PHP :: Encrypting PHP Pages

Encrypting
i want to store encrypted passwords in a mysql table. what is a good recommendation on how to encrypt them. currently i'm using the mysql password() function, but i'm running into problems with spaces.

if a username=test
and password=joe

it still allows password=' j o e '

with any amount of spaces ANYWHERE in the password as long as the string has the correct password text ....i.e. the j, the o, and the e in the correct order.

wtf is up with that? what the hell is the point of the password() function, if it doesn't care about spaces? am i missing something here? if i am, i would love to be helped out, otherwise i'm going to have to use a php encryption method instead of mysql.

Encrypting
I want to encrypt code on the server side so that if the person i sell a software package too tries to sell it off he won't be able too. is this possible? and what software is best?

Encrypting URL String
I have a url string such as:

http://www.mysite.com/showrecord.php?ID=3456789

The "3456789" is dynamic, of course, but I'd like to know how to encrypt it so that website users can not see it...how can I do this?

Obfuscating/Encrypting PHP
I know there are a few free and paid php source code encryption
scripts around. Has anyone used one, and any feedback?

I am interested in encrypting source that is placed on a remote host.

Encrypting Data
I'm looking for a good way to encrypt data going into a database. It will get to the server via SSL, but i'm looking for something to back me up in the event a malicious user gets in and tries to steal info. I also need a way to decode this information later to be used by other scripts.

Encrypting Files
I need some sort of file encryption that I can invoke from my PHP web pages,
to protect sensitive files uploaded/downloaded by clients.

I use https (SSL) for the upload/download, but once the transfer is
complete, the files will reside on the server in unencrypted form. I want to
be able to apply at least one form of file encryption (Blowfish, AES, etc.).

Every PHP solution that I've found so far seems too slow or too limited. The
files I need to encrypt average from 5MB to 10MB in size. How can I use
mcrypt() with files this large? It seems like my server is killing the PHP
process before it can complete (maybe taking too long?). It can run to
completion if I use a smaller file (e.g. 50KB).

My server is a version of Redhat with Apache.

Can anyone recommend the easiest/fastest way to integrate file encryption
into my website? Using a PHP class? Using shell_exec? Using CGI/Perl?

If the encryption process would take too long to occur in real-time while
the user is waiting for the page to complete, I can probably trigger a cron
job to do the encryption in background.

Encrypting And Cookies
if i want to send secure information to my sister:

1) generate a key on keyfocus on my local machine (not connected to the
web using keyfocus webserver)

2) base64_encode encrypted data using the key (on my local machine)

3) set the cookie on the user machine using the encrypted base64_encoded
value from step 2 ( sister sets cookie using password protected folder
on ipower web host by executing something like

<?php

$str="...edit menu - copy value from step 2 goes here " ;
// base64_encoded encrypted string.
setcookie("visits", $str);
// this sets an encrypted base64 (string) cookie on the computer
echo "an encrypted cookie is now set on your computer";

?>

4) decrypt the cookie ( sister decrypts on local machine using keyfocus
webserver i install )

I would also put some sort of time limit on the cookie for expiring.
Probably could just leave it for when the browser closes.

Does this plan seem like it would work???
Is this a case where i also would use ssl in step 3 (ssl would point to
setcookie script ). Sister would open index.php file in password
protected directory and click a link that would take her to the
setcookie.php file that is ssl protected.

I scammed the code from the web on how to encrypt and decrypt and it
works good (thanks for posting it in the php manual ). now i need to
put all the steps together to send the data to my sister.

Encrypting Passwords
I have written a tool wich de/encrypts a few of my forum and
bloggin-Passwords.
My question is how secure it is.
The following describes how I have encrypted my passwords.

When I log in, the Login-Password is changed into a md5-Hash and is
compared to the login-password in the db. If the passwords are the same
the use is logged in (common procedure). Then the clear-text
login-password decrypts an unknown key which is stored in the
$_SESSION-Variable. With that key I decrypt the stored passwords in the
db.
I use the Blowfish Algorithm
(http://www.php-einfach.de/sonstiges...fish_script.php,
Source is in German, sorry.).
How secure is the Blowfish Algorithm?
Each time I log in to my Site, the script generates a new key and
de/encrypts all the stored passwords again. So the stored
crypted-passwords look different everytime I login.

