PHP to md5 the $var before it reaches MySQL"s gen query log

Greetings to All,
I am having difficulty in 'md5'ing a $var in a function before it is
placed into the ("INSERT INTO table...

The whole point is I don't want the MySQL DB logs showing my $var's
password and username 'before' it is encrypted by MySQL's md5.

When MySQL receives PHP's encrypted $var the log shows query INSERT with
the 32 bits but it is not inserted into the DB.

MySQL will not accept the $var's in the code that is commented out.
It shows no errors by the way.
MySQL accepts what is shown, but this is not as I explained what I want.
Thanks In Advance,
Chetan

mysql_query("CREATE TABLE IF NOT EXISTS docproedit (
id int(11) NOT NULL auto_increment,
username BLOB NOT NULL default '',
password BLOB NOT NULL default '',
TimeEnter timestamp,
PRIMARY KEY (id)
)
ENGINE=MyISAM;")or die('Create Died' . mysql_error());


$db_server='localhost';
$db_user='root';
$db_pass='somepassword';
$db_name='aims site';
$tbl_name='docproedit';
$con = mysql_connect($db_server,$db_user,$db_pass) or die(mysql_error());
$q=mysql_select_db($db_name, $con) or die(mysql_error());

function addNewUser($username,$password){
global $q;
global $tbl_name;
global $con;
//$user=md5($username);
//$pass=md5($password);
//mysql_query("INSERT INTO $tbl_name
(username,password)VALUES('$user'),('$pass')");
$user=$username;
$pass=$password;
mysql_query("INSERT INTO $tbl_name
(username,password)VALUES(md5('$user'),md5('$pass'))");
return mysql_query($q,$con);
}
?>
$username="somename";
$password="somepassword";

addNewUser($username,$password);
echo "

New User Added!

Re: PHP to md5 the $var before it reaches MySQL"s gen query log

username BLOB NOT NULL default '',
password BLOB NOT NULL default '',

do you try
username varchar 50,
password varchar 50??

i'm just ask..
sry, hope that's can solve your problem

----- Original Message -----
From: "Chetan Graham"
To:
Sent: Saturday, May 12, 2007 4:28 PM
Subject: [PHP-DB] PHP to md5 the $var before it reaches MySQL's gen query
log


> Greetings to All,
> I am having difficulty in 'md5'ing a $var in a function before it is
> placed into the ("INSERT INTO table...
>
> The whole point is I don't want the MySQL DB logs showing my $var's
> password and username 'before' it is encrypted by MySQL's md5.
>
> When MySQL receives PHP's encrypted $var the log shows query INSERT with
> the 32 bits but it is not inserted into the DB.
>
> MySQL will not accept the $var's in the code that is commented out.
> It shows no errors by the way.
> MySQL accepts what is shown, but this is not as I explained what I want.
> Thanks In Advance,
> Chetan
>
> mysql_query("CREATE TABLE IF NOT EXISTS docproedit (
> id int(11) NOT NULL auto_increment,
> username BLOB NOT NULL default '',
> password BLOB NOT NULL default '',
> TimeEnter timestamp,
> PRIMARY KEY (id)
> )
> ENGINE=MyISAM;")or die('Create Died' . mysql_error());
>
>
> > $db_server='localhost';
> $db_user='root';
> $db_pass='somepassword';
> $db_name='aims site';
> $tbl_name='docproedit';
> $con = mysql_connect($db_server,$db_user,$db_pass) or die(mysql_error());
> $q=mysql_select_db($db_name, $con) or die(mysql_error());
>
> function addNewUser($username,$password){
> global $q;
> global $tbl_name;
> global $con;
> //$user=md5($username);
> //$pass=md5($password);
> //mysql_query("INSERT INTO $tbl_name
> (username,password)VALUES('$user'),('$pass')");
> $user=$username;
> $pass=$password;
> mysql_query("INSERT INTO $tbl_name
> (username,password)VALUES(md5('$user'),md5('$pass'))");
> return mysql_query($q,$con);
> }
> ?>
> > $username="somename";
> $password="somepassword";
>
> addNewUser($username,$password);
> echo "

New User Added!

Re: PHP to md5 the $var before it reaches MySQL"s genquery log

Hey Bedul,
I dropped the table and recreated it with VARCHAR (50) for both. (The reason
I like BLOB is when you edit the table all you see is BLOB until you have
the permission to open it to binary or text.

Here is the log message:

070512 16:36:07 35 Connect root@localhost on
35 Init DB aims site
35 Query INSERT INTO docproedit (username,password)VALUES

('61d46e51e01c5c77ffb9a60f00a842a1'),('2ccd89b67324dd915dd2d 286f613332e')
35 Query INSERT INTO docproedit
(username,password)VALUES(md5('mata's'),md5('blessing'))
35 Query 1
35 Quit

Now neither INSERT works. Do you know what the '1' is by the way?
With BLOB at least one worked with inserting $var's in the values.
This seems like a silly problem.
There must be some way to do this proper. I'm just a baby at this.
Blessings,
Chetan




