php-general Digest 6 Sep 2006 13:34:47 -0000 Issue 4332
Topics (messages 241396 through 241412):
Format of Encrypted Password
241396 by: Kevin Murphy
241397 by: Robert Cummings
241398 by: Kevin Murphy
241399 by: Chris W. Parker
241400 by: Kevin Murphy
241401 by: Chris
241402 by: Chris
241411 by: Mourad Boulahboub
Re: Quotes?
241403 by: J R
Re: Video uploading with PHP -> convert to flash on the fly?
241404 by: Damien Bezborodow
Re: PHP/Perl Developer in ADELAIDE, South Australia
241405 by: Damien Bezborodow
Re: Linux Perl/PHP/MySQL Programmer (ADELAIDE)
241406 by: Damien Bezborodow
Re: PHP Access Violations
241407 by: Wolf
241409 by: Christopher Watson
241410 by: Chris
241412 by: Christopher Watson
Re: error_log does not work
241408 by: Chris
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
I've inherited this website and there is an application that is
running on it that has a bunch of passwords stored in a mysql table.
The problem is, the previous webmaster didn't leave me any
instructions on how they encrypted those passwords. I don't need to
figure out what the old passwords were, I just need to be able to
generate my own (until such time as I can rebuild this portion of the
website).
The passwords are called in the application by:
$_SERVER['PHP_AUTH_PW']
The passwords appear to be 16 character strings that predominately
have numbers in them (rather than letters) and don't appear to have
any punctuation (although it could be just the few I am looking at
that don't).
Is there any way to tell how these passwords were encrypted?
--
Kevin Murphy
Webmaster: Information and Marketing Services
Western Nevada Community College
www.wncc.edu
775-445-3326
--- End Message ---
--- Begin Message ---
On Tue, 2006-09-05 at 15:27 -0700, Kevin Murphy wrote:
> I've inherited this website and there is an application that is
> running on it that has a bunch of passwords stored in a mysql table.
> The problem is, the previous webmaster didn't leave me any
> instructions on how they encrypted those passwords. I don't need to
> figure out what the old passwords were, I just need to be able to
> generate my own (until such time as I can rebuild this portion of the
> website).
>
> The passwords are called in the application by:
>
> $_SERVER['PHP_AUTH_PW']
>
> The passwords appear to be 16 character strings that predominately
> have numbers in them (rather than letters) and don't appear to have
> any punctuation (although it could be just the few I am looking at
> that don't).
>
> Is there any way to tell how these passwords were encrypted?
Yes, find the spot in the code responsible for creating new accounts or
updating account passwords. Right there is where you'll find the
information. Unless of course he used some kind of command line tool to
manually add accounts --- which I doubt.
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--- End Message ---
--- Begin Message ---
On Sep 5, 2006, at 4:14 PM, Robert Cummings wrote:
On Tue, 2006-09-05 at 15:27 -0700, Kevin Murphy wrote:
I've inherited this website and there is an application that is
running on it that has a bunch of passwords stored in a mysql table.
The problem is, the previous webmaster didn't leave me any
instructions on how they encrypted those passwords. I don't need to
figure out what the old passwords were, I just need to be able to
generate my own (until such time as I can rebuild this portion of the
website).
The passwords are called in the application by:
$_SERVER['PHP_AUTH_PW']
The passwords appear to be 16 character strings that predominately
have numbers in them (rather than letters) and don't appear to have
any punctuation (although it could be just the few I am looking at
that don't).
Is there any way to tell how these passwords were encrypted?
Yes, find the spot in the code responsible for creating new
accounts or
updating account passwords. Right there is where you'll find the
information. Unless of course he used some kind of command line
tool to
manually add accounts --- which I doubt.
Unfortunately, thats precisely what it appears that they did. There
is no code anywhere I can find for updating/adding accounts. As far
as I can tell the only place that the accounts exist or can be edited
is directly into the mysql database, with the password all ready
encrypted.
Of course, I could be missing something. I'll keep looking.....
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Kevin Murphy <mailto:[EMAIL PROTECTED]>
on Tuesday, September 05, 2006 3:27 PM said:
> The passwords are called in the application by:
>
> $_SERVER['PHP_AUTH_PW']
> Is there any way to tell how these passwords were encrypted?
Have you tried searching the entire codebase for that string? Might get
you some clues.
>From the commandline (and at the root of the codebase):
# grep -R PHP_AUTH_PW *
Chris.
