo "EMAIL: $email\n"; $area = ""; //echo "AREA: $area\n"; $phone = ""; //echo "PHONE: $phone\n"; $age = ""; //echo "AGE: $age\n"; $message = ""; //echo "MESSAGE: $message\n"; if( $row ) { $valid = true; $password = $row[0]; $email = $row[1]; $area = $row[2]; $phone = $row[3]; $age = $row[4]; $message = $row[5]; } else { //Invalid username... handle error appropriately $valid = false; } //disconnect from database } else { //ERROR - Not logged in.... //Redirect to login page? $valid = false; } if( !$valid ) { //Errors, redirect.... }?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><title>Page to test</title></head><body><p>Edit Profile</p><form id="form1" name="form1" method="post" action="edit.php"><p>Password : <?php echo "<input name=\"password\" type=\"password\" id=\"password\" value=\"$password\" />\n"; ?> <!--Confirm Password : //<input name="password" type="text" id="password" />--></p><p>Email Address : <?php echo "<input name=\"email\" type=\"text\" id=\"email\" value=\"$email\" />\n"; ?></p><p>Area : <?php echo "<input name=\"area\" type=\"text\" id=\"area\" value=\"$area\" />\n"; ?></p><p>Phone Number :<?php echo "<input name=\"phone\" type=\"text\" id=\"phone\" value=\"$phone\" />\n"; ?> </p><p>Age : <?php echo "<input name=\"age\" type=\"text\" id=\"age\" value=\"$age\" />\n";?></p><p>Personal Message : <?php echo "<textarea name=\"message\" id=\"message\">$message</textarea>\n"; ?></p><p> <label> <input type="submit" name="Submit" value="Go!" /> </label></p></form><p> </p></body></html>[/code] Link to comment https://forums.phpfreaks.com/topic/32625-base64_encode/ Share on other sites More sharing options...
Philip Posted January 2, 2007 Share Posted January 2, 2007 Make sure to clean your variables so you dont have SQL injections.You're probably going to want to do this after you clean the variables:$password = base64_encode($_POST['password']); Link to comment https://forums.phpfreaks.com/topic/32625-base64_encode/#findComment-151786 Share on other sites More sharing options...
forumnz Posted January 2, 2007 Author Share Posted January 2, 2007 What do you mean by that - sorry Im quite new to PHP Link to comment https://forums.phpfreaks.com/topic/32625-base64_encode/#findComment-151790 Share on other sites More sharing options...
Philip Posted January 3, 2007 Share Posted January 3, 2007 It's pretty important. People can easily read your information stored in the database if you're not careful. Try reading about it here. I know there are plenty of other topics about this on the forum.http://www.phpfreaks.com/forums/index.php/topic,110976.0.html--And for the other thing what I meant (I wasnt clear, sorry) was to replace$password = $_POST['password'];with $password = base64_encode($_POST['password']);That will make $password the encrypted password. Link to comment https://forums.phpfreaks.com/topic/32625-base64_encode/#findComment-151792 Share on other sites More sharing options...
forumnz Posted January 3, 2007 Author Share Posted January 3, 2007 Ok thanks, I managed to get that going and I will clean up the script pretty soon but now i have another problem.This script is for someone to edit their profile...I have made it so that nothing shows up in the password box, but now when the user resubmits their information, the database is edited and they now dont have a password.What can I do to prevent the password to be sent if they dont want to change it? Link to comment https://forums.phpfreaks.com/topic/32625-base64_encode/#findComment-151799 Share on other sites More sharing options...
forumnz Posted January 3, 2007 Author Share Posted January 3, 2007 anyone? Link to comment https://forums.phpfreaks.com/topic/32625-base64_encode/#findComment-151803 Share on other sites More sharing options...
forumnz Posted January 3, 2007 Author Share Posted January 3, 2007 please help? Link to comment https://forums.phpfreaks.com/topic/32625-base64_encode/#findComment-151815 Share on other sites More sharing options...
MCP Posted January 3, 2007 Share Posted January 3, 2007 [code]if (strlen($_POST['password'])==0){ mysql_query("some query that doesn't do password update");} else { mysql_query("some query that does a password update");}[/code]that's the way most sites do it, I gather. Link to comment https://forums.phpfreaks.com/topic/32625-base64_encode/#findComment-151885 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.