Bedul says:


bedul wrote:
>
> username BLOB NOT NULL default '',
> password BLOB NOT NULL default '',
>
> do you try
> username varchar 50,
> password varchar 50??
>
> i'm just ask..
> sry, hope that's can solve your problem
>
> ----- Original Message -----
> From: "Chetan Graham"
> To:
> Sent: Saturday, May 12, 2007 4:28 PM
> Subject: [PHP-DB] PHP to md5 the $var before it reaches MySQL's gen query
> log
>
>
>> Greetings to All,
>> I am having difficulty in 'md5'ing a $var in a function before it is
>> placed into the ("INSERT INTO table...
>>
>> The whole point is I don't want the MySQL DB logs showing my $var's
>> password and username 'before' it is encrypted by MySQL's md5.
>>
>> When MySQL receives PHP's encrypted $var the log shows query INSERT with
>> the 32 bits but it is not inserted into the DB.
>>
>> MySQL will not accept the $var's in the code that is commented out.
>> It shows no errors by the way.
>> MySQL accepts what is shown, but this is not as I explained what I want.
>> Thanks In Advance,
>> Chetan
>>
>> mysql_query("CREATE TABLE IF NOT EXISTS docproedit (
>> id int(11) NOT NULL auto_increment,
>> username BLOB NOT NULL default '',
>> password BLOB NOT NULL default '',
>> TimeEnter timestamp,
>> PRIMARY KEY (id)
>> )
>> ENGINE=MyISAM;")or die('Create Died' . mysql_error());
>>
>>
>> >> $db_server='localhost';
>> $db_user='root';
>> $db_pass='somepassword';
>> $db_name='aims site';
>> $tbl_name='docproedit';
>> $con = mysql_connect($db_server,$db_user,$db_pass) or die(mysql_error());
>> $q=mysql_select_db($db_name, $con) or die(mysql_error());
>>
>> function addNewUser($username,$password){
>> global $q;
>> global $tbl_name;
>> global $con;
>> //$user=md5($username);
>> //$pass=md5($password);
>> //mysql_query("INSERT INTO $tbl_name
>> (username,password)VALUES('$user'),('$pass')");
>> $user=$username;
>> $pass=$password;
>> mysql_query("INSERT INTO $tbl_name
>> (username,password)VALUES(md5('$user'),md5('$pass'))");
>> return mysql_query($q,$con);
>> }
>> ?>
>> >> $username="somename";
>> $password="somepassword";
>>
>> addNewUser($username,$password);
>> echo "

New User Added!

Re: PHP to md5 the $var before it reaches MySQL"s genquery log

Hey Bedul,
My mistake as md5 on MySQL side still works. I put an extra ' in the
passwords value by mistake. I corrected it.
Still no error from MySQL I can not tell the difference from either INSERT
in the log as both look the same(except one is binary 32bits and the other
md5('text').

Still haven't figured this silly problem out.
Thanks for your quick help though.
Chetan


Chetanji wrote:
>
> Hey Bedul,
> I dropped the table and recreated it with VARCHAR (50) for both. (The
> reason I like BLOB is when you edit the table all you see is BLOB until
> you have the permission to open it to binary or text.
>
> Here is the log message:
>
> 070512 16:36:07 35 Connect root@localhost on
> 35 Init DB aims site
> 35 Query INSERT INTO docproedit (username,password)VALUES
>
> ('61d46e51e01c5c77ffb9a60f00a842a1'),('2ccd89b67324dd915dd2d 286f613332e')
> 35 Query INSERT INTO docproedit
> (username,password)VALUES(md5('mata's'),md5('blessing'))
> 35 Query 1
> 35 Quit
>
> Now neither INSERT works. Do you know what the '1' is by the way?
> With BLOB at least one worked with inserting $var's in the values.
> This seems like a silly problem.
> There must be some way to do this proper. I'm just a baby at this.
> Blessings,
> Chetan
>
>
>
>
> Bedul says:
>
>
> bedul wrote:
>>
>> username BLOB NOT NULL default '',
>> password BLOB NOT NULL default '',
>>
>> do you try
>> username varchar 50,
>> password varchar 50??
>>
>> i'm just ask..
>> sry, hope that's can solve your problem
>>
>> ----- Original Message -----
>> From: "Chetan Graham"
>> To:
>> Sent: Saturday, May 12, 2007 4:28 PM
>> Subject: [PHP-DB] PHP to md5 the $var before it reaches MySQL's gen query
>> log
>>
>>
>>> Greetings to All,
>>> I am having difficulty in 'md5'ing a $var in a function before it is
>>> placed into the ("INSERT INTO table...
>>>
>>> The whole point is I don't want the MySQL DB logs showing my $var's
>>> password and username 'before' it is encrypted by MySQL's md5.
>>>
>>> When MySQL receives PHP's encrypted $var the log shows query INSERT with
>>> the 32 bits but it is not inserted into the DB.
>>>
>>> MySQL will not accept the $var's in the code that is commented out.
>>> It shows no errors by the way.
>>> MySQL accepts what is shown, but this is not as I explained what I want.
>>> Thanks In Advance,
>>> Chetan
>>>
>>> mysql_query("CREATE TABLE IF NOT EXISTS docproedit (
>>> id int(11) NOT NULL auto_increment,
>>> username BLOB NOT NULL default '',
>>> password BLOB NOT NULL default '',
>>> TimeEnter timestamp,
>>> PRIMARY KEY (id)
>>> )
>>> ENGINE=MyISAM;")or die('Create Died' . mysql_error());
>>>
>>>
>>> >>> $db_server='localhost';
>>> $db_user='root';
>>> $db_pass='somepassword';
>>> $db_name='aims site';
>>> $tbl_name='docproedit';
>>> $con = mysql_connect($db_server,$db_user,$db_pass) or
>>> die(mysql_error());
>>> $q=mysql_select_db($db_name, $con) or die(mysql_error());
>>>
>>> function addNewUser($username,$password){
>>> global $q;
>>> global $tbl_name;
>>> global $con;
>>> //$user=md5($username);
>>> //$pass=md5($password);
>>> //mysql_query("INSERT INTO $tbl_name
>>> (username,password)VALUES('$user'),('$pass')");
>>> $user=$username;
>>> $pass=$password;
>>> mysql_query("INSERT INTO $tbl_name
>>> (username,password)VALUES(md5('$user'),md5('$pass'))");
>>> return mysql_query($q,$con);
>>> }
>>> ?>
>>> >>> $username="somename";
>>> $password="somepassword";
>>>
>>> addNewUser($username,$password);
>>> echo "

New User Added!

