hhawkins Posted November 2, 2007 Share Posted November 2, 2007 I have recently taken over another developers work and have not had a ton of this type of indepth secure PHP and SQL coding. I have problem where the database/password that my pages are talking to are accepting special characters and my website page is not passing this correctly. I have been racking my brain and fingers trying to find the soltuion to no avail. Any help is greatly appreciated I think the problem is on this page/snippet that is doing the auth- private function makeuser($username,$password) { ///global $dbc; //DEBUG//$dbc->dbconn->query("INSERT debug set username='{$username}',password='{$password}',content='auth 4.5: making you a user by session'"); $_SESSION['node'] = $this->encrypt("user"); $_SESSION['username'] = $this->encrypt($username); $_SESSION['password'] = $this->encrypt($password); } private function encrypt($encrypt) { $key= $this->key; srand((double) microtime() * 1000000); //for sake of MCRYPT_RAND $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); $passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $encrypt, MCRYPT_MODE_ECB, $iv); $encode = base64_encode($passcrypt); return $encode; } private function decrypt($decrypt) { $key = $this->key; $decoded = base64_decode($decrypt); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_ECB, $iv); return $decrypted; } Or it could be this input page/snippet: function password($varname) { $var = $this->getvar($varname); $var = preg_replace("/[^A-Za-z0-9_, -]/", "", $var); $var = substr($var,0,54); return $var; } Link to comment https://forums.phpfreaks.com/topic/75808-passwords-with-special-characters-excryptindecrypting-issues/ Share on other sites More sharing options...
fenway Posted November 2, 2007 Share Posted November 2, 2007 Why not use an encryption scheme that doesn't use non-printable characters? Or you could always base64-encoded it. Link to comment https://forums.phpfreaks.com/topic/75808-passwords-with-special-characters-excryptindecrypting-issues/#findComment-383686 Share on other sites More sharing options...
hhawkins Posted November 2, 2007 Author Share Posted November 2, 2007 Isn't that what I am doing on this line - $encode = base64_encode($passcrypt); Link to comment https://forums.phpfreaks.com/topic/75808-passwords-with-special-characters-excryptindecrypting-issues/#findComment-383729 Share on other sites More sharing options...
fenway Posted November 2, 2007 Share Posted November 2, 2007 Well, echo the sql queries, i can tell if you there's anything wrong there... anything php related belongs in the other fourm. Link to comment https://forums.phpfreaks.com/topic/75808-passwords-with-special-characters-excryptindecrypting-issues/#findComment-383736 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.