Md5 / Sha1 - Any Real Difference?
I use md5 hash with some of my cookies and occassionally a hidden form
field - I know the physical data on my network is insecure (unless being
served via https) but I was wondering if there are any advantages to using
md5 over sha1 or versa vicea... I know md5 gives me a unique 32bit hash
while sha1 I've read is 'secure' (?) and gives a 40bit hash... Since The
technical webpage on sha1 is lengthy and for the most part over my head...
and other than today, I've never heard of it before... I was wondering if
anyone could offer any comments on it...
View Complete Forum Thread with Replies
Related Forum Messages:
A Real Challenge For Real PHP Programmers
<?php /* A challenge to every PHP programmer.The one who's gonna solve this problem would be deemed as PSP(PHP Supreme Programmer).The problem is this : You have to write a script that displays a list of categories and subcategorieslike this one: <select name="category"> <option value="1">Main</option> <option value="2">Main > Computers</option> <option value="4">Main > Computers > Hardware </option> <option value="8">Main > Computers > Hardware > PC</option> <option value="7">Main > Computers > Hardware > Mac</option> <option value="9">Main > Computers > Hardware > Atari</option> <option value="11">Main > Computers > Hardware > PC > History of Pc</option> <option value="">etc...</option> </select> The categories and subcategories details are stored in these two tables in a MySQL database. -categories : the categories names and ids. -cat_relations : the relations between categories.It shows which subcategory belongs to which category. The belongings between categories can go very deep and the number of categories is unlimited. This script will create the two tables and fill them with sample data. All you need to do is to change the four variables below. You can send the script back to this email : yasbergy@yahoo.com. */ //Here starts the script. Please change the values of these variables to fit your settings $user = "prospective_PSP"; $database = "db"; $server = "localhost" ; $pwd = "" ; //Connection to the database that you created mysql_connect($server,$user,$pwd) ; mysql_select_db($database); //Creation of the two tables : categories and cat_relations $categories = " CREATE TABLE `categories` (`id` INT not null AUTO_INCREMENT, `name` VARCHAR(100) not null , PRIMARY KEY (`id`), INDEX (`id`), UNIQUE (`id`)) comment = 'The categories details' "; mysql_query($categories) ; $cat_relations = "CREATE TABLE `cat_relations` (`id` INT not null AUTO_INCREMENT, `daughter_id` INT not null, `mother_id` INT not null , PRIMARY KEY (`id`), INDEX (`id`), UNIQUE (`id`)) comment = 'Which category is the daughter of which category'"; mysql_query($cat_relations) ; //Filling the two tables with sample data $cats = array('Main','Computers','Countries','Hardware','S oftware','Programming languages','Mac','PC','Atari','Winamp','History of the PC','IBM','Components','High level','USA','NYC','LA','Manhattan','India','Winzi p'); for ($i=0;$i<count($cats);$i++){ $sql = mysql_query("insert into categories (name) values('".$cats[$i]."')"); } mysql_query("insert into cat_relations (daughter_id,mother_id) values (2,1),(3,1),(4,2),(5,2),(6,2),(7,4),(8,4),(9,4),(1 1,8),(12,8),(13,8),(10,5),(20,5),(14,6),(15,3),(16 ,15),(17,15),(18,16),(19,3)"); //Now you can have a look on them through phpMyAdmin ?>
View Replies !
Md5 And Sha1
I'm building a registration/login script: $result = "insert into users (username, password, email) values ('$username', sha1('$password'), '$email')"; I've tested this out by submitting (username1, password1) and (username2, password2) Both "password1" and "password2" are encrypted to the same string: da39a3ee5e6b4b0d3255bfef95601890afd80709 or d41d8cd98f00b204e9800998ecf8427e to be exact....it doesn't matter what I use for the password
View Replies !