Re: PHP to md5 the $var before it reaches MySQL"s genquery log

Once again sorry to all for indulging you. I have found the answer, plus a
little additional security on the this.
Here is the code that works with additional encrypting of the md5 from PHP.
My syntax was incorrect before.
Bedul got me thinking by changing the BLOB to VARCHAR. That led to the
answer.
Blessings,
Chetan


function addNewUser($username,$password){
global $q;
global $tbl_name;
global $con;
$usrname=md5($username);
$passname=md5($password);

//hash then encrypt a string
function Encrypt($string) {$crypted = crypt(md5($string),
md5($string));return $crypted; }

$user = encrypt($usrname);
$pass = encrypt($passname);

mysql_query("INSERT INTO $tbl_name
(username,password)VALUES('$user','$pass')");

return mysql_query($q,$con);

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;



Chetanji wrote:
>
> Hey Bedul,
> My mistake as md5 on MySQL side still works. I put an extra ' in the
> passwords value by mistake. I corrected it.
> Still no error from MySQL I can not tell the difference from either INSERT
> in the log as both look the same(except one is binary 32bits and the
> other md5('text').
>
> Still haven't figured this silly problem out.
> Thanks for your quick help though.
> Chetan
>
>
> Chetanji wrote:
>>
>> Hey Bedul,
>> I dropped the table and recreated it with VARCHAR (50) for both. (The
>> reason I like BLOB is when you edit the table all you see is BLOB until
>> you have the permission to open it to binary or text.
>>
>> Here is the log message:
>>
>> 070512 16:36:07 35 Connect root@localhost on
>> 35 Init DB aims site
>> 35 Query INSERT INTO docproedit (username,password)VALUES
>>
>> ('61d46e51e01c5c77ffb9a60f00a842a1'),('2ccd89b67324dd915dd2d 286f613332e')
>> 35 Query INSERT INTO docproedit
>> (username,password)VALUES(md5('mata's'),md5('blessing'))
>> 35 Query 1
>> 35 Quit
>>
>> Now neither INSERT works. Do you know what the '1' is by the way?
>> With BLOB at least one worked with inserting $var's in the values.
>> This seems like a silly problem.
>> There must be some way to do this proper. I'm just a baby at this.
>> Blessings,
>> Chetan
>>
>>
>>
>>
>> Bedul says:
>>
>>
>> bedul wrote:
>>>
>>> username BLOB NOT NULL default '',
>>> password BLOB NOT NULL default '',
>>>
>>> do you try
>>> username varchar 50,
>>> password varchar 50??
>>>
>>> i'm just ask..
>>> sry, hope that's can solve your problem
>>>
>>> ----- Original Message -----
>>> From: "Chetan Graham"
>>> To:
>>> Sent: Saturday, May 12, 2007 4:28 PM
>>> Subject: [PHP-DB] PHP to md5 the $var before it reaches MySQL's gen
>>> query
>>> log
>>>
>>>
>>>> Greetings to All,
>>>> I am having difficulty in 'md5'ing a $var in a function before it is
>>>> placed into the ("INSERT INTO table...
>>>>
>>>> The whole point is I don't want the MySQL DB logs showing my $var's
>>>> password and username 'before' it is encrypted by MySQL's md5.
>>>>
>>>> When MySQL receives PHP's encrypted $var the log shows query INSERT
>>>> with
>>>> the 32 bits but it is not inserted into the DB.
>>>>
>>>> MySQL will not accept the $var's in the code that is commented out.
>>>> It shows no errors by the way.
>>>> MySQL accepts what is shown, but this is not as I explained what I
>>>> want.
>>>> Thanks In Advance,
>>>> Chetan
>>>>
>>>> mysql_query("CREATE TABLE IF NOT EXISTS docproedit (
>>>> id int(11) NOT NULL auto_increment,
>>>> username BLOB NOT NULL default '',
>>>> password BLOB NOT NULL default '',
>>>> TimeEnter timestamp,
>>>> PRIMARY KEY (id)
>>>> )
>>>> ENGINE=MyISAM;")or die('Create Died' . mysql_error());
>>>>
>>>>
>>>> >>>> $db_server='localhost';
>>>> $db_user='root';
>>>> $db_pass='somepassword';
>>>> $db_name='aims site';
>>>> $tbl_name='docproedit';
>>>> $con = mysql_connect($db_server,$db_user,$db_pass) or
>>>> die(mysql_error());
>>>> $q=mysql_select_db($db_name, $con) or die(mysql_error());
>>>>
>>>> function addNewUser($username,$password){
>>>> global $q;
>>>> global $tbl_name;
>>>> global $con;
>>>> //$user=md5($username);
>>>> //$pass=md5($password);
>>>> //mysql_query("INSERT INTO $tbl_name
>>>> (username,password)VALUES('$user'),('$pass')");
>>>> $user=$username;
>>>> $pass=$password;
>>>> mysql_query("INSERT INTO $tbl_name
>>>> (username,password)VALUES(md5('$user'),md5('$pass'))");
>>>> return mysql_query($q,$con);
>>>> }
>>>> ?>
>>>> >>>> $username="somename";
>>>> $password="somepassword";
>>>>
>>>> addNewUser($username,$password);
>>>> echo "

New User Added!

