SV: [PHP-DB] Straightforward authentication?

2001-09-13 Thread Torgil Zechel 

A common way to identify a client is to use the challange-response
algorithm. It works like this:

Ps is the password stored on the server
Pc is the password entered by the client
H is a hash-function (md5 for example)
V is a 'random' value

Server calculates H(V + Ps) and save this in a session variable. The server
then send V to the client which respond with H(V + Pc). Now, the server can
compare H(V + Ps) with H(V + Pc). If they are equal, the user must have
given the correct password! Otherwise the identification failed.

The good thing with this algorithm is that no password need to be sent in
plain-text between the client and the server. The random value is used to
ensure that the response is not just something that a hacker has sniffed in
a previous session. The downside is that the database must be secure, since
the passwords are stored in plain-text.

A even better way is of course to use SSL. In that case the client just send
the password to the server and the server compares H(P) with the stored hash
in the database.

Don't know if this was what you were looking for...

/torgil

 -Ursprungligt meddelande-
 Fran: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]For Russ Michell
 Skickat: den 13 september 2001 17:36
 Till: [EMAIL PROTECTED]
 Amne: [PHP-DB] Straightforward authentication?


 Hi all:

 The few php/MySQL apps I've developed that required
 username/password access, have simply been a
 means of comparing usernames and hashes of passwords in a DB. My
 next application needs to be
 slightly more secure but nothing like the needs of protecting
 online banking or vulnerable private
 info.

 I have read several articles at phpbuilder.com and stuff at
 php.net, and frankly most of it seems
 to be overly contrived.

 I wonder wether some list members would be able to point me in
 the direction of code and/or
 tutorials that *explain* in English what they're doing and why.
 For example why they are storing an
 MD5() hash of something in a seperate file outside the
 web-server's doc-root etc etc.

 Once I have my head round the concepts I'll be posting my
 findings to a public location which
 list-members will be among the first to view.

 I thank y'all for any help you are able to give.
 Cheers

 Russ

 #---#

   Believe nothing - consider everything

   Russ Michell
   Anglia Polytechnic University Webteam
   Room 1C 'The Eastings' East Road, Cambridge

   e: [EMAIL PROTECTED]
   w: www.apu.ac.uk/webteam
   t: +44 (0)1223 363271 x 2331

   www.theruss.com

 #---#


 --
 PHP Database Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]




-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

SV: [PHP-DB] automatic logout

2001-09-10 Thread Torgil Zechel 

As far as I know, the only way to get timeout of session data is to store a
timestamp with last access time and check this each time the session data is
referenced..

If the user close the browser window, the session data will timeout and you
don't have to worry.

 -Ursprungligt meddelande-
 Från: RSalomo [mailto:[EMAIL PROTECTED]]
 Skickat: den 10 september 2001 10:27
 Till: [EMAIL PROTECTED]
 Ämne: [PHP-DB] automatic logout


 hello,
 i use session for user authentication in php/mysql.

 how to logout the session automatically if:
 there is no activity for a period of time (user forgot to click logout),
 or user just close the browser without logout
 ?

 thanks,
 rudy


 --
 PHP Database Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]




-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

SV: [PHP-DB] newbie having problem

2001-09-03 Thread Torgil Zechel 

Check if mysql_query returns false. If it does (and im pretty sure it do),
use mysql_error to check whats wrong... (Another way is to echo the query
and paste it into the mysql command line client..)

$result = mysql_query(...);

if( $result == FALSE )
{
echo mysql_error();
}

 I'm doing some basic php/MySQL stuff (LinuxPPC on Mac7100). I'm
 gettin g the
 following error when I search for somthing.
 
 Supplied argument is not a valid MySQL result resource in
 /usr/local/apache/htdocs/bizflyer/Bizflyer_R1.php on line 32
 
 Here's my relevant code:
 
 ?php
 mysql_connect ('pingu','root@localhost','');
 mysql_select_db ('Bizplanes');
 if ($Serial == )
  {$Serial = '%';}
 if ($Type == )
  {$Type = '%';}
 if ($Con == )
  {$Con = '%';}
 $result=mysql_query (SELECT * FROM biz WHERE
   ID LIKE '%$Serial%' AND
   Type LIKE '%$Type%'
   Con LIKE '%$Con%'
   ORDER BY ID);
 ?

 TABLE STUFF HERE

 ?php
 if ($row=mysql_fetch_array($result)) { # this is line 32
 do {
  print (TRTD);
  print $row['ID'];
  print (TD);
  print $row['Type'];
  print (TD);
  print $row['Con'];
  print (TD);
  print $row['Operator'];
  print (/TD/TR);
 } while ($row=mysql_fetch_array($result));
 } else {print (Sorry, no aircraft matching your criteria were found.);}
 ?
 =

 Any suggestions as to where I'm going wrong?


