Re: [PHP] Password expiration script

2005-04-01 Thread Angelo Zanetti 
im sure it cant be that hard to write:
when user logs in check the last date their password was set.
if  30 days then prompt to connect and dont allow user to do anything 
else until password has been changed and new expiry date is set (which 
will now be less than 30 days)

use an include for it and if there is an error (ie logged in but havent 
changed password) redirect to an error page

hopefully this will get you going.
Angelo
Bosky, Dave wrote:
I'm looking for a script that would require a user to change their password
every 30 days. Does anyone use a script that has functionality similar to
what I'm looking for?

Thanks,
Dave


HTC Disclaimer:  The information contained in this message may be privileged 
and confidential and protected from disclosure. If the reader of this message 
is not the intended recipient, or an employee or agent responsible for 
delivering this message to the intended recipient, you are hereby notified that 
any dissemination, distribution or copying of this communication is strictly 
prohibited.  If you have received this communication in error, please notify us 
immediately by replying to the message and deleting it from your computer.  
Thank you.
 

--
Angelo Zanetti
Z Logic
[c] +27 72 441 3355
[t] +27 21 464 1363
[f] +27 21 464 1371
www.zlogic.co.za
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Password expiration script

2005-03-31 Thread Bosky, Dave 
I'm looking for a script that would require a user to change their password
every 30 days. Does anyone use a script that has functionality similar to
what I'm looking for?

 

Thanks,

Dave

 



HTC Disclaimer:  The information contained in this message may be privileged 
and confidential and protected from disclosure. If the reader of this message 
is not the intended recipient, or an employee or agent responsible for 
delivering this message to the intended recipient, you are hereby notified that 
any dissemination, distribution or copying of this communication is strictly 
prohibited.  If you have received this communication in error, please notify us 
immediately by replying to the message and deleting it from your computer.  
Thank you.

Re: [PHP] Password expiration script

2005-03-31 Thread Ryan A 
Theres instant2c pro at securecents.com, but that might be like using a tank
to kill a fly :-D




On 3/31/2005 11:18:31 AM, Bosky, Dave ([EMAIL PROTECTED]) wrote:
 --_=_NextPart_001_01C53626.6CCF76C0

 Content-Type: text/plain



 I'm looking for a script that would require a user to change their
password
 every 30 days. Does anyone use a script that has functionality similar to
 what I'm
 looking for?







 Thanks,



 Dave











 HTC Disclaimer:  The information contained in this message may be
 privileged and confidential and protected from disclosure. If the reader
 of this message is not the intended recipient, or an employee or agent
 responsible for delivering this message to the intended recipient, you are
 hereby notified that any dissemination, distribution or copying of this
 communication is strictly prohibited.  If you have received this
 communication in error, please notify us immediately by replying to the
 message and deleting it from your computer.  Thank you.



 --_=_NextPart_001_01C53626.6CCF76C0--



-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.8.6 - Release Date: 3/30/2005

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Password expiration script

2005-03-31 Thread xfedex 
On Thu, 31 Mar 2005 14:18:31 -0500, Bosky, Dave [EMAIL PROTECTED] wrote:
 I'm looking for a script that would require a user to change their password
 every 30 days. Does anyone use a script that has functionality similar to
 what I'm looking for?
 
 Thanks,
 
 Dave
 
I got do it so using a DBquery

$sql = 'SELECT TO_DAYS(NOW()) - TO_DAYS(\''.$last_pass_chg.'\');';

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Password Generator Script

2002-07-27 Thread Naintara Jain 

The following code was created to generate a random password.
But it can be used to generate a random string for any purpose.

The basic idea was to create an array that would contain all the letters of
the English alphabet, and pick out random values from that array. I have
outlined two methods below, please also read the explanation/comments
provided below.