--- End Message ---
--- Begin Message ---
The only thing I can find anywhere in the code is this:
$auth_user = $_SERVER['PHP_AUTH_USER'];
$auth_pw = $_SERVER['PHP_AUTH_PW'];
$query = "select name from table where name = '$authuser' and
password = password('$auth_pw')";
I've never seen that password('$auth_pw') part before. Is that a
mysql part that I am not familiar with and that I should know? I've
been known to miss obvious stuff before.....
--
Kevin Murphy
Webmaster: Information and Marketing Services
Western Nevada Community College
www.wncc.edu
775-445-3326
On Sep 5, 2006, at 4:25 PM, Chris W. Parker wrote:
Kevin Murphy <mailto:[EMAIL PROTECTED]>
on Tuesday, September 05, 2006 3:27 PM said:
The passwords are called in the application by:
$_SERVER['PHP_AUTH_PW']
Is there any way to tell how these passwords were encrypted?
Have you tried searching the entire codebase for that string? Might
get
you some clues.
From the commandline (and at the root of the codebase):
# grep -R PHP_AUTH_PW *
Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Kevin Murphy wrote:
I've inherited this website and there is an application that is running
on it that has a bunch of passwords stored in a mysql table. The problem
is, the previous webmaster didn't leave me any instructions on how they
encrypted those passwords. I don't need to figure out what the old
passwords were, I just need to be able to generate my own (until such
time as I can rebuild this portion of the website).
The passwords are called in the application by:
$_SERVER['PHP_AUTH_PW']
The passwords appear to be 16 character strings that predominately have
numbers in them (rather than letters) and don't appear to have any
punctuation (although it could be just the few I am looking at that don't).
Is there any way to tell how these passwords were encrypted?
From http://www.php.net/crypt :
CRYPT_BLOWFISH - Blowfish encryption with a sixteen character salt
starting with $2$
Could that be the one?
Do you have the mcrypt module installed? I wonder if one of those
methods is being used.
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
Kevin Murphy wrote:
The only thing I can find anywhere in the code is this:
$auth_user = $_SERVER['PHP_AUTH_USER'];
$auth_pw = $_SERVER['PHP_AUTH_PW'];
$query = "select name from table where name = '$authuser' and password =
password('$auth_pw')";
I've never seen that password('$auth_pw') part before. Is that a mysql
part that I am not familiar with and that I should know? I've been known
to miss obvious stuff before.....
http://dev.mysql.com/doc/refman/5.1/en/password-hashing.html
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
Hi Kevin,
Kevin Murphy schrieb am 06.09.2006 00:27:
>
> $_SERVER['PHP_AUTH_PW']
>
this is needed if you run HTTP-Authentication for e.g. .htaccess/.htpasswd
i think you will find a string like
Header("WWW-Authenticate: Basic
in your scripts also.
I think the passwords are stored in MD5
--- End Message ---
--- Begin Message ---
On 9/6/06, Gustav Wiberg <[EMAIL PROTECTED]> wrote:
I want to save this to a string...
<script language="javascript">
var uri = 'http://impse.tradedoubler.com/imp/img/16352388/1122503?' + new
String (Math.random()).substring (2, 11);
document.write('<a
href="http://clk.tradedoubler.com/click?p=48859&a=1122503&g=16352388";
target="_blank"><img src="'+uri+'" border=0></a>');
</script><br><br>
How could i type?
I've tried with ' and ".. but can't get it to work.
tested diffrent types..
$str = '<script language="javascript">';
this should work.
$str = 'var uri = 'http://impse.tradedoubler.com/imp/js/16350344/1122503?' +
new String (Math.random()).substring (2, 11);';
$str .= 'var uri = \'http://impse.tradedoubler.com/imp/js/16350344/1122503?\'
+ new String (Math.random()).substring (2, 11);';
$str = ""document.write('<sc'+'ript language="JavaScript" src="'+uri+'"
charset="ISO-8859-1"></sc'+'ript>');"";
$str .= "\"document.write('<sc'+'ript language=\"JavaScript\"
src=\"'+uri+'\"charset=\"ISO-8859-1\"></sc'+'ript>');\"";
$str = ""</script><br><br>"";
$str .= "\"</script><br><br>\"";
Best regards
/Gustav Wiberg
Stammis Internet
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
* use (.) dot to add another value to a string:
e.g.
$var = 'hello';
$var .= ' world';
echo $var;
// hello world
$var = 'foo' . ' bar';
echo $var;
// foo bar
* learn to escape character.
hth,
john
--
GMail Rocks!!!
--- End Message ---
--- Begin Message ---
Merlin wrote:
Hi there,
looks like video uploading goes mainstream. Loads of sites are adding
video upload capabilities. That is what I would like to add to my webapp
as well. Currently only picture upload is available via PHP and image
functions.
