SV: [PHP-DB] Straightforward authentication?
A common way to identify a client is to use the challange-response algorithm. It works like this: Ps is the password stored on the server Pc is the password entered by the client H is a hash-function (md5 for example) V is a 'random' value Server calculates H(V + Ps) and save this in a session variable. The server then send V to the client which respond with H(V + Pc). Now, the server can compare H(V + Ps) with H(V + Pc). If they are equal, the user must have given the correct password! Otherwise the identification failed. The good thing with this algorithm is that no password need to be sent in plain-text between the client and the server. The random value is used to ensure that the response is not just something that a hacker has sniffed in a previous session. The downside is that the database must be secure, since the passwords are stored in plain-text. A even better way is of course to use SSL. In that case the client just send the password to the server and the server compares H(P) with the stored hash in the database. Don't know if this was what you were looking for... /torgil -Ursprungligt meddelande- Fran: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]For Russ Michell Skickat: den 13 september 2001 17:36 Till: [EMAIL PROTECTED] Amne: [PHP-DB] Straightforward authentication? Hi all: The few php/MySQL apps I've developed that required username/password access, have simply been a means of comparing usernames and hashes of passwords in a DB. My next application needs to be slightly more secure but nothing like the needs of protecting online banking or vulnerable private info. I have read several articles at phpbuilder.com and stuff at php.net, and frankly most of it seems to be overly contrived. I wonder wether some list members would be able to point me in the direction of code and/or tutorials that *explain* in English what they're doing and why. For example why they are storing an MD5() hash of something in a seperate file outside the web-server's doc-root etc etc. Once I have my head round the concepts I'll be posting my findings to a public location which list-members will be among the first to view. I thank y'all for any help you are able to give. Cheers Russ #---# Believe nothing - consider everything Russ Michell Anglia Polytechnic University Webteam Room 1C 'The Eastings' East Road, Cambridge e: [EMAIL PROTECTED] w: www.apu.ac.uk/webteam t: +44 (0)1223 363271 x 2331 www.theruss.com #---# -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
SV: [PHP-DB] automatic logout
As far as I know, the only way to get timeout of session data is to store a timestamp with last access time and check this each time the session data is referenced.. If the user close the browser window, the session data will timeout and you don't have to worry. -Ursprungligt meddelande- Från: RSalomo [mailto:[EMAIL PROTECTED]] Skickat: den 10 september 2001 10:27 Till: [EMAIL PROTECTED] Ämne: [PHP-DB] automatic logout hello, i use session for user authentication in php/mysql. how to logout the session automatically if: there is no activity for a period of time (user forgot to click logout), or user just close the browser without logout ? thanks, rudy -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
SV: [PHP-DB] newbie having problem
Check if mysql_query returns false. If it does (and im pretty sure it do), use mysql_error to check whats wrong... (Another way is to echo the query and paste it into the mysql command line client..) $result = mysql_query(...); if( $result == FALSE ) { echo mysql_error(); } I'm doing some basic php/MySQL stuff (LinuxPPC on Mac7100). I'm gettin g the following error when I search for somthing. Supplied argument is not a valid MySQL result resource in /usr/local/apache/htdocs/bizflyer/Bizflyer_R1.php on line 32 Here's my relevant code: ?php mysql_connect ('pingu','root@localhost',''); mysql_select_db ('Bizplanes'); if ($Serial == ) {$Serial = '%';} if ($Type == ) {$Type = '%';} if ($Con == ) {$Con = '%';} $result=mysql_query (SELECT * FROM biz WHERE ID LIKE '%$Serial%' AND Type LIKE '%$Type%' Con LIKE '%$Con%' ORDER BY ID); ? TABLE STUFF HERE ?php if ($row=mysql_fetch_array($result)) { # this is line 32 do { print (TRTD); print $row['ID']; print (TD); print $row['Type']; print (TD); print $row['Con']; print (TD); print $row['Operator']; print (/TD/TR); } while ($row=mysql_fetch_array($result)); } else {print (Sorry, no aircraft matching your criteria were found.);} ? = Any suggestions as to where I'm going wrong? Regards George Pitcher Technical Manager HERON Project Napier University Edinburgh EH10 5DT [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.heron.ac.uk programmer - A device for transmuting caffeine into code. _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
