>
> The basic model for password authentication is to use one way crypt
> routines. MySql has several, PHP also has them. The basic algorithm
> would be like this:
>
> 1) read the password from the form.
> 2) read the password from you datastore that matches the user name or
> session
> 3) encrypt
Try again, and include the actual link this time, dummy. :-)
On Wed, Jul 8, 2009 at 5:30 PM, Andrew Ballard wrote:
> On Wed, Jul 8, 2009 at 4:45 PM, PJ wrote:
>> Andrew Ballard wrote:
>>> On Wed, Jul 8, 2009 at 11:53 AM, PJ wrote:
I have a couple of questions/comments re all this:
>
> [s
On Wed, Jul 8, 2009 at 4:45 PM, PJ wrote:
> Andrew Ballard wrote:
>> On Wed, Jul 8, 2009 at 11:53 AM, PJ wrote:
>>> I have a couple of questions/comments re all this:
>>>
[snip]
>>> 2. Cleaning is another bloody headache, for me anyway. I have found that
>>> almost every time I try to do some cle
Paul M Foster wrote:
> On Wed, Jul 08, 2009 at 03:23:49PM -0400, Bob McConnell wrote:
>
>
>> From: Tony Marston
>>
>>
>>> I do not follows rules which cannot be justified beyond the expression
>>>
>> "It
>>
>>> is there, so obey it!" Why is it there? What are the alternatives?
Tony Marston wrote:
> I do not follows rules which cannot be justified beyond the expression "It
> is there, so obey it!" Why is it there? What are the alternatives? What harm
> does it do? What happens if the rule is disobeyed?
Damn, isn't life frustrating... in case no one has noticed, 99 % of
Andrew Ballard wrote:
> On Wed, Jul 8, 2009 at 11:53 AM, PJ wrote:
>
>> Michael A. Peters wrote:
>>
>>> Daniel Brown wrote:
>>>
First, a reminder to several (including some in this thread) that
top-posting is against the law here.
On Wed, Jul 8, 2009 at 09:48,
On Wed, Jul 08, 2009 at 03:23:49PM -0400, Bob McConnell wrote:
> From: Tony Marston
>
> > I do not follows rules which cannot be justified beyond the expression
> "It
> > is there, so obey it!" Why is it there? What are the alternatives?
> What harm
> > does it do? What happens if the rule is d
just an observation here, but are we not getting close to breaking another
rule?
"Do not high-jack threads, by bringing up entirely new topics. Please create
an entirely new thread copying anything you wish to quote into the new
thread."
I know some feel this is important but if i was searching f
On Wed, Jul 8, 2009 at 3:06 PM, Tony
Marston wrote:
[snip]
> I don't like this rule, so I choose to disobey it.
Now that's some scary ideology.
Andrew
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
From: Tony Marston
> I do not follows rules which cannot be justified beyond the expression
"It
> is there, so obey it!" Why is it there? What are the alternatives?
What harm
> does it do? What happens if the rule is disobeyed? Top posting existed
in
> the early days of the internet, and for a
I do not follows rules which cannot be justified beyond the expression "It
is there, so obey it!" Why is it there? What are the alternatives? What harm
does it do? What happens if the rule is disobeyed? Top posting existed in
the early days of the internet, and for a logical reason. Then some ar
On Wed, 2009-07-08 at 13:03 -0400, Bastien Koert wrote:
> On Wed, Jul 8, 2009 at 12:50 PM, Daniel Brown wrote:
> > On Wed, Jul 8, 2009 at 12:38, Tony Marston
> > wrote:
> >> What rules? I never agreed to abide by any rules before I started posting
> >> to
> >> this group. My newsreader assumes to
On Wed, Jul 8, 2009 at 13:02, Tony Marston wrote:
> I do not regard that as a concrete rule, and certainly not one worth
> bothering about. Lots of newsgroups I visited before coming here allowed top
> posting, so it is arrogant for someone to say "I personally don't like top
> posting, so I'll mak
On Wed, Jul 8, 2009 at 12:50 PM, Daniel Brown wrote:
> On Wed, Jul 8, 2009 at 12:38, Tony Marston
> wrote:
>> What rules? I never agreed to abide by any rules before I started posting to
>> this group. My newsreader assumes top posting by default, so I have been top
>> posting for the past 10 year
I do not regard that as a concrete rule, and certainly not one worth
bothering about. Lots of newsgroups I visited before coming here allowed top
posting, so it is arrogant for someone to say "I personally don't like top
posting, so I'll make a rule that disallows it". A sensible rule, and one
On Wed, Jul 8, 2009 at 12:38, Tony Marston wrote:
> What rules? I never agreed to abide by any rules before I started posting to
> this group. My newsreader assumes top posting by default, so I have been top
> posting for the past 10 years. If you don't like it then it is your problem,
> not mine.
