Re: [PHP-DB] Passwords
Benjamin Stambaugh wrote: Hi, I have created a user login/registration page. As of now I am using a MySQL database to store the info of the user. To validate the user I also have the password stored in the same DB. I was wondering if there is a way that I can store the password in the DB so that it is encrypted or something. Just so it is not in plain text. Sure, mysql.com and seasrch for crypt. Not sure why this is asked on a PHP list since it has nothing to do with PHP. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] flash/php problem
Actually, I don't see why either method would work:
1) Call php, which updates, then calls swf.
or
2) Call swf, which calls php to make update.
No difference, both ways the job gets done.. What's the AMFPHP deal? I'll have
to take a look at that..
-Micah
On Wednesday 08 March 2006 11:23 pm, Anthony Lee wrote:
query(update hitcounter set plays = plays+1 where file =
{$_GET['file']}); header(Location: play.swf?file={$_GET['file']});
Sorry I didn't read this thread thoroughly enough. This looks like a good
solution to me.
You just need to have the swf make the request and return the mp3 to
the swf not
a reference to another swf.
query(update hitcounter set plays = plays+1 where file =
{$_GET['file']}); if (!error) header(Location: {$_GET['file']}.mp3);
Tony
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] flash/php problem
Or rather, 'wouldn't work'.. my negatives are always screwey before 8..
On Thursday 09 March 2006 7:07 am, Micah Stevens wrote:
Actually, I don't see why either method would work:
1) Call php, which updates, then calls swf.
or
2) Call swf, which calls php to make update.
No difference, both ways the job gets done.. What's the AMFPHP deal? I'll
have to take a look at that..
-Micah
On Wednesday 08 March 2006 11:23 pm, Anthony Lee wrote:
query(update hitcounter set plays = plays+1 where file =
{$_GET['file']}); header(Location: play.swf?file={$_GET['file']});
Sorry I didn't read this thread thoroughly enough. This looks like a good
solution to me.
You just need to have the swf make the request and return the mp3 to
the swf not
a reference to another swf.
query(update hitcounter set plays = plays+1 where file =
{$_GET['file']}); if (!error) header(Location: {$_GET['file']}.mp3);
Tony
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Passwords
Not PHP? http://us3.php.net/crypt Bastien From: JupiterHost.Net [EMAIL PROTECTED] To: php-db@lists.php.net php-db@lists.php.net Subject: Re: [PHP-DB] Passwords Date: Thu, 09 Mar 2006 07:23:07 -0600 Benjamin Stambaugh wrote: Hi, I have created a user login/registration page. As of now I am using a MySQL database to store the info of the user. To validate the user I also have the password stored in the same DB. I was wondering if there is a way that I can store the password in the DB so that it is encrypted or something. Just so it is not in plain text. Sure, mysql.com and seasrch for crypt. Not sure why this is asked on a PHP list since it has nothing to do with PHP. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Database abuse help needed
Hi there everyone, Is there a better way I can do this? if ($email == [EMAIL PROTECTED] OR $subject == Rulez666 Basically, if I have data coming from a form to a DB, is there a better way to say check EVERY variable for a specific set of words rather than doing $name, $subject etc seperately? The reason I ask is my scripts are being exploited and I can fix it when the attacks happen, but i'd like to be able to have a string which checks all the form data and takes action if a word I define in a list exists. So, instead of doing if ($name == mememe .. if($email == [EMAIL PROTECTED] ... I could just have a simple statement with a group of words, and if one of the words appears it takes an action I specify such as do not proceed to add to DB etc Any help would be greatly appreciated as I am tired of keep writing the same scripts with different variables, i'd love to just grab all the variables from the form and perform the action ONCE on the incoming form data and then all the variables are affected instead of doing each one. Please save me from going nuts :-) Chris
RE: [PHP-DB] Database abuse help needed
If you POST from your form use $_POST, or $_GET for a form GET
foreach($_POST as $key = $value){
if( strpos($value, $findme) !== false ){
//$findme was found in $value
}
}
http://php.net/manual/en/reserved.variables.php
http://us2.php.net/manual/en/control-structures.foreach.php
http://us2.php.net/strpos Yes, that's !== or ===
-Original Message-
From: Chris Payne [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 09, 2006 5:21 PM
To: php-db@lists.php.net
Subject: [PHP-DB] Database abuse help needed
Hi there everyone,
Is there a better way I can do this?
if ($email == [EMAIL PROTECTED] OR $subject == Rulez666
Basically, if I have data coming from a form to a DB, is there a better way
to say check EVERY variable for a specific set of words rather than doing
$name, $subject etc seperately?