POSTing values to other page

I am trying to send POST values from one page to another, they are too
long to be handled by GET.

page1.php

page2.php

I've tried in page1

$str="?";
foreach($_POST as $name=>$value) {
$str.=$name."=".$value."&";
}
header("Location: http://host/path/page2.php$str");

gives:

*Warning*: Header may not contain more than a single header, new line
detected. in */path/page1.php* on line *13*

There must be a better way of doing this and it must be pretty well
known. Any ideas?

John

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: POSTing values to other page

------=_Part_73173_27909367.1179092288387
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Why not put them into session variables? Have you tried that?

On 5/13/07, ioannes wrote:
>
> I am trying to send POST values from one page to another, they are too
> long to be handled by GET.
>
> page1.php
>
> page2.php
>
> I've tried in page1
>
> $str="?";
> foreach($_POST as $name=>$value) {
> $str.=$name."=".$value."&";
> }
> header("Location: http://host/path/page2.php$str");
>
> gives:
>
> *Warning*: Header may not contain more than a single header, new line
> detected. in */path/page1.php* on line *13*
>
> There must be a better way of doing this and it must be pretty well
> known. Any ideas?
>
> John
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

------=_Part_73173_27909367.1179092288387--

Re: POSTing values to other page

ioannes wrote:
> I am trying to send POST values from one page to another, they are too
> long to be handled by GET.

Either use the session or use curl (http://www.php.net/curl)

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: PHP to md5 the $var before it reaches MySQL"s gen querylog

Chetan Graham wrote:
> Greetings to All,
> I am having difficulty in 'md5'ing a $var in a function before it is
> placed into the ("INSERT INTO table...
>
> The whole point is I don't want the MySQL DB logs showing my $var's
> password and username 'before' it is encrypted by MySQL's md5.
>
> When MySQL receives PHP's encrypted $var the log shows query INSERT with
> the 32 bits but it is not inserted into the DB.
>
> MySQL will not accept the $var's in the code that is commented out.
> It shows no errors by the way.
> MySQL accepts what is shown, but this is not as I explained what I want.
> Thanks In Advance,
> Chetan
>
> mysql_query("CREATE TABLE IF NOT EXISTS docproedit (
> id int(11) NOT NULL auto_increment,
> username BLOB NOT NULL default '',
> password BLOB NOT NULL default '',
> TimeEnter timestamp,
> PRIMARY KEY (id)
> )
> ENGINE=MyISAM;")or die('Create Died' . mysql_error());
>
>
> > $db_server='localhost';
> $db_user='root';
> $db_pass='somepassword';
> $db_name='aims site';
> $tbl_name='docproedit';
> $con = mysql_connect($db_server,$db_user,$db_pass) or die(mysql_error());
> $q=mysql_select_db($db_name, $con) or die(mysql_error());
>
> function addNewUser($username,$password){
> global $q;
> global $tbl_name;
> global $con;
> //$user=md5($username);
> //$pass=md5($password);
> //mysql_query("INSERT INTO $tbl_name
> (username,password)VALUES('$user'),('$pass')");

You need to use mysql_real_escape_string in your queries so things like
' and " get escaped properly.

Otherwise you end up with:

$username = "my 'username";
$password = "my 'password";
insert into table(username, password) values ('my 'username', 'my
'password');

This is called sql injection and you need to check to make sure they are
escaped.

Please read http://phpsec.org/projects/guide/3.html

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

$_POST["mypassword"]; ***Undefined index: mypassword

To All a Welcome,

All the errors are gone but this nagging one. I am running a login script
and getting this error...

To bring the username and password into the processing script I am doing it
this way, and having trouble.
I have spent too many hours working on this one issue. Please help someone.
Blessings, Chetan

$myusername=$_POST["myusername"];
$mypassword=$_POST["mypassword"];

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::
Notice: Undefined index: myusername in
C:\Inetpub\wwwroot\AimsSite\docproedit\checklogin.php on line 12

Notice: Undefined index: mypassword in
C:\Inetpub\wwwroot\AimsSite\docproedit\checklogin.php on line 13
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::
The login script is simple HTML using.....

Re: $_POST["mypassword"]; ***Undefined index: mypassword

I corrected a small spelling error to make the situation more understandable.
Everything is the same I am stuck!
Thanks in Advance, Chetanji