What rules? I never agreed to abide by any rules before I started posting to
this group. My newsreader assumes top posting by default, so I have been top
posting for the past 10 years. If you don't like it then it is your problem,
not mine.
--
Tony Marston
http://www.tonymarston.net
http://www
On Wed, Jul 8, 2009 at 12:14, Tony Marston wrote:
> No it isn't. That's just your personal preference. Mine is different.
Uhh Tony, if that's in response to me, you're wrong. Please
read the rules before posting what you believe to be fact. ;-P
--
daniel.br...@parasane.net || danbr...
No it isn't. That's just your personal preference. Mine is different.
--
Tony Marston
http://www.tonymarston.net
http://www.radicore.org
"PJ" wrote in message
news:4a54c0e8.2080...@videotron.ca...
> Michael A. Peters wrote:
>> Daniel Brown wrote:
>>> First, a reminder to several (including
On Wed, Jul 8, 2009 at 11:53 AM, PJ wrote:
> Michael A. Peters wrote:
>> Daniel Brown wrote:
>>> First, a reminder to several (including some in this thread) that
>>> top-posting is against the law here.
>>>
>>> On Wed, Jul 8, 2009 at 09:48, Martin Scotta
>>> wrote:
$sql = 'SELECT * FROM y
Michael A. Peters wrote:
> Daniel Brown wrote:
>> First, a reminder to several (including some in this thread) that
>> top-posting is against the law here.
>>
>> On Wed, Jul 8, 2009 at 09:48, Martin Scotta
>> wrote:
>>> $sql = 'SELECT * FROM your-table WHERE username = \''. $username .'\'
>>> a
Daniel Brown wrote:
First, a reminder to several (including some in this thread) that
top-posting is against the law here.
On Wed, Jul 8, 2009 at 09:48, Martin Scotta wrote:
$sql = 'SELECT * FROM your-table WHERE username = \''. $username .'\'
and passwd = md5( concat( \'' . $username .'\',
On Wed, Jul 8, 2009 at 10:44 AM, Andrew Ballard wrote:
> On Wed, Jul 8, 2009 at 9:48 AM, Martin Scotta wrote:
>> $sql = 'SELECT * FROM your-table WHERE username = \''. $username .'\'
>> and passwd = md5( concat( \'' . $username .'\', \'@\', \'' . $password
>> .'\'))';
>>
>> I use this solution beca
On Wed, Jul 8, 2009 at 9:48 AM, Martin Scotta wrote:
> $sql = 'SELECT * FROM your-table WHERE username = \''. $username .'\'
> and passwd = md5( concat( \'' . $username .'\', \'@\', \'' . $password
> .'\'))';
>
> I use this solution because md5 run faster in Mysql
>
>
>
>
> --
> Martin Scotta
>
If
First, a reminder to several (including some in this thread) that
top-posting is against the law here.
On Wed, Jul 8, 2009 at 09:48, Martin Scotta wrote:
> $sql = 'SELECT * FROM your-table WHERE username = \''. $username .'\'
> and passwd = md5( concat( \'' . $username .'\', \'@\', \'' . $pass
$sql = 'SELECT * FROM your-table WHERE username = \''. $username .'\'
and passwd = md5( concat( \'' . $username .'\', \'@\', \'' . $password
.'\'))';
I use this solution because md5 run faster in Mysql
On Wed, Jul 8, 2009 at 10:28 AM, Andrew Ballard wrote:
> On Tue, Jul 7, 2009 at 11:05 PM, Micha
On Tue, Jul 7, 2009 at 11:05 PM, Michael A. Peters wrote:
> Carl Furst wrote:
>
>>
>> > $salt = 'someglobalsaltstring'; # the salt should be the same salt used
>> when storing passwords to your database otherwise it won't work
>> $passwd = crypt($_GET['passwd'], $salt);
>
> I personally use the use
On Wednesday 08 July 2009 04:25:46 Carl Furst wrote:
> These are great ideas.
>
> Another option would be to have the user choose a pin number and use
> either the literal pin or the encrypted pin as part of the salt. This
> way only when you change the pin do you need to change the password,
> whi
These are great ideas.
Another option would be to have the user choose a pin number and use
either the literal pin or the encrypted pin as part of the salt. This
way only when you change the pin do you need to change the password,
which is probably what you would want anyway.
Michael A. Peters
Carl Furst wrote:
I personally use the username and the salt.
That way two users with identical passwords have different hashes.