MD5() And SHA1()
I realise that both these functions encrypt to a hash of 32 and 40 chars respectively and see the SHA1() is more crytographically secure than MD5() but in the real world just how secure are they? Can they be hacked? I.e on my site what I want to do is protect both user and pw BEFORE calling a MySQL stored procedure which will then do something else to them in the Db. My idea is that then it is secured during and after transit from web server to Db. So if I say SHA1'd user and pw(making sure the password is a alphanumeric string) before calling MySQL, if someone picked them up using a sniffer etc could they work them out?
View Replies !
Sha1 Or Md5?
The manual doesn't say which is better. But someone's comments in md5 chapter suggest sha1 is better. Any expert opinions? Should I use sha1 instead of md5?
View Replies !
MD5 VS SHA1 VS AES_ENCRYPT?
I've been reading up on password encryption and I've always used MD5 but seems like its not very secure any more, so now am wondering what's better MD5 VS SHA1 VS AES_ENCRYPT? AES_ENCRYPT seems like a secure way to encrypt passwords but being able to decrypt them seems a bit cautious. Any one any thought of the best way to encrypt passwords?
View Replies !
Sha1 Implementation
I've experienced a vary strange problem working with PHP and payment gateways. If I use the sha1 function for some string I get the encrypted string, but this function output is different from the one I get using openssl on the command line of a linux machine. Ex: inside a php I write: sha1("12345") in the command line I type: echo 12345 ¦ openssl sha1 The output of both functions is different. However, if I store the string 12345 in a somefile.txt and I use sha1_file() function the result is the same as the standard expects, so following the previous example, when I write: inside a php: sha1_file("somefile.txt") in the command line I type: echo 12345 ¦ openssl sha1 The output of both functions is the same. Anybody knows if this behaviour is normal, and if it is what's it obeying to?
View Replies !
Sha1 Error
To get the password from the database i use this: $password2 = sha1(strip_tags($_POST['user_password'])); echo "password"; i change it so if i was adding to the database? Because when i add a new password its differnt to what it would be if im getting from the database.
View Replies !
Converting Sha1() To String
I generated sha1() string in order to store a password in the table. But i want to know how to retrive back the original password as a normal string in order to send the password to the users who have submitted the forgotten request. I want to know is there any function that i can retireve the password in normal string form.
View Replies !
Sha1 Column Type
I have read several online tutorials advocating storing a sha1() hashed password in a column of type BLOB. As far as I can tell, sha1() always returns a string of 40 characters, regardless of the size of the original input. Is there any reason I can't store this as type CHAR? I am running MySQL 4.1.x.
View Replies !
Decode A Sha1 Encryption
I decided to sha1 passwords into the database for the creation of a user account. When logging into the system, this sql statement works, but I can't figure out how to reverse it, so I'm assuming this is a one-way encryption: PHP Code: $sql = "SELECT email, password, first FROM `account` WHERE `email` = '" . addslashes(htmlspecialchars($AdminID)) . "' AND `password` = '" . sha1(addslashes(htmlspecialchars($AdminPswd))) . "'"; I need to have a statement to retrieve the encryption and decode it for password retrieval (when a user lost their password). Is there a way to decode this or should I choose another encryption technique (2-way) other than the basic base64_decode/base64_encode?
View Replies !
Sha1() Passwd In Mysql Help... (beginner)
For a log-in page I have created a mysql db and user registers with a user name and password. The password field is encrypted with $passwd = sha1($_REQUEST['passwd']); I insert the $passwd in mysql_insert. The password gets encrypted and stored in mysql. Now I want to check if the user has entered the correct password when he logs in. How can I do that.
View Replies !
SHA1 And A Register/login File.
I am getting a couple of errors with a register/login file for a site. Apache version 1.3.39 (Unix) PHP version 5.2.4 MySQL version 5.0.27-standard I added the SHA1 encryption for the passwords, but not, even thought it encrypts, the email column in the MYSQL database does not appear. Meaning there must be another way to encrypt the password properly in the file. Second problem is that the file keeps inserting blank columns into the table of USERS - i.e without any information - so instead of telling me exactly how many users I have, it has like an extra 50 rows of blank info. So something is wrong on the insertion. Code:
View Replies !
