hhawkins Posted November 2, 2007 Share Posted November 2, 2007 I have recently taken over another developers work and have not had a ton of this type of indepth secure PHP and SQL coding. I have problem where the database/password that my pages are talking to are accepting special characters and my website page is not passing this correctly. I have been racking my brain and fingers trying to find the soltuion to no avail. Any help is greatly appreciated I think the problem is on this page/snippet that is doing the auth- private function makeuser($username,$password) { ///global $dbc; //DEBUG//$dbc->dbconn->query("INSERT debug set username='{$username}',password='{$password}',content='auth 4.5: making you a user by session'"); $_SESSION['node'] = $this->encrypt("user"); $_SESSION['username'] = $this->encrypt($username); $_SESSION['password'] = $this->encrypt($password); } private function encrypt($encrypt) { $key= $this->key; srand((double) microtime() * 1000000); //for sake of MCRYPT_RAND $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); $passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $encrypt, MCRYPT_MODE_ECB, $iv); $encode = base64_encode($passcrypt); return $encode; } private function decrypt($decrypt) { $key = $this->key; $decoded = base64_decode($decrypt); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_ECB, $iv); return $decrypted; } Or it could be this input page/snippet: function password($varname) { $var = $this->getvar($varname); $var = preg_replace("/[^A-Za-z0-9_, -]/", "", $var); $var = substr($var,0,54); return $var; } Quote Link to comment Share on other sites More sharing options...
fenway Posted November 2, 2007 Share Posted November 2, 2007 Why not use an encryption scheme that doesn't use non-printable characters? Or you could always base64-encoded it. Quote Link to comment Share on other sites More sharing options...
hhawkins Posted November 2, 2007 Author Share Posted November 2, 2007 Isn't that what I am doing on this line - $encode = base64_encode($passcrypt); Quote Link to comment Share on other sites More sharing options...
fenway Posted November 2, 2007 Share Posted November 2, 2007 Well, echo the sql queries, i can tell if you there's anything wrong there... anything php related belongs in the other fourm. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.