hhawkins Posted November 2, 2007 Share Posted November 2, 2007 I have recently taken over another developers work and have not had a ton of this type of in depth secure PHP and SQL coding. I have problem where the database/password that my pages are talking to are accepting special characters and my website page is not passing this correctly. I have been racking my brain and fingers trying to find the solution to no avail. Any help is greatly appreciated I think the problem is on this page/snippet that is doing the auth- private function makeuser($username,$password) { ///global $dbc; //DEBUG//$dbc->dbconn->query("INSERT debug set username='{$username}',password='{$password}',content='auth 4.5: making you a user by session'"); $_SESSION['node'] = $this->encrypt("user"); $_SESSION['username'] = $this->encrypt($username); $_SESSION['password'] = $this->encrypt($password); } private function encrypt($encrypt) { $key= $this->key; srand((double) microtime() * 1000000); //for sake of MCRYPT_RAND $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); $passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $encrypt, MCRYPT_MODE_ECB, $iv); $encode = base64_encode($passcrypt); return $encode; } private function decrypt($decrypt) { $key = $this->key; $decoded = base64_decode($decrypt); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_ECB, $iv); return $decrypted; } Or it could be this input page/snippet: function password($varname) { $var = $this->getvar($varname); $var = preg_replace("/[^A-Za-z0-9_, -]/", "", $var); $var = substr($var,0,54); return $var; } Link to comment https://forums.phpfreaks.com/topic/75822-solved-problem-with-special-character-password/ Share on other sites More sharing options...
esukf Posted November 2, 2007 Share Posted November 2, 2007 The following line is removing any characters not alphanumeric, underscore, comma, space and dash in the password. Try removing it and see if it works. $var = preg_replace("/[^A-Za-z0-9_, -]/", "", $var); Link to comment https://forums.phpfreaks.com/topic/75822-solved-problem-with-special-character-password/#findComment-383769 Share on other sites More sharing options...
hhawkins Posted November 5, 2007 Author Share Posted November 5, 2007 $var = preg_replace("/[^A-Za-z0-9_\W, -]{4-8} /", "", $var); Would this work, I am adding the acceptance of special characters and that it must be 4-8 digits. I am a little afraid of what the affect may be of allowing all those characters. Thanks Link to comment https://forums.phpfreaks.com/topic/75822-solved-problem-with-special-character-password/#findComment-385024 Share on other sites More sharing options...
hhawkins Posted November 5, 2007 Author Share Posted November 5, 2007 The code does work if I comment that line out, I just need to rewrite the preg_replace line. Link to comment https://forums.phpfreaks.com/topic/75822-solved-problem-with-special-character-password/#findComment-385105 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.