Method 1:
$strrandom=””;

$ivalfrom =ord(a);
$ivalto =ord(z);

for($i=$ivalfrom; $i=$ivalto; $i++)
$arralpha[] = chr($i);

mt_srand ((double) microtime() * 100);

$rand_al = array_rand ($arralpha, 3);
$strrandom = $arralpha[$rand_al[0]] . $arralpha[$rand_al[1]] .
$arralpha[$rand_al[3]];
$numpart=mt_rand(10,99);
$strrandom .= $numpart;

echo random = $strrandom;


-

Method 2:
$strrandom=””;

$ivalfrom =ord(a);
$ivalto =ord(z);

for($i=$ivalfrom; $i=$ivalto; $i++)
$arralpha[] = chr($i);

mt_srand ((double) microtime() * 100);

$strrandom =
$arralpha[mt_rand(0,25)].$arralpha[mt_rand(0,25)].$arralpha[mt_rand(0,25)];
$numpart=mt_rand(10,99);
$strrandom .= $numpart;

echo random = $strrandom;

-

Explanantion:

/* I used a “for” loop to populate the array with the alphabets in lowercase
(to increase the number of values, you could probably insert uppercase
alphabets too). */

//first populate array with alphabets
$ivalfrom =ord(a);
$ivalto =ord(z);

//add the alphabets to the array
for($i=$ivalfrom; $i=$ivalto; $i++)
$arralpha[] = chr($i);

/* $arralpha is an array variable which refers to the array of 26 alphabets.
*/

/* I seed the random generator */
mt_srand ((double) microtime() * 100);

/* I wanted my string to contain 3 random letters. I use the array_rand()
function, which takes as input an array, and the number of random values
desired (which is 3 here, but it could be 26 too, equal to or less than the
size of the array). It returns an array, which contains indexes taken at
random from the array passed as the argument.*/

$rand_al = array_rand ($arralpha, 3);
/* Here, $rand_al is another array variable which contains random indexes */

$strrandom=””;
$strrandom = $arralpha[$rand_al[0]] . $arralpha[$rand_al[1]] .
$arralpha[$rand_al[3]];
/* In the above statement, the values in the $rand_al are really subscripts
of the alphabet array, so I use them as subscripts to finally arrive at the
random string. You could iterate through the generated $rand_al using a loop
to get the subscripts */

/* Please note that array_rand() will work for PHP4 and above, it may not
return random values if you do not seed the generator first, and it may
still create a problem on some windows machines (a bug, which has been fixed
on PHP 4.2.2 –dev version). In such a case, use Method 2. */

/* The two lines below add a 2-digit number to the random string. */
$numpart=mt_rand(10,99);
$strrandom .= $numpart;

-Naintara


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
t]On Behalf Of Liam MacKenzie
Sent: Thursday, July 25, 2002 1:04 PM
To: [EMAIL PROTECTED]; Monty
Subject: Re: [PHP] Password Generator Script


?
$password = substr(ereg_replace([^A-Za-z0-9], , crypt(time())) .
 ereg_replace([^A-Za-z0-9], , crypt(time())) .
 ereg_replace([^A-Za-z0-9], , crypt(time())),
 9, 10);
?

Random Password : b? echo $password; ?/b


In action:
http://scripts.operationenigma.net/passgen.php


Have fun  :-)





- Original Message -
From: Monty [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, July 25, 2002 2:49 PM
Subject: [PHP] Password Generator Script


 Can anyone recommend where I could find a decent script that automatically
 generates passwords? I don't care if they are readable or just random
 letters, numbers.

 Thanks!


 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php







--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Password Generator Script

2002-07-25 Thread Liam MacKenzie 

?
$password = substr(ereg_replace([^A-Za-z0-9], , crypt(time())) .
 ereg_replace([^A-Za-z0-9], , crypt(time())) .
 ereg_replace([^A-Za-z0-9], , crypt(time())),
 9, 10);
?

Random Password : b? echo $password; ?/b


In action:
http://scripts.operationenigma.net/passgen.php


Have fun  :-)





- Original Message -
From: Monty [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, July 25, 2002 2:49 PM
Subject: [PHP] Password Generator Script


 Can anyone recommend where I could find a decent script that automatically
 generates passwords? I don't care if they are readable or just random
 letters, numbers.

 Thanks!


 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php







-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Password Generator Script

2002-07-24 Thread Monty 

Can anyone recommend where I could find a decent script that automatically
generates passwords? I don't care if they are readable or just random
letters, numbers. 

Thanks!


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Password Generator Script

2002-07-24 Thread Richard Baskett 

Credits are with the file.  Cheers!

