#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2001
    Location
    cheshire
    Posts
    52
    Rep Power
    18

    password generator- unique?


    I have a script that is supposed to generate unique passwords. Trouble is its producing passwords that already exist in the 'personaldetails' table. i don't think I'm the lucky type that wins the lottery everyday so it its not by chance - there is an error somewhere. (the userid is primary key and is autoincrement, I know thats not a standard way of doing it but that isn't causing this error)
    The script is:

    if ("SUBMIT"==$generate){
    $String = "This is the text which will be encrypted so that we may create random and secure passwords!";
    $Length = 8; // Change this value to indicate how long your passwords should be. 32 character limit.
    $String = md5($String);
    $StringLength = strlen($String);
    srand ((double) microtime() * 1000000);
    $Begin = rand(0,($StringLength-$Length-1)); // Pick an arbitrary starting point.
    $password = substr($String, $Begin, $Length);
    print ("Your recommended password is:<P><BIG>$password</BIG>\n");

    // Add the password to the database.

    $sql = "INSERT INTO personaldetails SET " .
    "firstname='$firstname', " .
    "surname='$surname'," .
    "password='$password'," .
    "teacherstatus='$teacherstatus'";
    if (mysql_query($sql)) {
    echo("<P>Your password has been added to the database.</P>");
    } else {
    echo("<P>Error adding password to database: " .
    mysql_error() . "</P>");
    }
    $Query5="SELECT userid FROM personaldetails WHERE password='$password'";
    $result5=mysql_query($Query5) or die ("Can not execute query:" . mysql_error());
    print("Your userid is " . mysql_result($result5,0) . ". This has also been added to the database. ");
    }

    I don't understand why its not generating unique passwords. As, a consequence I'm bringing back the userid for the password that was already in the table, I end up with 2 people sharing the same password and and the generator reports they have the same userid ( when I look in the table the newest row has been added and has a userid which is different to the userid of the other person in the table who has the first copy of the password. My query to bring back the userid is bringing back the userid of the first row it comes to that has the 'unique' password entry, unfortunately the password is not unique and so I get the wrong persons userid? - can you spot what is wrong with the generator?
    Dave Graham
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2001
    Location
    cheshire
    Posts
    52
    Rep Power
    18

    reseeding?


    I suspect there is seeding more than once. I have enclosed the full script below. I think it may get seeded again when a user clicks the other link on the page which displays the form for indicating which class you want to see the results for. As this form returns you to the same page with the same 'generate a password' link, and "SUBMIT"==$generate is true.

    I think I will revise the script so the generate a password link does not remain on the page when a visitor returns to the page. My thinking is a bit woolly here - I'm trying to get my head round this but I'm not fully there yet. Can you see more clearly from the script how the reseeding occurs.
    Many thanks.
    PHP Code:
    <?php
    function averageOfAverages($totalAvg$returnedRows){
    if (
    $returnedRows){
    $AverageOfAverages=$totalAvg $returnedRows;
    return 
    $AverageOfAverages;
    }
    else{
        
    $AverageOfAverages=0;
        return 
    $AverageOfAverages;
         }
    }
    ?>
    <html>
    <head>
    <title>The teacher page</title>
    </head>
    <body>
    PHP Code:
    <?php
    $Host 
    "*************";// Set the variables for the database access:
    $User "*****";
    $Password "*****";       
    $DBName "*******";     
    $TableName "testscores";

    $link = @mysql_connect("$Host""$User""$Password");
    if (!
    $link)
     {
     print(
    "<P>Unable to connect to the " .       
     
    "database server at this time.</P>\n");      //note how 2 strings have been concatonated
     
    exit();
    }
    else
    {
    print(
    "You're now connected to the Mysql server at the host ISP.<P>\n");
    }

    if (! @
    mysql_select_db("$DBName") )
     {
     print(
    "<P>Unable to locate the $DBName database at this time.</P>\n");
     exit();
     }
     else
    {
    print(
    "The database $DBName has been located.</P>\n");
    }

    $UserName=urldecode($UserName);
    print(
    "Greetings " $UserName "<br>\n");
    /*
     If the teacher wants to see the scores for a class, display the form that allows the teacher to choose which class but don't display it if the form has been submitted
    */
     
    if( (isset($displayscore)) AND ("SUBMIT"!==$displayscore)){

    print (
    "<FORM ACTION=\"$PHP_SELF\" METHOD=POST>\n");
    print(
    "<center><Table border=\"0\"  width=\"60%\"></center>\n");
    print(
    "<CAPTION ALIGN=\"TOP\"><b><font size=\"+2\">Data Collection Page 2</font></b></CAPTION>");

    print(
    "<INPUT TYPE=HIDDEN NAME=\"UserName\" VALUE=\"$UserName\">\n");