1 Way Encrypting Passwords.
I'm wanting to one way encrypt passwords users enter into my database using the crypt(); function. However as I read tutorial after tutorial i'm very confused on the syntax of using a salt to ensure you get the same results both ways. After reading a bit I think baublefish is the best encryption method, but how do I actually write it out.

$password = $_REQUEST['password'];
$cryptpassword = crypt($password,??????????);

Encrypting And Decrypting
I need to encrypt and decrypt some stuff on my site. I know that hash is a one way process. Can anyone point me in the right direction encrypting and then decrypting.

PHP Obfuscator Vs Encrypting
I am writing PHP code that I don't want to be edited by the person I give to. I want to know which is best, encrpyting the code or obfuscatoring it. I would also like to know the bright side to both options, and the down side. Let us assume neither require any extra PHP libraries to be on the server they run from.

Encrypting Output Of Web Forms
Hi all. I recently purchased a program called easyformit to build web forms for my sites. It is a php based form building app. The problem I am having is that I need to be able to encrypt the output of some of the forms because they contain sensitve personal info. I signed up for a service called hushmail forms that looked to be the ticket. It was supposed to replace the form tag at the start of the form and encrypt the form and send it to a email on a hushmail server. The tag replacement completly breaks the for it acts like it will submit but wont. Anyone have any knowlege of a php script that someone with no php knowlede can implement that would encrypt the form output. I tried gnupg which is on my redhat server already, but cant seem to figure out how to encrypt the output. Hope this is the correct place for this question.

Encrypting Emails With A Certificate?
I need to encrypt emails sent with PHP and have Outlook automatically
decrypt them when they are opened. I have a certificate, but I am not sure
how to use it with PHP.

Encrypting The Cookie Values
Can someone help me out with an encryption program for encrypting the cookie values.
This i thought would ensure safety.

Hiding Or Encrypting URL Encodes.
I run an online game and in some of the scripts I have had the problem of players being able to input their own values in to the URL string such as

script.php?action=viewforum&team=1

and lets say they want to view team 2's messages some players will type

script.php?action=viewforum&team=2

directly into their browser's address and will be able to view people infromation. This is one example, there are others that have been able to abuse the same methods on the Beta tests to give them more units or money, etc.

Anyone have ideas how to prevent this? I have used PERL based apps before that will encrypt the things past the ? mark into goboley-gook (technical term) so that it is harder to do this. My Question is this a good idea? One idea I have is to use an encode_base_64 or some similar method to pass all the variables to the script then decode the values during the script's excution.

I read the security piece about not decrypting scripts to say test for password, which I don't, the password is check with its stored MD5 value in the database. However, I am not so concerned with over all security of the data passed, just to make it to where the average semi-intelligence computer user cannot easily take advantage of the system.

Encrypting And Protecting Your PHP Code.
I recently spent several weeks building a very detailed and extensive site for a client. After I completed it on their server, the client refused to pay me what I requested. I do not want to be a rough person and delete all the files on the server, I don't feel two wrongs make a right. However, I want to protect my scripting from other people getting access to it.

I am going to let the client have the website, however, I want to encrypt or encode or do something to the code so that it cannot be read without having a key or something.

Is there any software that can do this for me?

I use dreamweaver cs, is there an addon for it that I can maybe use?

Avioding Expired Pages, & Carrying Data Accross Multiple Form Pages
I have a checkout/order form that consists of 6 pages, all PHP. The are linked to one another, like, after the user finishes page 1, they proceed to page 2, etc... The first two pages are submitted by a GET link, so those are not in my question. The next 4 are submitted using a <form>. Throughout all of the pages, i would probably have about 25-30 variables, things that the user has to fill out. I have two questions,

1. What would be the best way for me to keep track of all the data moving throughout the pages, like storing it from page 4, and i still need to access it on page 6.
2. I don't know if anyone could help me here, but does anyone know of a way to code around those ugly "page expired" pages, because of a submitted form. If a user needs to go back, which most likely they will, is there some sort of way for me to skip the expired page?