Chetanji wrote:
>
>
>
> All the errors are gone but this nagging one. I am running a login script
> and getting this error...
>
> To bring the username and password into the processing script I am doing
> it this way, and having trouble.
> I have spent too many hours working on this one issue. Please help
> someone.
> Blessings, Chetan
>
> $myusername=$_POST["myusername"];
> $mypassword=$_POST["mypassword"];
>
> :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::
> Notice: Undefined index: myusername in
> C:\Inetpub\wwwroot\AimsSite\docproedit\login.php on line 13
>
> Notice: Undefined index: mypassword in
> C:\Inetpub\wwwroot\AimsSite\docproedit\login.php on line 13
> :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::
> The login script is simple HTML using.....
>
>
>
>
>
>
> Note: "Flogin.html is where you log on; login.php, the script below,
> processes the password and username."
>
> Here is the Code...
>
> > ob_start();session_start();
> /************************************************
> *********Login.php Begin End************
> ************************************************/
> /**
> ** Process username 1st by md5, then Encrypt,
> ** then compare with appropiate password in DB.
> **/
>
> session_register("myusername"); session_register("mypassword");
> $db_name='aims site'; $tbl_name='docproedit'; $db_server='localhost';
> $db_user='root';
> $db_pass='somepass';$myusername=$_POST["myusername"];$mypass word=$_POST["mypassword"];
> $auth = false;
>
> //----Encrypting begins for username and password
> //----entered by the user on login page.
> $uname=$myusername;
> $pname=$mypassword;
> hashinput($uname,$pname);
>
> //----The hash function, which includes the encrypt function.
> function hashinput($uname,$pname){
> global $user; global $pass; global $uname; global $pname; global $p;
> $usrname=md5($uname);
> $passname=md5($pname);
>
> //----the Encrypt function.
> function Encrypt($string) {$Encryption = crypt(md5($string),
> md5($string));return $Encryption;}
> $user = encrypt($usrname);
> $p = encrypt($passname);
> }
>
> //----Connecting with DB, selecting array from DB to analyze.
> $linkID = mysql_connect($db_server, $db_user, $db_pass);
> mysql_select_db("$db_name", $linkID);
> $result = mysql_query("SELECT password FROM docproedit WHERE username =
> '$user'", $linkID);
> $pass = mysql_fetch_row($result);
> mysql_close($linkID);
>
> //----Based on the comparision of encryped "login" username
> //----against the permanent DB password, $auth is 1 if 'good' login, and 0
> if 'bad'.
> if ($pass[0] === $p) {
> $auth = true;
> if ($auth = 1) {
> echo " > content=\"0;url=http://localhost/aimssite/docproedit/welcome .html\">";
> return;
> }
> }
> return $auth;
>
> ob_end_flush();
>
> /************************************************
> *************Function Loginphp End***************
> ************************************************/
>
>
>

--
View this message in context: http://www.nabble.com/PHP-to-md5-the-%24var-before-it-reache s-MySQL%27s-gen-query-log-tf3731340.html#a10602633
Sent from the Php - Database mailing list archive at Nabble.com.

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: $_POST["mypassword"]; ***Undefined index: mypassword

On 5/14/07, Chetanji wrote:
>
> I corrected a small spelling error to make the situation more understandable.
> Everything is the same I am stuck!
> Thanks in Advance, Chetanji
>
> Chetanji wrote:
> >
> >
> >
> > All the errors are gone but this nagging one. I am running a login script
> > and getting this error...
> >
> > To bring the username and password into the processing script I am doing
> > it this way, and having trouble.
> > I have spent too many hours working on this one issue. Please help
> > someone.
> > Blessings, Chetan
> >
> > $myusername=$_POST["myusername"];
> > $mypassword=$_POST["mypassword"];
> >
> > :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::
> > Notice: Undefined index: myusername in
> > C:\Inetpub\wwwroot\AimsSite\docproedit\login.php on line 13
> >
> > Notice: Undefined index: mypassword in
> > C:\Inetpub\wwwroot\AimsSite\docproedit\login.php on line 13
> >

Those messages mean that the variables $_POST["myusername"] and
$_POST["mypassword"]; are not set.
Try dumping the $_POST array "var_dump($_POST);" , to see what is in
there, before you assign the values to $mypassword and $myusername.

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: $_POST["mypassword"]; ***Undefined index: mypassword

------=_Part_27989_21329922.1179157502272
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit


Thanks for the reply, this is the only output before and after the
$_POST....

array(0) { } ......that's it

I still have the two Notice's from PHP.
But the program works otherwise, in checking the DB for the hashed
password...
that matches the typed in username ...
that is then hashed itself
in the login.php program.
It works and doesn't 'auth' for incorrect user/pass combinations.
However, I do not like running programs that kick out 'errors' of any kind.
It seems to always lead to unpredictable situations that are a problem.
Any other ideas?
Thanks,
Chetanji



Chetanji wrote:
>
> I corrected a small spelling error to make the situation more
> understandable. Everything is the same I am stuck!
> Thanks in Advance, Chetanji
>
> Chetanji wrote:
>>
>>
>>
>> All the errors are gone but this nagging one. I am running a login
>> script and getting this error...
>>
>> To bring the username and password into the processing script I am doing
>> it this way, and having trouble.
>> I have spent too many hours working on this one issue. Please help
>> someone.
>> Blessings, Chetan
>>
>> $myusername=$_POST["myusername"];
>> $mypassword=$_POST["mypassword"];
>>
>> :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::
>> Notice: Undefined index: myusername in
>> C:\Inetpub\wwwroot\AimsSite\docproedit\login.php on line 13
>>
>> Notice: Undefined index: mypassword in
>> C:\Inetpub\wwwroot\AimsSite\docproedit\login.php on line 13
>> :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::
>> The login script is simple HTML using.....
>>
>>
>>
>>
>>
>>
>> Note: "Flogin.html is where you log on; login.php, the script below,
>> processes the password and username."
>>
>> Here is the Code...
>>
>> >> ob_start();session_start();
>> /************************************************
>> *********Login.php Begin End************
>> ************************************************/
>> /**
>> ** Process username 1st by md5, then Encrypt,
>> ** then compare with appropiate password in DB.
>> **/
>>
>> session_register("myusername"); session_register("mypassword");
>> $db_name='aims site'; $tbl_name='docproedit'; $db_server='localhost';
>> $db_user='root';
>> $db_pass='somepass';$myusername=$_POST["myusername"];$mypass word=$_POST["mypassword"];
>> $auth = false;
>>
>> //----Encrypting begins for username and password
>> //----entered by the user on login page.
>> $uname=$myusername;
>> $pname=$mypassword;
>> hashinput($uname,$pname);
>>
>> //----The hash function, which includes the encrypt function.
>> function hashinput($uname,$pname){
>> global $user; global $pass; global $uname; global $pname; global $p;
>> $usrname=md5($uname);
>> $passname=md5($pname);
>>
>> //----the Encrypt function.
>> function Encrypt($string) {$Encryption = crypt(md5($string),
>> md5($string));return $Encryption;}
>> $user = encrypt($usrname);
>> $p = encrypt($passname);
>> }
>>
>> //----Connecting with DB, selecting array from DB to analyze.
>> $linkID = mysql_connect($db_server, $db_user, $db_pass);
>> mysql_select_db("$db_name", $linkID);
>> $result = mysql_query("SELECT password FROM docproedit WHERE username =
>> '$user'", $linkID);
>> $pass = mysql_fetch_row($result);
>> mysql_close($linkID);
>>
>> //----Based on the comparision of encryped "login" username
>> //----against the permanent DB password, $auth is 1 if 'good' login, and
>> 0 if 'bad'.
>> if ($pass[0] === $p) {
>> $auth = true;
>> if ($auth = 1) {
>> echo ""; return;
>> }
>> }
>> return $auth;
>>
>> ob_end_flush();
>>
>> /************************************************
>> *************Login.php End***************
>> ************************************************/
>>
>>
>>
>
>