Sha1() Undefined Function Error
I am using sha1 function for passwords as in the code below. $uid=sha1($cols['pword']); And I am getting this error; Fatal error: Call to undefined function: sha1() in c:phpdevwwwalaskanerrandslogin.php on line 8 What's up with that?
View Replies !
Encryption - Inserting Data Into A Database Using SHA1
Another n00b question but when inserting data into a database using SHA1 do you need to do this: PHP Code: INSERT INTO $table (`password`) VALUES([b]'sha1($_POST['password'])'[/b]); or something like that, and when retrieving from it: PHP Code: SELECT * FROM $table WHERE sha1($_POST['password']); Or can you just got $_POST['password'] Sorry I dont know how this works. Also what is a snippet for salting a sha1 command.
View Replies !
Getting The REAL Directory?
Is there any way to get the directory/path of the file running the script, not the directory you're inside (Via dir())? I'm allowing the user to navigate through directories, and that part works great - but whenever I attempt to used getcwd(), it returns the directory the user is in - not the directory of the php file - is there any way to get the directory of the .php file the user is using?
View Replies !
Real Estate MLS/IDX
I am trying to program an MLS/IDX search feature to be integrated into a real estate website. This progrom will allow MLS/IDX searching/browsing (searching by MLS #, house variables, etc) and browsing by property location, etc. I have come accross RETS and have tried to go about it, but wow, maybe MLS/IDX is just some mythical database that doesn't exist? If anyone can help me out here. show some code, point me to a resource, tutorial, something that would be some assistance, I would bow down to them, and mail them one, yes, one ice cold root beer.
View Replies !
Resolve Real IP
I can get the apparent IP from $_SERVER['REMOTE_ADDR']; . However, how can I find the real IP if the user is behind a proxy? I know it must be possible as some "whatismyip" sites do it.
View Replies !
Mysql Real
I found this which I think calls for an indepth brain storming. A very good reading [edited by: eelixduppy at 1:06 pm (utc) on Sep. 12, 2007] [edit reason] fixed typo as per request [/edit]
View Replies !
Real-time Output?
I'm a relative PHP newbie, so I apologize if this is a simple question. Anyway, here's my problem. I'm using a PHP script to pre-render a bunchload of insert files for an HTML page. Right now there's about 1,600, but that number could get much, much higher when the site goes live. I'll only need to re-render the whole batch once or twice a year (if that) but it's still something I'd like to be able to do in case I have to move the site to a different server, or there's a hard drive crash or etc. Basically what the script does is grab a whole bunch of information from a database and write the insert file. It does this for every single one. The problem of course, is that PHP by default does all this server-side, and then sends it to the browser. Because this process takes like ten or twenty minutes to do, the browser times out long before it's finished. Is there a way to get progressive output with PHP? Or do I need to re-do this in another language like Perl?
View Replies !
Real Length Of Arrays
Sometimes, I want to know how many elements are really in an array (php3). The count() and sizeof() functions apparently return the number of non-empty array elements, and if you do a while loop checking for empty will stop on the first empty element. I have been using the following function: function truecount($theArray) { if (is_array($theArray)) { end($theArray); return key($theArray); } } but if the key is non-numeric, won't that trip me up? Anyone have a better solution?
View Replies !
Real Time Chat
There's anyone out there that can give me a light on real time chat using sockets. I've seen some using push technics but they all hang up after an elapsed amount of time.
View Replies !
Htmlspecialchars/real Escape
I'm creating a BBCode parser, and everything's working but one thing; I need code tags, but I will need to real_escape/htmlspecialchars the post to make sure it isn't malicious. The only problem is if I real_escape with code tags that contain php, the php will be removed. If I specialchars the post with php, I can't have syntax highlighting (or, not easily). How do I get round this?
View Replies !