PHP And SQL Encrypting Data Before Sending To Database
I know it is possible but dont know how to do it!

how can you encrypt data using php before sending it to a MySQL database (e.g password) and then dycrypt it when retriving it.

Encrypting A String (and Server Varaibles)
I have a function that serves audio as a stream. I don't want people to see
the filename. But I am using urls of this sort:

audio.php?op=serveaudio&file=www.somefile.mp3

1) How can I encrypt www.somefile.mp3 and then reconstruct it?

2) How should I really be doing this? Should I be putting the file name into
a server variable? If so, what would that syntax be?

Encrypting Form Data With GnuPG
I'm trying to get my PHP form processor to encrypt the data using GnuPG.

$gpg = 'usr/bin/gpg';
$recipient = 'first.last@domain.com';
$encrypted_message = base64_encode(shell_exec("echo $message | $gpg -e -r $recipient"));
What I get in return is "Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING" for the first or second line. I wonder why? Could it be that the path to the binary is wrong?

I have tried using double quotes and changing the variables names.

Mcrypt - Encrypting Special Characters
I'm not sure whether this is a known or documented issue (I could'nt turn anything up, but maybe I'm not looking hard enough), but I seem to be have a problem encrypting and decrypting entries with special characters - namely the '@' symbol.

For example I can encrypt and decrypt a name or an address - however, if I try this with an email address that contains the '@' symbol, such as:

nobody@nobody.com

what I get when I decrypt this is:

n

Just the first letter of the entry.

I have been using the GOST cipher, so I'm wondering if it is related to this cipher, or whether there is a problem with special characters in general.

Encrypting Variable Values Passed Thru A Link In A Web Page
I am working on a project in PHP / Mysql on linux platform. The project has a login page where any registered user is supposed to login before he/she can have access to some major functionalities in the project.

Since I need to check the authenticity of the user in other secured pages, I have to carry forward the username with which he/she has logged. As I am doing so, the username is appearing in the url. This of course is a major security lapse.

Converting Html Pages Into Dynamic Pages
I built a website in html, using Dreamweaver. I need to have a database built within these pages and the person who is going to do it told me that they will have to convert all my html pages into dynamic pages (php).

Is it complicated to do this or do I just have to save my pages in php instead of html in Dreamweaver ?

Sending People To Specific Pages That Are Coming From Specific Pages...
I want to show some specific pages to people that comes to my site from
specific urls, I know the variable $_SERVER['HTTP_REFERER'] will be
used but how?

For ex if the visitor comes from a site that is like:

I want to send this person a specific.php . I used below code but not
worked:

<?php

if($_SERVER['HTTP_REFERER'] == "www.cominghost.com" ||
$_SERVER['HTTP_REFERER'] == "cominghost.com" ||
$_SERVER['HTTP_REFERER'] == "www2.cominghost.com"){

// Specific page html goes here

}
else
{
header("Location: index.php");
}
?>

This code not worked for some cases like if the visitor comes from
http://www.cominghost.com/account/targeturl.php or
http://cominghost.com/account/targeturl.php Ok I know the if statement
not working but How?

On The Fly Php Pages
what coding you would use to create pages based off 1 template. For example

http://www.mysite.com/index.php?page=1
http://www.mysite.com/index.php?page=2
http://www.mysite.com/index.php?page=3

So that I can edit changes to all my pages just be editing index.php.

I don't have access to a sql database so I have tried different ways of using the echo command but no luck. Does anyone know how to do this?