Rick

Finish each day and be done with it. You have done what you could; some
blunders and absurdities have crept in; forget them as soon as you can.
Tomorrow is a new day; you shall begin it serenely and with too high a
spirit to be encumbered with your old nonsense. - Ralph Waldo Emerson

 From: Monty [EMAIL PROTECTED]
 Date: Thu, 25 Jul 2002 00:49:17 -0400
 To: [EMAIL PROTECTED]
 Subject: [PHP] Password Generator Script
 
 Can anyone recommend where I could find a decent script that automatically
 generates passwords? I don't care if they are readable or just random
 letters, numbers.
 
 Thanks!
 
 
 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 



‹QÛíW{ÚF¿Aâ;Ì!¤Ø  Cȝ
áÒ*Ê£Ò5:å¡J¢“±ìÆö’õúIóÝû›µ
æÂ)U•ô¤Ê#›ÙyϺñ*ýU°:úQà
gì8xžNvÏÆÎðÈ9ŸœœpÆ£SÐï;ãGäü0*¥ÚUDG‰œKsó¾D.•Ì~œ“n   
:ŽÎZ͇l=?!ZM%d¡VۋÜ4í+7ñeü»T'J۞¶š5~ь±¦Ùڒzg©ÐV;
d¦Õíî°B™gaä›í§•U×÷_dñ\¨ÔºÏË­æJ…‰¦‚Ìßfõ‘QWí¾]
”XÌÚFw^ 
©sñüâòՓó§SztÖs—n˜¸¼{PZ:0¦ßvnÅ÷{Ÿñúp2¼^ÿã“ñ¨®ÿÿŠzo5wùaòaR©hî‘pSáOhä8£ž3îN[M7ӁTzŸÅð_ìÅa¹
Yæ÷Ï^zîRÆÒÏWõ=ۅlòEê©p¥C™LˆŒÝ÷%·8“î(áúîwÈ´Ë˔‰Ž6$’e¦AOÑÆî“”ðÉR±È
´‘­]ô
-qàZŠD(WZáx™‚ÓÕ¼Y1¯Šó©¼Ä‚»Ya’j^•Z†Wa²Ÿˆ¡éK¼€—“¼_AJe,HäÓ|žy»]ºàNú)ëÒüò'^ðËÇ

õû}²û­fà^ ZdIŸ…žHR1¡× g/ÞÐ3£}DÙ4:Ïéd=»8‡K­W“Á`½^÷å
˜ä‰¾TËA!(,WQ¯øÑçŽÇ§í=†[¡+z%ÍhÜw˜v|w°M„½øÜh5ƒ-¤Š]­Ù+ô]àx`N´|á…)b‹ˆ*A±ë
vA¼j¼ž
Aí¸®?N‚ߤ/ó$˜Ñë—ožLCD³È(Ô:Éd)Tɦçr-Ôc¤hɶ#½yü4T©®Ê[˜…Hh
m²ÕJ¨žÞ®ÑQ  
 ¦±¼ŠÞSˆúËù«üb¸m×Y|‘B   \É
Šªp†Ù²pkñN‰RðºJ¹«í¶»m
˜7fÔæû=øTHîOþmÛæ`ö)›Àû´Ê-·6£ºÝžnµ©ìb~WäÞ(Çúg`£Ã…Ö;Û)ðÖy·Õ7´çÐÕúÀp
ۧ#`
L€+ ¦@ÜÚWÀ5ðSnëÓ†»ÓÚ‹ýÀ¾Ñüö±ðЗ­a½ô×.P¦Òö¼ÂW™\ÙÅW”‰ëžaT̉û궻ýtt4̆ÎN¢/“½Dk˜À_Jui¤¡Yf„ü¼yrÜ9È|Nc„‘°Ž$Û-õDŠä7´†á®\\W[_þF¸°†³Ùþ¹… F'„œ$–“_éÌä°ý_E®¾{kwiXn°ß•R®:Ê
   