Real IP Address From Behind Proxy Or NAT
How to get the real IP address of a user, not that of their proxy server or the external NAT address. I was quite sure that this wasn't possible without some kind of process getting the address on the client machine. I have suggested that these sites could be using Java to get the real IP address, however, I could be wrong and for me the script that I found always returns 127.0.0.1 . This suggests to me that any script attempting to obtain the hosts real IP address infarct rely s on the HTTP-X-FORWARDED-FOR header sent by the proxy server...
View Replies !
Real-time Clock
Where should I start to write a Real-time Clock? I want it be dynamic, not static. I know how to get the time and display it but how do I keep changing it ?
View Replies !
My Real Estate Scripts
I have been writing a real estate agency program and its coming on well but taking longer than I thought. Also I think I am just re-inventing the wheel as I guess like BB scripts there are probably good free ones already writen in php and using mysql ? Can anyone recommend one.? can then continue learning while adapting it to my purposes.
View Replies !
REAL E-mail Validation
if there is a way to actually send an e-mail to the server and see if it bounces or not? What I'm trying to do is require users to enter a valid e-mail address on the front page before entering the site. I don't want to do simple character validation (check for @ and no special chars, etc, etc) but actually see if the e-mail account truly exists before letting them into the site.
View Replies !
Real-time Chat
I wrote a PHP chat system similar to gChat which simply uses constant ajax calls to update the chat. This system is fine for a few users, but with potentially thousands of users, it is much too hard on the server. I've been considering taking the 'Comet' route, but have heard that PHP can't handle Comet very well. What would be the best language/API to perform real-time chat for a large user-base?
View Replies !
Real Time Sql Query
I am making a web-based chat but to get the msg from the database i need to refresh the page and that will make load and extra bandwidth on the server so i want to make the query in real time ( only the new msg to be received without refresh the whole page ), Any one in here knows how to get data from sql database without having to refresh page.
View Replies !
Mysql Real Escape
Upon entry into the database, I first clean form input data with html special characters, strip tags, and mysql real escape string. When I retrieve this data from the db, single quotes aren't coming out right on the pages. Some browsers display a question mark, others a blank space, and another (FireFox) totally screws up the text formatting.
View Replies !
Real Escape String
How can i add a escape string to this php mysql query. mysql_query('insert into times (code, date, time, duration) values ("'.$course_code.'","'.$date_inSQL.'","'.$time_inSQL.'","'.$duration.'" )');
View Replies !
Real Audio Download Limiter
i'm running a site with .ra and .ram files, when some visitor download or stream all these files at the same time it causes an huge bandwidth consumption. so i'd like to limit the download per each IP to a certain number of .ra and .ram files at time. i wonder if i can use some php script with cookies session but i'm new to this and i don't know where to start.
View Replies !
Real Time Echo'ing Of Var In A Loop
i have a big loop, and rather then waiting until its done for me too see what happened, every time it runs, how can i get the browser to echo the result, and proceed to keep running the loop. basically this loop takes a long time to finish, and i had to set my max runtime past 30 seconds. i guess incorporating a refresh of some sort like this would eliminate the need for the time extension too?
View Replies !
PHP Template Redirecting To Real Video
I've developed a RealVideo content management system w/ PHP and MySQL. On the back end is a form that sends a Real Video file (.rm) and writes the filename to a database. On the front end is a PHP template that pulls the filename from the database and outputs a string that is read in by a Flash movie. The Flash movie reads in the file location and places HTML-encoded text inside a text field that says "Launch Video." All works fine -- the Flash movie launches the Real Video file, and the file plays correctly. There's only one problem: the Real Video doesn't stream. In order for a Real Server to stream a Real Video file, a "stub" file with the extension .ram needs to be placed in the root directory. The only content in these .ram files is a URL pointing to the actual .rm file, and it's written in this format: pnm://ra.domainName.com/realvideoFile.rm My problem: The form is sending a Real Video file and the receiving page is copying it to the server as well as inserting a record into my database, but it can't write a .ram file to the root directory because to do so I'd have to adjust permissions accordingly (PHP is part of group Apache). That's unacceptable; I won't adjust permissions on the root directory. My solution was to create a redirector that acts as the stub file: PHP Code:
View Replies !