Utf-8 Pages And Php 4.1.1
I'm running into a problem with php 4.1.1 on IIS (XP Pro version).
For example writing a page test.php that starts with

<?php session_start(); ?>
<?php echo '<?xml version="1.0"' ?>
<?php echo ' encoding="utf-8" ?>' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Style-Type" content="text/css" />
....

and saving the test.php in UTF-8 format in UltraEdit-32 or SciTE,
then running the page, there's a complaint for session_start() about
headers/page data having already been sent. If the same page is
saved as "plain" ASCII, it works. Any ideas how to get an UTF-8
encoded page to work in php 4.1.1, without upgrading?

Web Pages
i am trying to make a homepage in PHP but something along the same lines as the frames that you can use in HTML, so it allows you to have the different frames for opening different pages, but i was wondering how i would do that within PHP.

Php To Pdf Multiple Pages
I can write a page - no problem.
when I start a second page I cannot open second page.
at the time of a page break I have tried:

php_close_page($sessionname)
php_open_page($sessionname,x-coord, y-coord)
and
php_close_pdi_page($sessionname, $pagename)
php_open_page($sessionname,x-coord, y-coord)
and just
php_open_page($sessionname,x-coord, y-coord)

It always opens and writes the first page but hangs
up when it tries to open the second page.

Secure Pages
I have a login system that checks the database for auth and sends them to the destination according to auth.

Now what I need is some way to secure the pages so you cant go straight to the pages by typing it to the browser. I would like for you to get directed to the login page if you try to go straight to the page(s). Is there some code I can put to keep from viewing the page(s) without logging in first.

PHP In Html Pages?
I have a problem. I need to include a php script in a simple html document on a server that does´nt support php.

I´ve tested following but it does´nt work..
<SCRIPT LANGUAGE="PHP"
SRC="http://www.domain.com/include.php3">

Does anybody know a solution for this problem or is it impossible?

Can I Expire Pages Myself?
I was wondering weather it be possible to have the browser say page expired or if it is posiblw to have a script that will detect the browser back button has been pressed.

Expiring Pages
Just a quick question, is there a way to expire prev pages users look at?

How To Redirect Pages
How can I redirect the URL if URL is underlined. I mean, I made alink to the site with URL. How do I change the site with URL, so that it redirects the browser to the page defined by that URL?

Members Pages On The Fly?
I would like to make a members site, where my members can update their personal page via the web through forums. The pages would be generated by a template. I would also like these member pages to have id=10 so that it is easy to link up.

Caching Pages With Php
In this post I will try to give a view of what is the custom caching with php, why and how we can use it.In the modern days, most of the sites are database driven. That means that your site is actually an application which retrieves data from a DBMS ( database managment system, eg MySQL) , parses the data and shows the result to the user. Most of these data are usually don't change frequently or don't change at all, and the reason that we use the database is that we can easilly update the site and the content.A problem that this process creates is the server overhead. Every time we execute a query in the database, the instance of our script will call the DBMS, and then the DBMS will send the results of the query. This is time consuming, and especcially for sites with heavy traffic is a real big problem.How we can solve this problem?There are two ways to solve this if you want to make your site faster. First is optimizing the quesries, but we will not talk about this at the present article. The second and most valuable is using some kind of custom caching technique. Custom caching with phpFirst let me explain the idea behind custom caching. When we have dynamic pages that their data is not updated frequently, we can use a 'system' that will be able to create the page, and then store it for later use. That means that after the page's creation, our application will not run the queries again in order to display the page, but it will show the cached one. Of course this system must be able to keep the cached pages for a time period that we will set.Let's code itHere is a simple class that will do the job. Let's see the code first:

Updating Pages
I have embedded a PHP script into an IFRAME that queries a MySQL database to post comments. Comments can be added, and in theory, posted immediately. They do if you hit F5, but as soon as I shutdown the browser, go back to the comments page, the new comments are not there, until I hit F5. I've deleted all the temp files from my computer, so it shouldn't be that. I've tried contacting my hosting company, but they have nothing useful to say.

Caching Php Pages?
HOW to make my pages freshly loaded by default. this is a problem when pages get cached that query databases because when you go there you get the cached page as opposed to the page updated with the database's info.

how do you get pages to automatically load themselves from the server, not the cache?