_J}G¥¾fC”+‹Pxt£Â{ºåEw@§œp³.ê.)«dãˆié9T¢jU¶Øg³Ð6™ Ìʕ‹ƒe¨ÄÄãeDbx-Ðõ0(Ñ£}ÊyyVš½KÄ

~ð%²Kô¶þÄìKÙG`B“6Y.®ÑŠŸíìJÖ]!Íæйªp×é–
O‹C!=·8×ó°ÉŒCIœùÒIEr!¸eZ[   ¦W¢™›}ðS™’yµéšOÛÇímš+¡3•Tw¬±rñ% A¦³zžE•‚³‹î«K¶
ìjUVþ}”e9ÞV%
²:ál8ÅxXF“Ü»ws…]³ˆ3N³ËêùÉÞ¥À·,üMm7}¶WÃTZº‹Le®îG)£•–fJîåùôº€bú^gÏë1ä”ø f†­È?ʜ^ÉCøµ?öo(6nŽ‘+«h‚©‰ª•W¤‡ž’:ŒáØ»Ãü_NeL}1÷„Ä\,Í5‹ÿÓÞöj¨¡†j¨¡†j¨¡†j¨¡†j¨¡†þWð7„RÁK(

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Password in script

2002-07-19 Thread Michael Hall 


Actually, there is Banother way and you should consider it.

Sensitive information like passwords should be kept in a file stored
outside the live web content directory (ie, outside DocumentRoot on
Apache). This file can then be included in your main file.

This way, you can be sure that a misconfigured Apache (accidentally or
otherwise) will never send your php scripts out as plain text.

This doesn't solve the problem of other users on the same system snooping
around your filesystem, though.

All the MySQL advice is good advice.

Michael


On Thu, 18 Jul 2002, Tyler Longren wrote:

 It's fine.  There's no other way to do it really.  Somebody would have
 to be able to see the source to the php file before they could see the
 password for mysql.  They won't get it just by viewing the webpage
 that's already been parsed by php.
 
 




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Password in script

2002-07-19 Thread Michael Hall 


The GRANT USAGE statement creates a user with no priveleges ... the user
exists but can't do anything.

See MySQL Manual section 6.13

Michael



On Fri, 19 Jul 2002, Sailom wrote:

 I just checked grant and it said something like...
 GRANT USAGE ON *.* TO 'X'@'%' IDENTIFIED BY .
 Does this means user named 'X' can log in from any server?  This may be
 a silly question.
 
 
 Jonathan Rosenberg [EMAIL PROTECTED] wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Yes, but if you're on a shared server, other users of the user will likely
  be able to read your PHP files  get the password.
 
   -Original Message-
   From: Tyler Longren [mailto:[EMAIL PROTECTED]]
   Sent: Thursday, July 18, 2002 23:10 PM
   To: Sailom
   Cc: [EMAIL PROTECTED]
   Subject: Re: [PHP] Password in script
  
  
   It's fine.  There's no other way to do it really.  Somebody would have
   to be able to see the source to the php file before they could see the
   password for mysql.  They won't get it just by viewing the webpage
   that's already been parsed by php.
  
   --
   Tyler Longren
   Captain Jack Communications
   [EMAIL PROTECTED]
   www.captainjack.com
  
  
  
   On Fri, 19 Jul 2002 10:03:02 +0700
   Sailom [EMAIL PROTECTED] wrote:
  
I am new to PHP and MySQL and never have experience in this area.  I
am writing a PHP script that connects to MySQL server.  I have to put
a password of MySQL into the PHP script.  I think it may not be
secured.  What do you think?  How can I make it more secure?  Thanks.
   
   
   
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
  
   --
   PHP General Mailing List (http://www.php.net/)
   To unsubscribe, visit: http://www.php.net/unsub.php
  
  
 
 
 
 
 

-- 

n   i   n   t   i  .   c   o   m
php-python-perl-mysql-postgresql

Michael Hall [EMAIL PROTECTED]



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Password in script

2002-07-18 Thread Sailom 

I am new to PHP and MySQL and never have experience in this area.  I am
writing a PHP script that connects to MySQL server.  I have to put a
password of MySQL into the PHP script.  I think it may not be secured.  What
do you think?  How can I make it more secure?  Thanks.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Password in script

2002-07-18 Thread Tyler Longren 

It's fine.  There's no other way to do it really.  Somebody would have
to be able to see the source to the php file before they could see the
password for mysql.  They won't get it just by viewing the webpage
that's already been parsed by php.