--
View this message in context: http://www.nabble.com/PHP-to-md5-the-%24var-before-it-reache s-MySQL%27s-gen-query-log-tf3731340.html#a10606352
Sent from the Php - Database mailing list archive at Nabble.com.

------=_Part_27989_21329922.1179157502272--

Re: $_POST["mypassword"]; ***Undefined index: mypassword

Well, well, I just logged on to test the crypt output by typing in wrong
username/password pairs and got this output from the "var_dump($_POST);"
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;inco rrect
username/password pair;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
array(3) { ["myusername"]=> string(8) "asdfasdf" ["mypassword"]=>
string(6) "hjklhj" ["Submit"]=> string(5) "Login" }
array(3) { ["myusername"]=> string(8) "asdfasdf" ["mypassword"]=>
string(6) "hjklhj" ["Submit"]=> string(5) "Login" }
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;corr ect
username/password pair;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
array(3) { ["myusername"]=> string(6) "amrita" ["mypassword"]=> string(4)
"tech" ["Submit"]=> string(5) "Login"}
array(3) { ["myusername"]=> string(6) "amrita" ["mypassword"]=> string(4)
"tech" ["Submit"]=> string(5) "Login"}
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;
This gives me hard evidence that the $_POST array is working just fine, but
what is it??? that is not seeing that "mypassword' and "myusername" are
defined?
So what does this tell you?
Thanks,
Chetanji





Dimiter Ivanov wrote:
>
> On 5/14/07, Chetanji wrote:
>>
>> I corrected a small spelling error to make the situation more
>> understandable.
>> Everything is the same I am stuck!
>> Thanks in Advance, Chetanji
>>
>> Chetanji wrote:
>> >
>> >
>> >
>> > All the errors are gone but this nagging one. I am running a login
>> script
>> > and getting this error...
>> >
>> > To bring the username and password into the processing script I am
>> doing
>> > it this way, and having trouble.
>> > I have spent too many hours working on this one issue. Please help
>> > someone.
>> > Blessings, Chetan
>> >
>> > $myusername=$_POST["myusername"];
>> > $mypassword=$_POST["mypassword"];
>> >
>> >
>> :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::
>> > Notice: Undefined index: myusername in
>> > C:\Inetpub\wwwroot\AimsSite\docproedit\login.php on line 13
>> >
>> > Notice: Undefined index: mypassword in
>> > C:\Inetpub\wwwroot\AimsSite\docproedit\login.php on line 13
>> >
>
> Those messages mean that the variables $_POST["myusername"] and
> $_POST["mypassword"]; are not set.
> Try dumping the $_POST array "var_dump($_POST);" , to see what is in
> there, before you assign the values to $mypassword and $myusername.
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>

--
View this message in context: http://www.nabble.com/PHP-to-md5-the-%24var-before-it-reache s-MySQL%27s-gen-query-log-tf3731340.html#a10606727
Sent from the Php - Database mailing list archive at Nabble.com.

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: $_POST["mypassword"]; ***Undefined index: mypassword

On 5/14/07, Chetanji wrote:
>
> Thanks for the reply, this is the only output before and after the
> $_POST....
>
> array(0) { } ......that's it
>
> I still have the two Notice's from PHP.
> But the program works otherwise, in checking the DB for the hashed
> password...
> that matches the typed in username ...
> that is then hashed itself
> in the login.php program.
> It works and doesn't 'auth' for incorrect user/pass combinations.
> However, I do not like running programs that kick out 'errors' of any kind.
> It seems to always lead to unpredictable situations that are a problem.
> Any other ideas?
> Thanks,
> Chetanji

Well then the $_POST array is empty that's why you have those notices.
The $_POST array is populated with values ONLY after the form was
submitted to the login.php script.
If you use this script before the form was submitted or in any other
context, then you will get those notices.

If you check if the variables you are looking for are set, before
assigning them, you will not get the notices.

Try this:
if(isset($_POST["myusername"] AND isset($_POST["mypassword"])){
$myusername=$_POST["myusername"];
$mypassword=$_POST["mypassword"];
}

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: $_POST["mypassword"]; ***Undefined index: mypassword

Okay, now with the isset and var_dump in place within the login.php script,
I get the output of what I typed into the Log On page.
All this output is 'premeal' for the login.php script.