The reason I ask is my scripts are being exploited and I can fix it when the
attacks happen, but i'd like to be able to have a string which checks all
the form data and takes action if a word I define in a list exists.
So, instead of doing if ($name == mememe .. if($email ==
[EMAIL PROTECTED] ... I could just have a simple statement with a
group of words, and if one of the words appears it takes an action I specify
such as do not proceed to add to DB etc
Any help would be greatly appreciated as I am tired of keep writing the same
scripts with different variables, i'd love to just grab all the variables
from the form and perform the action ONCE on the incoming form data and then
all the variables are affected instead of doing each one.
Please save me from going nuts :-)
Chris
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Database abuse help needed
Thank you for that. And excuse the inexperience, but how would I use an
Array with the below? I mean say I had words such as this,is,a,bad,word
(Just as examples as I can't post what I'm trying to block on here) how
would I loop through those to check if any of them exist and if they do THEN
execute the error script? I'm not too good with Arrays - but I'm learning.
Thank you
Chris
If you POST from your form use $_POST, or $_GET for a form GET
foreach($_POST as $key = $value){
if( strpos($value, $findme) !== false ){
//$findme was found in $value
}
}
http://php.net/manual/en/reserved.variables.php
http://us2.php.net/manual/en/control-structures.foreach.php
http://us2.php.net/strpos Yes, that's !== or ===
-Original Message-
From: Chris Payne [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 09, 2006 5:21 PM
To: php-db@lists.php.net
Subject: [PHP-DB] Database abuse help needed
Hi there everyone,
Is there a better way I can do this?
if ($email == [EMAIL PROTECTED] OR $subject == Rulez666
Basically, if I have data coming from a form to a DB, is there a better way
to say check EVERY variable for a specific set of words rather than doing
$name, $subject etc seperately?
The reason I ask is my scripts are being exploited and I can fix it when the
attacks happen, but i'd like to be able to have a string which checks all
the form data and takes action if a word I define in a list exists.
So, instead of doing if ($name == mememe .. if($email ==
[EMAIL PROTECTED] ... I could just have a simple statement with a
group of words, and if one of the words appears it takes an action I specify
such as do not proceed to add to DB etc
Any help would be greatly appreciated as I am tired of keep writing the same
scripts with different variables, i'd love to just grab all the variables
from the form and perform the action ONCE on the incoming form data and then
all the variables are affected instead of doing each one.
Please save me from going nuts :-)
Chris
--
PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Passwords
Merely commenting that its not only DBs that can do the encrypting. Bastien From: JupiterHost.Net [EMAIL PROTECTED] To: php-db@lists.php.net Subject: Re: [PHP-DB] Passwords Date: Thu, 09 Mar 2006 19:07:11 -0600 Bastien Koert wrote: Not PHP? Correct, not PHP. most DB engines have built in encryption funtions for use in their INSERT (IE store the password in the DB so that it is encrypted) and SELECT (for verifying it with the same funtion you used in INSERT) http://us3.php.net/crypt yes Not PHP: a) crypt() has nothing to do with a query b) every language has a crypt function The question has more to do with a general idea of how to accomplish a task, the most suitable answer to is to be had in their DB documentation, since data should be independant of the language handling it (whether it a real language like C or Perl or a wanna be duct taped hack like PHP - no need for flames, I won't listen or care ;p) -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Passwords
Hi Ben,
I have created a user login/registration page. As of now I
am using a MySQL database to store the info of the user. To
validate the user I also have the password stored in the same
DB. I was wondering if there is a way that I can store the
password in the DB so that it is encrypted or something.
Just so it is not in plain text.
You can use,
SQL Insert into users_table(user_name, pass_word) values ('your_name',
PASSWORD('your_pass'));
And crypted password will be saved in the DB
To verify password you can use something like...
SQL select * from users_table where user_name = 'your_name' and
pass_word = PASSWORD('your_pass');
If the select query is not empty then user credentials are matching.
As others have suggested PHP crypt functions are useful when you want to
encrypt data within the DB like credit card details, Company Executives
Salary and stuff like that. For password encryption the best is MySQL
inbuilt encryption. MD5 is another I use with PHP, which is not really
necessary.
Kosala
www.linux.lk/~kosala/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