 Regards

 George Pitcher

 Technical Manager
 HERON Project
 Napier University
 Edinburgh EH10 5DT

 [EMAIL PROTECTED]
 [EMAIL PROTECTED]
 [EMAIL PROTECTED]

 http://www.heron.ac.uk
 
programmer -  A device for transmuting caffeine into code.
 



 _
 Do You Yahoo!?
 Get your free @yahoo.com address at http://mail.yahoo.com


 --
 PHP Database Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]




-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

SV: [PHP-DB] newbie needs to format time field

2001-09-03 Thread Torgil Zechel 

Checkout:
http://www.mysql.com/doc/D/a/Date_and_time_functions.html

the function DATE_FORMAT(date,format) does what you want...

 -Ursprungligt meddelande-
 Från: Eric J Schwinder [mailto:[EMAIL PROTECTED]]
 Skickat: den 3 september 2001 21:39
 Till: [EMAIL PROTECTED]
 Ämne: [PHP-DB] newbie needs to format time field


 This may be a dumb question but here goes:

 I have a mySQL database that I am using PHP to interface with.  I have
 fields in the database that are DATE and TIME types.  Can I format these
 values so that the user sees September 15, 2001  or  2:00 PM
 instead of
 2001-09-15 and 14:00:00 when I show the values on the web page?

 If so, can anyone suggest a reference which will help me do this?
  I didn't
 find anything in the mySQL or PHP manuals, but maybe I was looking in the
 wrong places!  Thanks in advance from a relatively new PHP user!


 Eric J Schwinder
 eric.AT.bergencomputing.DOT.com



 --
 PHP Database Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]




-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

SV: [PHP-DB] Query construction (again)

2001-08-23 Thread Torgil Zechel 

This should work:

SELECT * FROM items WHERE TO_DAYS(NOW()) - TO_DAYS(submitDate) = 7;

 -Ursprungligt meddelande-
 Fran: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]For Russ Michell
 Skickat: den 23 augusti 2001 11:46
 Till: Gremlins Mailing List
 Kopia: [EMAIL PROTECTED]
 Amne: Re: [PHP-DB] Query construction (again)


 (Apologies for cross-postings here but I lost a php-db list
 members personal email address..)

 I need a query that in English would read something like:

 Select all records from table: 'items' where each record is
 displayed for 7days after it's
 submission.

 It was suggested I may have to modify the output of now() to
 match my MySQL DB 'submitDate' field
 as in the query below:

 $sql = SELECT * FROM $tabitem WHERE DATE_ADD(submitDate,
 INTERVAL 7 DAY) =
 now();

 So I tried the following:

 $sql = SELECT * FROM $tabitem WHERE DATE_ADD(submitDate,
 INTERVAL 7 DAY) = DATE_FORMAT(NOW(),'Y-M-D');

 MySQL didn't complain but nor did it print out all postings
 submitted in the last seven days which
 is what it is suppposed to be doing!

 The 'submitDate' field is a MySQL DATE field and I'm using
 MySQL-3.22.32 if that's any use.
 Why is the query not doing what it's told!!?


 Cheers for your help thus far!
 Russ

 Depending on how the date is stored (date + time, or just date)
 On Wed, 22 Aug 2001 21:39:19 +0800 Gremlins Mailing List
 [EMAIL PROTECTED] wrote:

  - Original Message -
  From: Russ Michell [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Sent: Wednesday, August 22, 2001 10:16 PM
  Subject: [PHP-DB] Query construction (again)
 
 
   Hey there folks - similar problem - different project!
  
   I want to select some records for a period of 7days after their insert
  [dateFrom] date.
   Last time I asked you guys for help I was helped toward the following
  solution:
  
   $sql = SELECT * FROM $Tpostings WHERE now()=dateFrom AND
 now()dateTo;
  
   The problem in this new project is that the 'dateTo' field is
 not included
  in the DB. It is 7-days
   after 'dateFrom'. So why does the following query not work:
  
   $sql = SELECT * FROM $tabitem WHERE DATE_ADD(submitDate, INTERVAL 7
  DAY);
   No error is received though...
 
  There is no comparison in your WHERE clause. Try something like:
 
  $sql = SELECT * FROM $tabitem WHERE DATE_ADD(submitDate,
 INTERVAL 7 DAY) =
  now();
 
  Depending on how the date is stored (date + time, or just date)
 you may have
  to modify the output of now() to match.
 
  hth
  --
  Jason Wong
  Gremlins Associates
  www.gremlins.com.hk
 
 
 
 
  --
  PHP Database Mailing List (http://www.php.net/)
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
  To contact the list administrators, e-mail: [EMAIL PROTECTED]
 

 #---#

   Believe nothing - consider everything

   Russ Michell
   Anglia Polytechnic University Webteam

   e: [EMAIL PROTECTED]
   w: www.apu.ac.uk/webteam
   t: +44 (0)1223 363271 x 2331

   www.theruss.com

 #---#


 --
 PHP Database Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]




-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]