    //Allow the teacher to select the class that he/her wants to see the results for.
    print ("<tr><td> Select the class:</td>\n ");
    print (
    "<td><SELECT NAME=\"class\"><OPTION>Choose One</OPTION>\n");
    print (
    "<OPTION VALUE=\"11M1\">11M1</OPTION>\n");
    print (
    "<OPTION VALUE=\"11M2\">11M2</OPTION>\n");
    print (
    "<OPTION VALUE=\"11M3\">11M3</OPTION>\n");
    print (
    "<OPTION VALUE=\"11M4\">11M4</OPTION>\n");
    print (
    "<OPTION VALUE=\"11M5\">11M5</OPTION>\n");
    print (
    "<OPTION VALUE=\"11M6\">11M6</OPTION>\n");
    print (
    "<OPTION VALUE=\"11M7\">11M7</OPTION>\n");
    print (
    "</SELECT></td></tr>\n");

    print (
    "<tr><td><INPUT TYPE=SUBMIT NAME=displayscore VALUE=\"SUBMIT\"></td>\n");
    print(
    "<td><br></td></tr>");
    print(
    "</table></center>\n");
    print (
    "</FORM><br>\n");

    }
    //close the if isset
    //If the display form has been submitted run a query to select the relevant data


     
    if ("SUBMIT" == $displayscore) {
     
    // Request the pupils names and scores for class=$class from the personaldetails and //testscores table
     
    $Query "SELECT firstname, surname, testname, testscore FROM personaldetails p, testscores t  WHERE class='$class' AND p.userid=t.id ORDER BY surname, testname";
     
    $result mysql_query($Query); 
     if (!
    $result) {
     echo(
    "<P>Error performing query: " .
     
    mysql_error() . "</P>");
     exit();
     }
    }

    //Request the max score, min score and average score from testscores table
     
    if ("SUBMIT" == $displayscore) {
    $query2="SELECT testname, MAX(testscore) AS maxScore, MIN(testscore) AS minScore, AVG(testscore) AS averageScore FROM $TableName WHERE class='$class' GROUP BY testname";
    $result2=mysql_query($query2) or die ("Can not execute query:" mysql_error());
    $num_rows=mysql_num_rows($result2);
    }


     
    // Display the pupils name, test name and test score if the form has  been submitted
    if ("SUBMIT"==$displayscore){
    print (
    "<P> Here are the scores for class $class: </P>\n");
    // Create a table.
    print ("<TABLE BORDER=1 WIDTH=\"75%\" CELLSPACING=2 CELLPADDING=2 ALIGN=CENTER>\n");
    print (
    "<TR ALIGN=CENTER VALIGN=TOP>\n");
    print (
    "<TD ALIGN=CENTER VALIGN=TOP><b><font size=\"+1\">First Name</font></b></TD>\n");
    print (
    "<TD ALIGN=CENTER VALIGN=TOP><b><font size=\"+1\">Surname</font></b></TD>\n");
    print (
    "<TD ALIGN=CENTER VALIGN=TOP><b><font size=\"+1\">Test Name</font></b></TD>\n");
    print (
    "<TD ALIGN=CENTER VALIGN=TOP><b><font size=\"+1\">Test Score</font></b></TD>\n");
    print (
    "</TR>\n");
    /*Initialise the total variable to zero*/
    $total 0;
    //Fetch the results from the database.
     
    while ( $row mysql_fetch_array($result) ) {
    print (
    "<TR ALIGN=CENTER VALIGN=TOP>\n");
    print (
    "<TD ALIGN=CENTER VALIGN=TOP>" $row[firstname] . "</TD>\n");
    print (
    "<TD ALIGN=CENTER VALIGN=TOP>" $row[surname] . "</TD>\n");
    print (
    "<TD ALIGN=CENTER VALIGN=TOP>" $row[testname] . "</TD>\n");
    print (
    "<TD ALIGN=CENTER VALIGN=TOP>" $row[testscore] . "</TD>\n");
    print (
    "</TR>\n");
     
    $thistestscore $row['testscore'];     
     
    $total += $thistestscore;
     }
    print (
    "</TABLE><br>\n");

    }
     
    // Display the class max, min and avg for each test if the form has been submitted
    if ("SUBMIT"==$displayscore){
    print (
    "<P> Here are the max, min and avg scores for class $class  </P>\n");
    // Create a table.
    print ("<TABLE BORDER=1 WIDTH=\"75%\" CELLSPACING=2 CELLPADDING=2 ALIGN=CENTER>\n");
    print (
    "<TR ALIGN=CENTER VALIGN=TOP>\n");
    print (
    "<TD ALIGN=CENTER VALIGN=TOP><b><font size=\"+1\">Test Name</font></b></TD>\n");
    print (
    "<TD ALIGN=CENTER VALIGN=TOP><b><font size=\"+1\">Max Score</font></b></TD>\n");
    print (
    "<TD ALIGN=CENTER VALIGN=TOP><b><font size=\"+1\">Min Score</font></b></TD>\n");
    print (
    "<TD ALIGN=CENTER VALIGN=TOP><b><font size=\"+1\">Avg Score</font></b></TD>\n");
    print (
    "</TR>\n");
    /*Initialise the totalAverage variable to zero*/
    $totalAverage 0;
    //Fetch the results from the database.
     