Is Gmail Homepage Real Ajax?
I saw gmail's storage size on mail.google.com. It was counting size like "Over 2728.845439 megabytes". then increasing... but my dialup connection disconnected I don't understand howto count storage size, when my pc disconnected internet. is it real 2728.845439 MB? or only text?
View Replies !
Stripping Commas From Real Numbers
I have an HTML form in a PHP script which queries the user for a dollar amount of sales. If a user enters "1,000,000" rather than "1000000" for 1 million, PHP (or MySQL?) treats the commas as a decimal and "1" is entered in the database. A simple work-around is to simply advise the user "Please enter numbers only, no commas or $'s" but this seems awkward. Is there a built in function or another easy way to have commas and currency signs stripped out of form-entered data?
View Replies !
Exploding At Real Breaks Not Wraps
I am working on reading my pop3 email , and I am trying to return the header data using the function, I get this fine. The question I have is since there is no consistency to the rows, I want to take each row of data, not a wrap of a long line, any idea beyond checking if it has a : in it???
View Replies !
Creating A Real Estate Site
I am intereted in creating a real estate where I can place house for people to view. I would like to have each room viewable, customer login area, quote for house, 360 degree view of the room, slick looking site. Is there a script that will enable me to do such a thing, or do I need it created from scratch?
View Replies !
Real Time Form Update
i have a script that i wrote for my clan/guild/linkshell in this online game i play that keeps track of members, the points they receive from events, items etc. in the admin panel of the script where you can update peoples points i want to know if i can add a button or something similar that if you push it updates the points which is currently in another text box in the same form in real time. I'm sorry if i'm not being clear, what i'm trying to do it make it quicker to update a members points because usually after each event they receive either 10 or 20 so i want to add a button where if you push it then it will put 10 or 20 in the 'add' box in real time. right now when you edit a member it shows their current points in a text box and under that two text boxes, one if you want to add points and another if you want to subtract points. if this isnt possible then i assume that i'd have to make it update the points in the box and keep all the values from before and just reload the page with the new value inside the box. wow, i'm sorry if i'm not very clear, please ask questions if you dont understand what i'm trying to say.
View Replies !
Real-time Action Ala Games??
What would be a proper solution for automated decision making in a PHP script, like a game? That is, without an external application, or any human input. For example, any random event that happens when the player is away from the game. How would one go about implementing that?
View Replies !
Real Time Listbox Update
I have one listbox that I populate with while($row = mysql_fetch_array($result, MYSQL_ASSOC) I need to in real time populate another listbox from a related table based on what they have currently selected in the first listbox. Is this possible with php and if so.
View Replies !
Degugger On 5.2.2 (xampp 1.6.2) Real Brainer
I tried to get php dbg debugger working on my machine but it doesn't work at all. Ok, what i did: copied php_dbg-5.2.x.dll (for PHP 5.2.x version) into my xampp/php/ext directory next, modified /xampp/apache/bin/php.ini file appending: Code:
View Replies !
How Convert Http:// Text To Real Hyperlink?
I have some texts in MySQL databases. When I show this texts in webpages using PHP, I need to convert every ocurrence of http://blablabla.com to <a href='http://blablabla.com'>http://blablabla.com</a> , so my text will really became 'active'. The people who wrote the texts don't know HTML tags so I can't ask them to write explicity <a...> </a> commands. The problem is the same with text that contains the @ charactere, as name@mailserver.com . I have to change this to <a href='mailto:name@mailserver.com'>name@mailserver.com</a>. Please, I don't know how to use regular expression. I think It can make this replacemments very easy..
View Replies !
Checking If Email Address Is Live And Real?
There's all kinds of ways to validate an email address to make sure it's well formed and whatnot, but what about checking to see if it's a valid e-mail account? Like how you can use checkdnsrr() to check to see if a URL is valid. I know finger used to be used at one time, no? But server block finger requests, and I'm not sure many e-mail accounts out there are even fingerable type accounts anyway.
View Replies !
|
TRACKER