Can somebody please point me to a start on how to convert the video
files on the fly during upload into flash video? Similar to the image
functions available with php? Is there a modul available, any 3rd party
software you would recommend?
Thank you for any hint,
Merlin
Why do that? Just let the user download the video! Why embed a video in
a Flash animating embedded on a Web page? It's stupid - and you have to
use Flash Player!
--- End Message ---
--- Begin Message ---
Hi all,
Koala Telecom is seeking a full time programmer with experience with
PHP5, Perl and SQL (MySQL).
Core requirements are:
- Experience developing projects in a team environment using a
versioning system such as Subversion or CVS.
- Design and analysis skills.
- Experience with PHP5, Perl and SQL.
- Familiar with GNU/Linux systems.
Highly regarded:
- Experience with Asterisk (and hopefully AGI).
- Experience deploying MySQL Cluster and load balancing.
- Experience integrating systems together.
- Payments, electronic commerce, etc.
- Experience with Radius.
Likely tasks with us include:
- Integrating billing systems together via SQL databases.
- Extending and developing new methods for VoIP systems.
- Providing secure Web interfaces for our systems.
- Working in a small team of 2-4 members.
The position is located in the Adelaide CBD for immediate start. Salary
is negotiable. It is a full-time permanent position.
Please respond to my email address or call Curtis on (08) 7123 2120 for
any further information (the list is acceptable for general questions,
off course).
Thanks,
--- End Message ---
--- Begin Message ---
Hi all,
Koala Telecom is seeking a full time programmer with experience with
PHP5, Perl and SQL (MySQL).
Core requirements are:
- Experience developing projects in a team environment using a
versioning system such as Subversion or CVS.
- Design and analysis skills.
- Experience with PHP5, Perl and SQL.
- Familiar with GNU/Linux systems.
Highly regarded:
- Experience with Asterisk (and hopefully AGI).
- Experience deploying MySQL Cluster and load balancing.
- Experience integrating systems together.
- Payments, electronic commerce, etc.
- Experience with Radius.
Likely tasks with us include:
- Integrating billing systems together via SQL databases.
- Extending and developing new methods for VoIP systems.
- Providing secure Web interfaces for our systems.
- Working in a small team of 2-4 members.
The position is located in the Adelaide CBD for immediate start. Salary
is negotiable. It is a full-time permanent position.
Please respond to my email address or call Curtis on (08) 7123 2120 for
any further information (the list is acceptable for general questions,
off course).
Thanks,
--- End Message ---
--- Begin Message ---
First thing you need to do is log the boot through the crash of PHP, it
sounds like something is getting hung in the processes and crapping out.
Personally, I run Apache on windows and Linux machines. It has less
tendency to die and gives a great log of when something happens. First
step is getting that PHP error/system log.
Wolf
--- End Message ---
--- Begin Message ---
Hi Wolf,
Set up PHP error logging. Proceeded to do some regular development.
Created some PHP errors in my code to test logging. Worked great.
Expected errors occurred and got logged.
Five minutes into the session, wham! This error is what comes up in
the browser:
"PHP has encountered an Access Violation at 7C911F6C"
Dead. I check the error log. Nothing. Not a thing.
-Christopher
On 9/5/06, Wolf <[EMAIL PROTECTED]> wrote:
First thing you need to do is log the boot through the crash of PHP, it
sounds like something is getting hung in the processes and crapping out.
Personally, I run Apache on windows and Linux machines. It has less
tendency to die and gives a great log of when something happens. First
step is getting that PHP error/system log.
Wolf
--- End Message ---
--- Begin Message ---
Christopher Watson wrote:
Hi Wolf,
Set up PHP error logging. Proceeded to do some regular development.
Created some PHP errors in my code to test logging. Worked great.
Expected errors occurred and got logged.
Five minutes into the session, wham! This error is what comes up in
the browser:
"PHP has encountered an Access Violation at 7C911F6C"
Run memtest or something over your machine, sounds more like a hardware
issue than anything else.
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
Hi Chris,
memtest run over several hours, with 2000% coverage. No errors.
-Chris
On 9/5/06, Chris <[EMAIL PROTECTED]> wrote:
Run memtest or something over your machine, sounds more like a hardware
issue than anything else.
--- End Message ---
--- Begin Message ---
Merlin wrote:
Hi there,
I can not find a way to get this working on one server of mine. The
error_log() funciton does not result in an entry to this log. The log
exists and php.ini is configured to write error warnings out (so it does
on system warnings). The same thing workes excellent on another server
of mine.
Can somebody please shed some light on that?
Permissions on the log file ? It will need to be writable by the
webserver user.
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