    while ( $row2 mysql_fetch_array($result2) ) {
    print (
    "<TR ALIGN=CENTER VALIGN=TOP>\n");
    print (
    "<TD ALIGN=CENTER VALIGN=TOP>" $row2[testname] . "</TD>\n");
    print (
    "<TD ALIGN=CENTER VALIGN=TOP>" $row2[maxScore] . "</TD>\n");
    print (
    "<TD ALIGN=CENTER VALIGN=TOP>" $row2[minScore] . "</TD>\n");
    printf ("<TD ALIGN=CENTER VALIGN=TOP>%01.1f"$row2[averageScore]); print ("</TD>\n");
    print (
    "</TR>\n");
    $thisAverageScore $row2['averageScore'];     
     
    $totalAverage += $thisAverageScore;
     }
    print (
    "</TABLE><br>\n");
    $overallAverage=averageOfAverages($totalAverage$num_rows);
    print(
    "The combined average for the tests completed so far by $class is $overallAverage out of 25.0<br>\n");
    }
    // When clicked, this link will load this page
     // with the score submission form displayed.

    $UserName=urlencode($UserName);
    $logondetails=urlencode($logondetails);
     echo(
    "<P><A HREF='$PHP_SELF?displayscore=1&UserName=$UserName&userid=$userid&class=$class'>" .
     
    "Display the test scores for a class!</A></P>");



    if (
    "SUBMIT"==$generate){
    $String "This is the text which will be encrypted so that we may create random and secure passwords!";
    $Length 8// Change this value to indicate how long your passwords should be. 32 character limit.
    $String md5($String);
    $StringLength strlen($String);
    srand ((double) microtime() * 1000000);
    $Begin rand(0,($StringLength-$Length-1)); // Pick an arbitrary starting point.
    $password substr($String$Begin$Length);
    print (
    "Your recommended password is:<P><BIG>$password</BIG>\n");

    // Add the password to the database.

     
    $sql "INSERT INTO personaldetails SET " .  
     
    "firstname='$firstname', " .
     
    "surname='$surname'," .
     
    "password='$password'," 
     
    "teacherstatus='$teacherstatus'";
     if (
    mysql_query($sql)) {
     echo(
    "<P>Your password has been added to the database.</P>");
     } else {
     echo(
    "<P>Error adding password to database: " .
     
    mysql_error() . "</P>");
     }
    $Query5="SELECT userid FROM personaldetails WHERE password='$password'";
    $result5=mysql_query($Query5) or die ("Can not execute query:" mysql_error());
    print(
    "Your userid is " mysql_result($result5,0) . ". This has also been added to the database. ");
     }





     if (isset(
    $displayPasswordForm)){
    print (
    "<FORM ACTION=\"$PHP_SELF\" METHOD=POST>\n");
    print(
    "<center><Table border=\"0\"  width=\"60%\"></center>\n");
    print(
    "<CAPTION ALIGN=\"TOP\"><b><font size=\"+2\">Password Generator Form</font></b></CAPTION>");
    print(
    "<tr><td>Enter the pupils first name:</td>");
    print(
    "<td><INPUT TYPE=TEXT NAME=\"firstname\"></td></tr>\n");
    print(
    "<tr><td>Enter the pupils surname:</td>");
    print(
    "<td><INPUT TYPE=TEXT NAME=\"surname\"></td></tr>\n");
    print(
    "<tr><td>Choose Teacher Status:</td>");
    print(
    "<td>Y:<INPUT TYPE=RADIO NAME=\"teacherstatus\" VALUE=\"Y\"></td></tr>\n");
    print(
    "<tr><td><br></td>");
    print(
    "<td>N:<INPUT TYPE=RADIO NAME=\"teacherstatus\" VALUE=\"N\"></td></tr>\n");
    print (
    "<tr><td><INPUT TYPE=SUBMIT NAME=\"generate\" VALUE=\"SUBMIT\"></td>\n");
    print(
    "<td><br></td></tr>");
    print(
    "</table></center>\n");
    print (
    "</FORM><br>\n");
    }


     echo(
    "<P><A HREF='$PHP_SELF?displayPasswordForm=1'>" "Generate A Password!</A></P>");
     

    mysql_close($link);
    ?>
    <A href="feedback.php"><IMG
    height=31 alt="left arrow" hspace=10 src="2arrow4.gif" width=90 border=0></A>
    </body>
    </html>
    Dave Graham

IMN logo majestic logo threadwatch logo seochat tools logo