So then the PHP "Notice's" are just something to know the PHP parser is
seeing a empty, undescriptive container and is throwing a "hey, look at this
it may not be normal" when the login.php script is run by itself in the
browser. You are thinking its not a problem and will not lead to any
problems. If this is the case then thankyou Dimiter.
Blessings,
Chetanji


;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;
array(3) { ["myusername"]=> string(2) "my" ["mypassword"]=> string(4)
"amma" ["Submit"]=> string(5) "Login" }
array(3) { ["myusername"]=> string(2) "my" ["mypassword"]=> string(4)
"amma" ["Submit"]=> string(5) "Login" }
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;




Dimiter Ivanov wrote:
>
> Well then the $_POST array is empty that's why you have those notices.
> The $_POST array is populated with values ONLY after the form was
> submitted to the login.php script.
> If you use this script before the form was submitted or in any other
> context, then you will get those notices.
>
> If you check if the variables you are looking for are set, before
> assigning them, you will not get the notices.
>
> Try this:
> if(isset($_POST["myusername"]) AND isset($_POST["mypassword"])){
> $myusername=$_POST["myusername"];
> $mypassword=$_POST["mypassword"];
> }
>
> On 5/14/07, Chetanji wrote:
>>
>> Thanks for the reply, this is the only output before and after the
>> $_POST....
>>
>> array(0) { } ......that's it
>>
>> I still have the two Notice's from PHP.
>> But the program works otherwise, in checking the DB for the hashed
>> password...
>> that matches the typed in username ...
>> that is then hashed itself
>> in the login.php program.
>> It works and doesn't 'auth' for incorrect user/pass combinations.
>> However, I do not like running programs that kick out 'errors' of any
>> kind.
>> It seems to always lead to unpredictable situations that are a problem.
>> Any other ideas?
>> Thanks,
>> Chetanji
>
> Well then the $_POST array is empty that's why you have those notices.
> The $_POST array is populated with values ONLY after the form was
> submitted to the login.php script.
> If you use this script before the form was submitted or in any other
> context, then you will get those notices.
>
> If you check if the variables you are looking for are set, before
> assigning them, you will not get the notices.
>
> Try this:
> if(isset($_POST["myusername"]) AND isset($_POST["mypassword"])){
> $myusername=$_POST["myusername"];
> $mypassword=$_POST["mypassword"];
> }
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>

--
View this message in context: http://www.nabble.com/PHP-to-md5-the-%24var-before-it-reache s-MySQL%27s-gen-query-log-tf3731340.html#a10607559
Sent from the Php - Database mailing list archive at Nabble.com.

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: $_POST["mypassword"]; ***Undefined index: mypassword

On 5/14/07, Chetanji wrote:
>
> Okay, now with the isset and var_dump in place within the login.php script,
> I get the output of what I typed into the Log On page.
> All this output is 'premeal' for the login.php script.
>
> So then the PHP "Notice's" are just something to know the PHP parser is
> seeing a empty, undescriptive container and is throwing a "hey, look at this
> it may not be normal" when the login.php script is run by itself in the
> browser. You are thinking its not a problem and will not lead to any
> problems. If this is the case then thankyou Dimiter.
> Blessings,
> Chetanji

Yes that's the purpose of notices.
From the php manual :

"Run-time notices. Indicate that the script encountered something that
could indicate an error, but could also happen in the normal course of
running a script."

http://www.php.net/manual/en/ref.errorfunc.php#e-notice

You may comment/remove the var_dump, it's only for debugging purposes.
You don't need it anymore.

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: $_POST["mypassword"]; ***Undefined index: mypassword

------=_NextPart_000_001B_01C796E5.235775C0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

the problem is right here (said on error msg):
session_register("myusername"); session_register("mypassword");

u should use session_register("myusername") after declare the name.
i taken from my php chm

It is currently impossible to register resource variables in a session. =
For example, you cannot create a connection to a database and store the =
connection id as a session variable and expect the connection to still =
be valid the next time the session is restored. PHP functions that =
return a resource are identified by having a return type of resource in =
their function definition. A list of functions that return resources are =
available in the resource types appendix.

if you understand what statement above.. conguration, if not.. don't =
shock.. me either.

for phpWin.. this topic perhaps easy for you to answer.=20

------=_NextPart_000_001B_01C796E5.235775C0--

Re: $_POST["mypassword"]; ***Undefined index: mypassword

------=_NextPart_000_001B_01C796E5.235775C0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

the problem is right here (said on error msg):
session_register("myusername"); session_register("mypassword");

u should use session_register("myusername") after declare the name.
i taken from my php chm

It is currently impossible to register resource variables in a session. =
For example, you cannot create a connection to a database and store the =
connection id as a session variable and expect the connection to still =
be valid the next time the session is restored. PHP functions that =
return a resource are identified by having a return type of resource in =
their function definition. A list of functions that return resources are =
available in the resource types appendix.

if you understand what statement above.. conguration, if not.. don't =
shock.. me either.

for phpWin.. this topic perhaps easy for you to answer.=20

------=_NextPart_000_001B_01C796E5.235775C0--

Re: $_POST["mypassword"]; ***Undefined index: mypassword

[ taking php-windows out again :P ]

bedul wrote:
> the problem is right here (said on error msg):
> session_register("myusername"); session_register("mypassword");
>
> u should use session_register("myusername") after declare the name.
> i taken from my php chm
>
> It is currently impossible to register resource variables in a session. For example, you cannot create a connection to a database and store the connection id as a session variable and expect the connection to still be valid the next time the session is restored. PHP functions that return a resource are identified by having a return type of resource in their function definition. A list of functions that return resources are available in the resource types appendix.
>
> if you understand what statement above.. conguration, if not.. don't shock.. me either.