With large databases, many users will have the same password, there are
some that are just commonly used. The hackers know what they are, and if
they get your ha
Carl Furst wrote:
The basic model for password authentication is to use one way crypt
routines. MySql has several, PHP also has them. The basic algorithm
would be like this:
1) read the password from the form.
2) read the password from you datastore that matches the user name or
session
3) encry
The basic model for password authentication is to use one way crypt
routines. MySql has several, PHP also has them. The basic algorithm
would be like this:
1) read the password from the form.
2) read the password from you datastore that matches the user name or
session
3) encrypt the password on
PJ wrote:
> Jason Carson wrote:
>
>>> On Mon, Jul 6, 2009 at 02:19, Jason Carson wrote:
>>>
>>>
ok, I have two sets of scripts here. One uses setcookie() for logging
into
the admin panel and the other uses session_start(). Both are working
fine,
is one more s
> Jason Carson wrote:
>>> On Mon, Jul 6, 2009 at 02:19, Jason Carson wrote:
>>>
ok, I have two sets of scripts here. One uses setcookie() for logging
into
the admin panel and the other uses session_start(). Both are working
fine,
is one more secure than the other?
>>>
Jason Carson wrote:
>> On Mon, Jul 6, 2009 at 02:19, Jason Carson wrote:
>>
>>> ok, I have two sets of scripts here. One uses setcookie() for logging
>>> into
>>> the admin panel and the other uses session_start(). Both are working
>>> fine,
>>> is one more secure than the other?
>>>
>>
> On Mon, Jul 6, 2009 at 02:19, Jason Carson wrote:
>>>
>> ok, I have two sets of scripts here. One uses setcookie() for logging
>> into
>> the admin panel and the other uses session_start(). Both are working
>> fine,
>> is one more secure than the other?
>
> $_COOKIE data is written to a file
On Mon, Jul 6, 2009 at 02:19, Jason Carson wrote:
>>
> ok, I have two sets of scripts here. One uses setcookie() for logging into
> the admin panel and the other uses session_start(). Both are working fine,
> is one more secure than the other?
$_COOKIE data is written to a file that is readabl
> On Mon, Jul 6, 2009 at 2:01 AM, Jason Carson wrote:
>>> On Mon, Jul 6, 2009 at 1:45 AM, Jason Carson
>>> wrote:
> Hello everyone,
>
> I am trying to create a PHP login script using cookies but am having
> some
> troubles. Here is my setup
>
> Â Â index.php -> authent
On Mon, Jul 6, 2009 at 2:01 AM, Jason Carson wrote:
>> On Mon, Jul 6, 2009 at 1:45 AM, Jason Carson wrote:
Hello everyone,
I am trying to create a PHP login script using cookies but am having
some
troubles. Here is my setup
index.php -> authenticate.php -> adm
> On Mon, Jul 6, 2009 at 1:45 AM, Jason Carson wrote:
>>> Hello everyone,
>>>
>>> I am trying to create a PHP login script using cookies but am having
>>> some
>>> troubles. Here is my setup
>>>
>>> Â Â index.php -> authenticate.php -> admin.php
>>>
>>> I want a login form on index.php that allow
On Mon, Jul 6, 2009 at 1:45 AM, Jason Carson wrote:
>> Hello everyone,
>>
>> I am trying to create a PHP login script using cookies but am having some
>> troubles. Here is my setup
>>
>> index.php -> authenticate.php -> admin.php
>>
>> I want a login form on index.php that allows me to login wi
>> Hello everyone,
>>
>> I am trying to create a PHP login script using cookies but am having
>> some
>> troubles. Here is my setup
>>
>> index.php -> authenticate.php -> admin.php
>>
>> I want a login form on index.php that allows me to login with my
>> username
>> and password and then passes
> Hello everyone,
>
> I am trying to create a PHP login script using cookies but am having some
> troubles. Here is my setup
>
> index.php -> authenticate.php -> admin.php
>
> I want a login form on index.php that allows me to login with my username
> and password and then passes $_POST['userna
On Mon, Jul 06, 2009 at 12:03:34AM -0400, Jason Carson wrote:
> Hello everyone,
>
> I am trying to create a PHP login script using cookies but am having some
> troubles. Here is my setup
>
> index.php -> authenticate.php -> admin.php
>
> I want a login form on index.php that allows me to lo
Hello everyone,
I am trying to create a PHP login script using cookies but am having some
troubles. Here is my setup
index.php -> authenticate.php -> admin.php
I want a login form on index.php that allows me to login with my username
and password and then passes $_POST['username'] and $_POST
45 matches
Mail list logo