Redirecting Between PHP Pages
Two inter-related questions:

If I'm in PHP page a.php, and I want to switch control to page b.php,
the only mechanism I've come across is to use header('Location:
someURL") ;

This has two drawbacks - it seems inefficient to me - you essentially
have to "bounce" a request/response off the browser to switch between
PHP pages - leaving and returning to PHP just to switch pages, and
also it uses the GET method and, I'd assume, therefore restricts you
on the length of the URL and therefore the number of name/value pairs
you can send before they get truncated.

Q1: Is there an internal PHP server-side page redirection mechanism
that would/could provide a more efficient mechanism for switching
between PHP pages?

Q2: Alternatively, is there a POST equivalent to header("Location:")
that I could use from within PHP to redirect between pages, so that
the number of name/value pairs I could send is unlimited?

CMS W/ Static Pages
I'm looking for an open source php CMS solution that will generate
static html pages.

PHP 4 W/ IIS 6 = Blank PHP Pages
I've installed PHP4 in isapi mode on Win2k3/IIS6. When I try to access a PHP page, it comes back blank. The odd part is that if I just a test page with phpinfo() in it, I get results.

I've tried everything and spent the last 2 hours googling for a solution. Any ideas on why this would be happening?

Redirection Of Pages In Php
First it check the text field, if the text field are not matched with your database values then after cliking the submit button it will show the error message in the same page , but if it matched then it will redirect to the specified page/link.

Generating Pages On The Fly
i have a db lthat i want to publish. it''s full of articles and i want it to work this way: there are ten categories (sex, health,....)once you click one of this category you go to a page where there are some articles (about sex, about health,...).

at this point is my problem. i'd like to find a way to click an article and have the code generating a new page for me with that article. is this possible?

to eplain:
this is sexuology.php with these:
article 1
article 2
article 3

once i click a new page is generated on the fly to let me read the whole article
how can i do.

Search Pages
I am making an application that lets you upload pics to a server and also adds the directory to a DB. Now I just need to display the pics and I want to do it a page a picture. Kinda like a search page. AV or Google style. But instead of a link its a pic and then you can choose to go to the next one by clicking on a link. But the whole time it's one dynamic page pulling info off of a mySQL database.

Dynamic Pages
I am trying to create a page which will automaticlly change the size of
tables/graphics etc based on the screen resolution. Eg, if someone is using
a 800x600 the page layout will utilise this. If the same webpage is
diaplayed on a 1024x768 or 1280X1024 the cells are adjusted according. By
doing something like this could you make the logo change size by using a
percent size in a table cell or is there a better method than tables? If
anyone is able to help with tips or any examples (code or url reference) it
would be appreciated.

Also, what page layout is better to use.. eg.. html, php,asp, etc. The
site will be hosted on apache on a Linux Server.

My Wml/php Pages Are Too Large
Can wml and php pages that are too large be split between multiple pages? If so, how? My wml pages are too large.

Using Variables From Other Pages
Do you know how can use some variables I used in the last pages? I mean, In my first page I gave a variable some value that I used in the second one. Now that I change to a third one, I need that variable again. but if I try to print it there's nothing. How can I get it again? I don't have it saved in a table.

Crawling Web Pages
What I’d like to know is if there’s a feature in PHP that can read web pages, and index them.? I’d like to make a search feature for a forum, and have it crawl the forum pages and index certain words that I’ve specified (probably just nouns) and tally them up. The only thing really stopping me is the function to read the pages.

How To Get Object In Pages !
actually I am using php-java bridge to call some
functions of java from my php page. The value returned are encapsulated
in some object and data in that object are fetched from database. What
I want to do is that when I post my page to same page or other page I
again need that data (or object). I don't want to hit the database
again for same values. So how and where to set the object values. I
think I can set it in request object like in java we do
(request.setAttribute(String, Object)). I am focibly setting the values
like $_REQUEST['list']=somelistObject. But I am not getting the data
after submission of page. same operation with $_SESSION also is not
working. If somebody knows how to do this,