You can't store database connections in a session.

Ie you can't:

$connection = mysql_connect(....);

$_SESSION['DbConnection'] = $connection;


because the HTTP protocol (and thus PHP) is stateless - you don't know
where the next connection is coming from or even if there is another
connection coming.

If there is another HTTP request, you have no way of linking request '1'
(where the database connection was set up) to request '47' in the chain.

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Re: [PHP-DB] $_POST["mypassword"]; ***Undefined index:mypassword

Simple. A resource, like the stuff you get when running mysql_query for
instance ($resource = mysql_query($sql);) cannot be stored in a session
variable. When you go to a new page, the resource variable is no longer
linked to the results of the mysql query and thus wasn't stored.
You following?

But I don't understand what sessions and resources has to do with $_POST
variables!

Mike

bedul skrev:
> the problem is right here (said on error msg):
> session_register("myusername"); session_register("mypassword");
>
> u should use session_register("myusername") after declare the name.
> i taken from my php chm
>
> It is currently impossible to register resource variables in a session. For example, you cannot create a connection to a database and store the connection id as a session variable and expect the connection to still be valid the next time the session is restored. PHP functions that return a resource are identified by having a return type of resource in their function definition. A list of functions that return resources are available in the resource types appendix.
>
> if you understand what statement above.. conguration, if not.. don't shock.. me either.
>
> for phpWin.. this topic perhaps easy for you to answer.
>
>

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Re: [PHP-DB] $_POST["mypassword"]; ***Undefined index:mypassword

Simple. A resource, like the stuff you get when running mysql_query for
instance ($resource = mysql_query($sql);) cannot be stored in a session
variable. When you go to a new page, the resource variable is no longer
linked to the results of the mysql query and thus wasn't stored.
You following?

But I don't understand what sessions and resources has to do with $_POST
variables!

Mike

bedul skrev:
> the problem is right here (said on error msg):
> session_register("myusername"); session_register("mypassword");
>
> u should use session_register("myusername") after declare the name.
> i taken from my php chm
>
> It is currently impossible to register resource variables in a session. For example, you cannot create a connection to a database and store the connection id as a session variable and expect the connection to still be valid the next time the session is restored. PHP functions that return a resource are identified by having a return type of resource in their function definition. A list of functions that return resources are available in the resource types appendix.
>
> if you understand what statement above.. conguration, if not.. don't shock.. me either.
>
> for phpWin.. this topic perhaps easy for you to answer.
>
>

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: $_POST["mypassword"]; ***Undefined index: mypassword

it seem the poster already have the answer..
what he/she going to do was how to save username and pass on session.

thx for your help
----- Original Message -----
From: "Chris"
To: "bedul"
Cc: "Chetanji" ;
Sent: Tuesday, May 15, 2007 11:49 AM
Subject: Re: [PHP-DB] $_POST["mypassword"]; ***Undefined index: mypassword


> [ taking php-windows out again :P ]
>
> bedul wrote:
> > the problem is right here (said on error msg):
> > session_register("myusername"); session_register("mypassword");
> >
> > u should use session_register("myusername") after declare the name.
> > i taken from my php chm
> >
> > It is currently impossible to register resource variables in a session.
For example, you cannot create a connection to a database and store the
connection id as a session variable and expect the connection to still be
valid the next time the session is restored. PHP functions that return a
resource are identified by having a return type of resource in their
function definition. A list of functions that return resources are available
in the resource types appendix.
> >
> > if you understand what statement above.. conguration, if not.. don't
shock.. me either.
>
> You can't store database connections in a session.
>
> Ie you can't:
>
> $connection = mysql_connect(....);
>
> $_SESSION['DbConnection'] = $connection;
>
>
> because the HTTP protocol (and thus PHP) is stateless - you don't know
> where the next connection is coming from or even if there is another
> connection coming.
>
> If there is another HTTP request, you have no way of linking request '1'
> (where the database connection was set up) to request '47' in the chain.
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: $_POST["mypassword"]; ***Undefined index: mypassword

it seem the poster already have the answer..
what he/she going to do was how to save username and pass on session.

thx for your help
----- Original Message -----
From: "Chris"
To: "bedul"
Cc: "Chetanji" ;
Sent: Tuesday, May 15, 2007 11:49 AM
Subject: Re: [PHP-DB] $_POST["mypassword"]; ***Undefined index: mypassword


> [ taking php-windows out again :P ]
>
> bedul wrote:
> > the problem is right here (said on error msg):
> > session_register("myusername"); session_register("mypassword");
> >
> > u should use session_register("myusername") after declare the name.
> > i taken from my php chm
> >
> > It is currently impossible to register resource variables in a session.
For example, you cannot create a connection to a database and store the
connection id as a session variable and expect the connection to still be
valid the next time the session is restored. PHP functions that return a
resource are identified by having a return type of resource in their
function definition. A list of functions that return resources are available
in the resource types appendix.
> >
> > if you understand what statement above.. conguration, if not.. don't
shock.. me either.
>
> You can't store database connections in a session.
>
> Ie you can't:
>
> $connection = mysql_connect(....);
>
> $_SESSION['DbConnection'] = $connection;
>
>
> because the HTTP protocol (and thus PHP) is stateless - you don't know
> where the next connection is coming from or even if there is another
> connection coming.
>
> If there is another HTTP request, you have no way of linking request '1'
> (where the database connection was set up) to request '47' in the chain.
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php