Search Results

Search found 10747 results on 430 pages for 'password'.

Page 59/430 | < Previous Page | 55 56 57 58 59 60 61 62 63 64 65 66  | Next Page >

  • Password security; Is this safe?

    - by Camran
    I asked a question yesterday about password safety... I am new at security... I am using a mysql db, and need to store users passwords there. I have been told in answers that hashing and THEN saving the HASHED value of the password is the correct way of doing this. So basically I want to verify with you guys this is correct now. It is a classifieds website, and for each classified the user puts, he has to enter a password so that he/she can remove the classified using that password later on (when product is sold for example). In a file called "put_ad.php" I use the $_POST method to fetch the pass from a form. Then I hash it and put it into a mysql table. Then whenever the users wants to delete the ad, I check the entered password by hashing it and comparing the hashed value of the entered passw against the hashed value in the mysql db, right? BUT, what if I as an admin want to delete a classified, is there a method to "Unhash" the password easily? sha1 is used currently btw. some code is very much appreciated. Thanks

    Read the article

  • Data Source Security Part 2

    - by Steve Felts
    In Part 1, I introduced the default security behavior and listed the various options available to change that behavior.  One of the key topics to understand is the difference between directly using database user and password values versus mapping from WLS user and password to the associated database values.   The direct use of database credentials is relatively new to WLS, based on customer feedback.  Some of the trade-offs are covered in this article. Credential Mapping vs. Database Credentials Each WLS data source has a credential map that is a mechanism used to map a key, in this case a WLS user, to security credentials (user and password).  By default, when a user and password are specified when getting a connection, they are treated as credentials for a WLS user, validated, and are converted to a database user and password using a credential map associated with the data source.  If a matching entry is not found in the credential map for the data source, then the user and password associated with the data source definition are used.  Because of this defaulting mechanism, you should be careful what permissions are granted to the default user.  Alternatively, you can define an invalid default user to ensure that no one can accidentally get through (in this case, you would need to set the initial capacity for the pool to zero so that the pool is populated only by valid users). To create an entry in the credential map: 1) First create a WLS user.  In the administration console, go to Security realms, select your realm (e.g., myrealm), select Users, and select New.  2) Second, create the mapping.  In the administration console, go to Services, select Data sources, select your data source name, select Security, select Credentials, and select New.  See http://docs.oracle.com/cd/E24329_01/apirefs.1211/e24401/taskhelp/jdbc/jdbc_datasources/ConfigureCredentialMappingForADataSource.html for more information. The advantages of using the credential mapping are that: 1) You don’t hard-code the database user/password into a program or need to prompt for it in addition to the WLS user/password and 2) It provides a layer of abstraction between WLS security and database settings such that many WLS identities can be mapped to a smaller set of DB identities, thereby only requiring middle-tier configuration updates when WLS users are added/removed. You can cut down the number of users that have access to a data source to reduce the user maintenance overhead.  For example, suppose that a servlet has the one pre-defined, special WLS user/password for data source access, hard-wired in its code in a getConnection(user, password) call.  Every WebLogic user can reap the specific DBMS access coded into the servlet, but none has to have general access to the data source.  For instance, there may be a ‘Sales’ DBMS which needs to be protected from unauthorized eyes, but it contains some day-to-day data that everyone needs. The Sales data source is configured with restricted access and a servlet is built that hard-wires the specific data source access credentials in its connection request.  It uses that connection to deliver only the generally needed day-to-day information to any caller. The servlet cannot reveal any other data, and no WebLogic user can get any other access to the data source.  This is the approach that many large applications take and is the reasoning behind the default mapping behavior in WLS. The disadvantages of using the credential map are that: 1) It is difficult to manage (create, update, delete) with a large number of users; it is possible to use WLST scripts or a custom JMX client utility to manage credential map entries. 2) You can’t share a credential map between data sources so they must be duplicated. Some applications prefer not to use the credential map.  Instead, the credentials passed to getConnection(user, password) should be treated as database credentials and used to authenticate with the database for the connection, avoiding going through the credential map.  This is enabled by setting the “use-database-credentials” to true.  See http://docs.oracle.com/cd/E24329_01/apirefs.1211/e24401/taskhelp/jdbc/jdbc_datasources/ConfigureOracleParameters.html "Configure Oracle parameters" in Oracle WebLogic Server Administration Console Help. Use Database Credentials is not currently supported for Multi Data Source configurations.  When enabled, it turns off credential mapping on Generic and Active GridLink data sources for the following attributes: 1. identity-based-connection-pooling-enabled (this interaction is available by patch in 10.3.6.0). 2. oracle-proxy-session (this interaction is first available in 10.3.6.0). 3. set client identifier (this interaction is available by patch in 10.3.6.0).  Note that in the data source schema, the set client identifier feature is poorly named “credential-mapping-enabled”.  The documentation and the console refer to it as Set Client Identifier. To review the behavior of credential mapping and using database credentials: - If using the credential map, there needs to be a mapping for each WLS user to database user for those users that will have access to the database; otherwise the default user for the data source will be used.  If you always specify a user/password when getting a connection, you only need credential map entries for those specific users. - If using database credentials without specifying a user/password, the default user and password in the data source descriptor are always used.  If you specify a user/password when getting a connection, that user will be used for the credentials.  WLS users are not involved at all in the data source connection process.