SV: [PHP-DB] newbie needs to format time field
Checkout: http://www.mysql.com/doc/D/a/Date_and_time_functions.html the function DATE_FORMAT(date,format) does what you want... -Ursprungligt meddelande- Från: Eric J Schwinder [mailto:[EMAIL PROTECTED]] Skickat: den 3 september 2001 21:39 Till: [EMAIL PROTECTED] Ämne: [PHP-DB] newbie needs to format time field This may be a dumb question but here goes: I have a mySQL database that I am using PHP to interface with. I have fields in the database that are DATE and TIME types. Can I format these values so that the user sees September 15, 2001 or 2:00 PM instead of 2001-09-15 and 14:00:00 when I show the values on the web page? If so, can anyone suggest a reference which will help me do this? I didn't find anything in the mySQL or PHP manuals, but maybe I was looking in the wrong places! Thanks in advance from a relatively new PHP user! Eric J Schwinder eric.AT.bergencomputing.DOT.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
SV: [PHP-DB] Query construction (again)
This should work: SELECT * FROM items WHERE TO_DAYS(NOW()) - TO_DAYS(submitDate) = 7; -Ursprungligt meddelande- Fran: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]For Russ Michell Skickat: den 23 augusti 2001 11:46 Till: Gremlins Mailing List Kopia: [EMAIL PROTECTED] Amne: Re: [PHP-DB] Query construction (again) (Apologies for cross-postings here but I lost a php-db list members personal email address..) I need a query that in English would read something like: Select all records from table: 'items' where each record is displayed for 7days after it's submission. It was suggested I may have to modify the output of now() to match my MySQL DB 'submitDate' field as in the query below: $sql = SELECT * FROM $tabitem WHERE DATE_ADD(submitDate, INTERVAL 7 DAY) = now(); So I tried the following: $sql = SELECT * FROM $tabitem WHERE DATE_ADD(submitDate, INTERVAL 7 DAY) = DATE_FORMAT(NOW(),'Y-M-D'); MySQL didn't complain but nor did it print out all postings submitted in the last seven days which is what it is suppposed to be doing! The 'submitDate' field is a MySQL DATE field and I'm using MySQL-3.22.32 if that's any use. Why is the query not doing what it's told!!? Cheers for your help thus far! Russ Depending on how the date is stored (date + time, or just date) On Wed, 22 Aug 2001 21:39:19 +0800 Gremlins Mailing List [EMAIL PROTECTED] wrote: - Original Message - From: Russ Michell [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 22, 2001 10:16 PM Subject: [PHP-DB] Query construction (again) Hey there folks - similar problem - different project! I want to select some records for a period of 7days after their insert [dateFrom] date. Last time I asked you guys for help I was helped toward the following solution: $sql = SELECT * FROM $Tpostings WHERE now()=dateFrom AND now()dateTo; The problem in this new project is that the 'dateTo' field is not included in the DB. It is 7-days after 'dateFrom'. So why does the following query not work: $sql = SELECT * FROM $tabitem WHERE DATE_ADD(submitDate, INTERVAL 7 DAY); No error is received though... There is no comparison in your WHERE clause. Try something like: $sql = SELECT * FROM $tabitem WHERE DATE_ADD(submitDate, INTERVAL 7 DAY) = now(); Depending on how the date is stored (date + time, or just date) you may have to modify the output of now() to match. hth -- Jason Wong Gremlins Associates www.gremlins.com.hk -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] #---# Believe nothing - consider everything Russ Michell Anglia Polytechnic University Webteam e: [EMAIL PROTECTED] w: www.apu.ac.uk/webteam t: +44 (0)1223 363271 x 2331 www.theruss.com #---# -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]