1. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,915
    Rep Power
    1045
    They still exist, but since they're officially deprecated, they emit an E_DEPRECATED warning every time you call them. To prevent flooding your error log, you have to turn those warnings off.

    Note, however, that deprecation is the beginning of the end. So if your application is supposed to be around for a while, you'll have to upgrade it at some point.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers? There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  2. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2014
    Posts
    4
    Rep Power
    0
    OK - thanks.
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2014
    Posts
    1
    Rep Power
    0

    Session problem


    Hiya,

    Absolutely loving the tutorial and I have learnt so much from it and have added so many extras from learning this tutorial. However I have come across a problem that I cant seem to fix and is driving me mad.

    When i log into the system, it recognizes me and welcomes me but whenever i either go to another page or even reload the same page it ends the session causing me to log in again, however, if i log into the system, manually log out using the logout link and then re-login to the system the session works perfectly!

    Does anyone know why this would happen and how I would go about fixing it please?


    Thanks a lot!
    Nathan
  4. Confused badger
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Mar 2009
    Location
    West Yorkshire
    Posts
    1,047
    Rep Power
    487
    Hello Nathan
    I would suggest that you create a new thread for assistance with this, I've only just noticed your post a day on ... anyway, you need to add some debugging, write to screen using "print_r" or similar, the content of $_SESSION at various points in your script so you can try to pinpoint where (and ultimately WHY) it is becoming unset.

    Because you've modified the script from the provided tutorial, we can't possibly begin to offer any other assistance without seeing your modified code so if the debugging suggestion above doesn't work then please, post a new thread in the main PHP forum and we'll be able to help (plus, more people will read the post)

    Cheers!
    "For if leisure and security were enjoyed by all alike, the great mass of human beings who are normally stupefied by poverty would become literate and would learn to think for themselves; and when once they had done this, they would sooner or later realise that the privileged minority had no function and they would sweep it away"
    - George Orwell, 1984
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2014
    Posts
    1
    Rep Power
    0

    Password Decrypt


    Please Tell Me how to Decrypt the Encrypted Password... please reply the code to me... i really need it. by the way... it's very useful for me... it is secured.


    and one thing.. if you can add the code on how to lock the account after logging in for three times... please add. Thank You Very Much.. More Power.
  6. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,915
    Rep Power
    1045
    Originally Posted by kei_o29
    Please Tell Me how to Decrypt the Encrypted Password... please reply the code to me... i really need it.
    You don't understand. The passwords are hashed, not encrypted. This means the procedure cannot be reverted -- which is the whole point.

    The best you can do is try out different passwords. But this isn't realistic if the target password is strong -- which again is the whole point.

    That's what the word "secure" means: Nobody can recover the passwords from the hashes, not even the owner of the website. If he could, the whole algorithm would be garbage.



    Originally Posted by kei_o29
    and one thing.. if you can add the code on how to lock the account after logging in for three times... please add.
    Blocking an account after three failed attempts is nonsense, because it allows anybody on the Internet to lock out your entire userbase simply by making three failed attempts for each user.

    You'll need a more sophisticated approach. One possibility is to use a CAPTCHA. See this thread.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers? There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2014
    Posts
    5
    Rep Power
    0
    The logins for this script appear to time out after a certain amount of time. Is there any way to increase or modify the timeout of the session?
  8. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,915
    Rep Power
    1045
    The script doesn't do any timeouts. If your session gets killed after a certain amount of time (which is rather exotic), it's because you or somebody else has played with the PHP configuration:

    http://www.php.net/manual/en/session...ookie-lifetime
    http://www.php.net/manual/en/session...gc-maxlifetime
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers? There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2014
    Posts
    5
    Rep Power
    0
    Yea I think I figured it out -- it appears to have been the session gc maxlifetime.

    thanks for the reply
  10. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2014
    Posts
    1
    Rep Power
    0

    Problems at login page


    I have been playing with this register code. I have copied it down to the logout section. It allows registration, and inserts in DB, but when I try to log in it syas wrong password. I am using simple 3 letter passwords as I am just testing. Any suggestions?

    I believe all the code is correct as per tutoral. I am not a comlete newbe, but far enough to hang myself every now and then.

    Thank you
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2014
    Posts
    1
    Rep Power
    0
    Thanks for the code...

    For some reason I keep getting an error message. The registration form is placing data into the db but these errors are getting in the way.


    Warning: Cannot modify header information - headers already sent by (output started at /////private.php:1) in ////common.php on line 78

    Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /////private.php:1) in ////common.php on line 86

    I have tried rewriting the code and copy / paste, but I can't get the errors to stop. What am I doing wrong?

    Thanks
  12. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,915
    Rep Power
    1045
    Originally Posted by tompat
    I am using simple 3 letter passwords as I am just testing. Any suggestions?
    Forget about the hash stuff. Home-made crypto algorithms are a very bad idea. None of us can tell whether this is strong, acceptable or complete bogus.

    Use an established algorithm like bcrypt. If you're using PHP 5.5, it's already built into the language:

    http://www.php.net/manual/en/function.password-hash.php

    If you're running around with some old PHP, use a compatibility library:

    https://github.com/ircmaxell/password_compat



    Originally Posted by Oldgoat
    Warning: Cannot modify header information - headers already sent by (output started at /////private.php:1) in ////common.php on line 78

    [...]

    What am I doing wrong?
    Look at the error message: The private.php script generates output in the first line. Maybe you have whitespace before the opening PHP tag. Maybe there's a byte order mark. That's what you have to find out.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers? There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2014
    Posts
    5
    Rep Power
    0
    I thought my logout problem was due to session gc maxlifetime but it appears to still be auto logging out after about 20 minutes or so. Does anyone have any other ideas of where to look to prevent this from happening?
  14. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,915
    Rep Power
    1045
    Did you check the cookie settings I pointed you to last time?

    There's two ways a session can get killed: Either on the server through removing the session file. Or client-side through death of the session cookie.

    Checking the session cookie is easy: Simply open the developer tools of your browser and see what the Expires value says.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers? There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2014
    Posts
    5
    Rep Power
    0
    Originally Posted by Jacques1
    Did you check the cookie settings I pointed you to last time?

    There's two ways a session can get killed: Either on the server through removing the session file. Or client-side through death of the session cookie.

    Checking the session cookie is easy: Simply open the developer tools of your browser and see what the Expires value says.
    The cookie setting in php.ini is set to never expire and in my browser the expire is set to "Session"

IMN logo majestic logo threadwatch logo seochat tools logo