-- 
Tyler Longren
Captain Jack Communications
[EMAIL PROTECTED]
www.captainjack.com



On Fri, 19 Jul 2002 10:03:02 +0700
Sailom [EMAIL PROTECTED] wrote:

 I am new to PHP and MySQL and never have experience in this area.  I
 am writing a PHP script that connects to MySQL server.  I have to put
 a password of MySQL into the PHP script.  I think it may not be
 secured.  What do you think?  How can I make it more secure?  Thanks.
 
 
 
 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Password in script

2002-07-18 Thread Anas Mughal 


 Also, allow MySQL connections only from your server.
 
  Tyler Longren [EMAIL PROTECTED] wrote: It's fine. There's no other way to do 
it really. Somebody would have
to be able to see the source to the php file before they could see the
password for mysql. They won't get it just by viewing the webpage
that's already been parsed by php.

-- 
Tyler Longren
Captain Jack Communications
[EMAIL PROTECTED]
www.captainjack.com



On Fri, 19 Jul 2002 10:03:02 +0700
Sailom wrote:

 I am new to PHP and MySQL and never have experience in this area. I
 am writing a PHP script that connects to MySQL server. I have to put
 a password of MySQL into the PHP script. I think it may not be
 secured. What do you think? How can I make it more secure? Thanks.
 
 
 
 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



-
Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes

Re: [PHP] Password in script

2002-07-18 Thread Sailom 

THANKS  :)



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Password in script

2002-07-18 Thread Tyler Longren 

Yes, good point Anas.  Make sure that you have mysql set up right.  Make
sure the root mysql user has a password set and that people can't
connect from %.

tyler

On Thu, 18 Jul 2002 20:19:05 -0700 (PDT)
Anas Mughal [EMAIL PROTECTED] wrote:

 
  Also, allow MySQL connections only from your server.
  
   Tyler Longren [EMAIL PROTECTED] wrote: It's fine. There's no
   other way to do it really. Somebody would have
 to be able to see the source to the php file before they could see the
 password for mysql. They won't get it just by viewing the webpage
 that's already been parsed by php.
 
 -- 
 Tyler Longren
 Captain Jack Communications
 [EMAIL PROTECTED]
 www.captainjack.com
 
 
 
 On Fri, 19 Jul 2002 10:03:02 +0700
 Sailom wrote:
 
  I am new to PHP and MySQL and never have experience in this area. I
  am writing a PHP script that connects to MySQL server. I have to put
  a password of MySQL into the PHP script. I think it may not be
  secured. What do you think? How can I make it more secure? Thanks.
  
  
  
  -- 
  PHP General Mailing List (http://www.php.net/)
  To unsubscribe, visit: http://www.php.net/unsub.php
 
 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 
 
 
 -
 Do You Yahoo!?
 Yahoo! Autos - Get free new car price quotes

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Password in script

2002-07-18 Thread Jonathan Rosenberg 

Yes, but if you're on a shared server, other users of the user will likely
be able to read your PHP files  get the password.

 -Original Message-
 From: Tyler Longren [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, July 18, 2002 23:10 PM
 To: Sailom
 Cc: [EMAIL PROTECTED]
 Subject: Re: [PHP] Password in script


 It's fine.  There's no other way to do it really.  Somebody would have
 to be able to see the source to the php file before they could see the
 password for mysql.  They won't get it just by viewing the webpage
 that's already been parsed by php.

 --
 Tyler Longren
 Captain Jack Communications
 [EMAIL PROTECTED]
 www.captainjack.com



 On Fri, 19 Jul 2002 10:03:02 +0700
 Sailom [EMAIL PROTECTED] wrote:

  I am new to PHP and MySQL and never have experience in this area.  I
  am writing a PHP script that connects to MySQL server.  I have to put
  a password of MySQL into the PHP script.  I think it may not be
  secured.  What do you think?  How can I make it more secure?  Thanks.
 
 
 
  --
  PHP General Mailing List (http://www.php.net/)
  To unsubscribe, visit: http://www.php.net/unsub.php

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Password in script

2002-07-18 Thread Sailom 

I just checked grant and it said something like...
GRANT USAGE ON *.* TO 'X'@'%' IDENTIFIED BY .
Does this means user named 'X' can log in from any server?  This may be
a silly question.


Jonathan Rosenberg [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Yes, but if you're on a shared server, other users of the user will likely
 be able to read your PHP files  get the password.

  -Original Message-
  From: Tyler Longren [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, July 18, 2002 23:10 PM
  To: Sailom
  Cc: [EMAIL PROTECTED]
  Subject: Re: [PHP] Password in script
 
 
  It's fine.  There's no other way to do it really.  Somebody would have
  to be able to see the source to the php file before they could see the
  password for mysql.  They won't get it just by viewing the webpage
  that's already been parsed by php.
 
  --
  Tyler Longren
  Captain Jack Communications
  [EMAIL PROTECTED]
  www.captainjack.com
 
 
 
  On Fri, 19 Jul 2002 10:03:02 +0700
  Sailom [EMAIL PROTECTED] wrote:
 
   I am new to PHP and MySQL and never have experience in this area.  I
   am writing a PHP script that connects to MySQL server.  I have to put
   a password of MySQL into the PHP script.  I think it may not be
   secured.  What do you think?  How can I make it more secure?  Thanks.
  
  
  
   --
   PHP General Mailing List (http://www.php.net/)
   To unsubscribe, visit: http://www.php.net/unsub.php
 
  --
  PHP General Mailing List (http://www.php.net/)
  To unsubscribe, visit: http://www.php.net/unsub.php
 
 




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Password in script

2002-07-18 Thread Richard Baskett 

Ok I am going to give out my little secret that was passed to me.  Your
worry is warranted in my opinion especially since let's say your isp is in
the middle of an upgrade or something happens to php that breaks it.. Now
your php code is being shown as regular text.. Anybody can see your code.
There are a lot of things that could possibly go wrong.. Maybe an error
happens and it shows where you have the error and it shows your username and
password.. So many things.. So use an external file that is below your
htdocs/www/public_html directory.  I usually use a directory called
phpinc/php_inc/php.  Call it whatever you want :) and then put a file in it
called say.. query.inc

query.inc
?
  function queryDB ($query) {
$connect = mysql_pconnect('host', 'username', 'password');
$result = mysql_db_query('database',$query,$connect);
if ($result) {
  return $result;
} else {
  echo h1Error in Query/h1;
  echo Query: \$query\br /;
  echo mysql_errno($connect).: font
color=\red\.mysql_error($connect)./fontbr /;
  exit;
}
  }
?

Include this file within any file that will be doing database queries. Then
whenever you want to make a call to the database use this syntax:

$result = queryDB(YOUR SQL QUERY HERE);

Plus it will show you where you are getting your mysql errors when you have
them.  It's a great little function.. Thank you John Ash! :)  Gotta give
credit where it's due :)

I hope it helps!

Cheers!

Rick

He who is devoid of the power to forgive is devoid of the power to love. -
Dr. Martin Luther King, Jr.

 From: Sailom [EMAIL PROTECTED]
 Date: Fri, 19 Jul 2002 11:33:59 +0700
 To: [EMAIL PROTECTED]
 Subject: Re: [PHP] Password in script
 
 I just checked grant and it said something like...
 GRANT USAGE ON *.* TO 'X'@'%' IDENTIFIED BY .
 Does this means user named 'X' can log in from any server?  This may be
 a silly question.
 
 
 Jonathan Rosenberg [EMAIL PROTECTED] wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Yes, but if you're on a shared server, other users of the user will likely
 be able to read your PHP files  get the password.
 
 -Original Message-
 From: Tyler Longren [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, July 18, 2002 23:10 PM
 To: Sailom
 Cc: [EMAIL PROTECTED]
 Subject: Re: [PHP] Password in script
 
 
 It's fine.  There's no other way to do it really.  Somebody would have
 to be able to see the source to the php file before they could see the
 password for mysql.  They won't get it just by viewing the webpage
 that's already been parsed by php.
 
 --
 Tyler Longren
 Captain Jack Communications
 [EMAIL PROTECTED]
 www.captainjack.com
 
 
 
 On Fri, 19 Jul 2002 10:03:02 +0700
 Sailom [EMAIL PROTECTED] wrote:
 
 I am new to PHP and MySQL and never have experience in this area.  I
 am writing a PHP script that connects to MySQL server.  I have to put
 a password of MySQL into the PHP script.  I think it may not be
 secured.  What do you think?  How can I make it more secure?  Thanks.
 
 
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 
 
 
 
 
 
 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php