    Read the article

  • Ruby: backslash all non-alphanumeric characters in a string

    - by HBlend
    I have a script where I need to take a user's password and then run a command line using it. I need to backslash all (could be more then one) non-alphanumeric characters in the password. I have tried several things at this point including the below but getting no where. This has to be easy, just missing it. Tried these and several others: password = password.gsub(/(\W)/, '\\1') password = password.gsub(/(\W)/, '\\\1') password = password.gsub(/(\W)/, '\\\\1')

    Read the article

  • Why doesn't the highlighted part of the JavaScript work?

    - by Dor Cohen
    Why isn't the 'confirm password and password the same' part working? Meaning, the part that uses the 'getElementById' to adress the password and confirmpassword. Every part works but that particular part. It doesn't show a red box around the text fields. Can anyone help me? <html> <head> </head> <script> function submitinfo() { var firstname = document.getElementById("firstname").value; var lastname = document.getElementById("lastname").value; var username = document.getElementById("username").value; var password = document.getElementById("password").value; var confirmpassword = document.getElementById("confirmpassword").value; var email = document.getElementById("email").value; if(firstname !== "" && document.getElementById("firstname").style.borderColor == "red")     {     document.getElementById("firstname").style.border = "none"     } if(lastname !== "" && document.getElementById("lastname").style.borderColor == "red") { document.getElementById("lastname").style.border = "none" } if(username !== "" && document.getElementById("username").style.borderColor == "red") { document.getElementById("username").style.border = "none" } if(password !== "" && document.getElementById("password").style.borderColor == "red") { document.getElementById("password").style.border = "none" } if(confirmpassword !== "" && document.getElementById("confirmpassword").style.borderColor == "red") { document.getElementById("confirmpassword").style.border = "none" } if(email !== "" && document.getElementById("email").style.borderColor == "red") { document.getElementById("email").style.border = "none" } if(firstname == "") { document.getElementById("firstname").style.borderColor = "red"; document.getElementById("firstname").style.borderStyle = "solid"; } if(lastname == "") { document.getElementById("lastname").style.borderColor = "red"; document.getElementById("lastname").style.borderStyle = "solid"; } if(username == "") { document.getElementById("username").style.borderColor = "red"; document.getElementById("username").style.borderStyle = "solid"; } if(password == "") { document.getElementById("password").style.borderColor = "red"; document.getElementById("password").style.borderStyle = "solid"; } if(confirmpassword == "") { document.getElementById("confirmpassword").style.borderColor = "red"; document.getElementById("confirmpassword").style.borderStyle = "solid"; } if(email == "") { document.getElementById("email").style.borderColor = "red"; document.getElementById("email").style.borderStyle = "solid"; } if(password !== "" && confirmpassword !== "" && document.getElementById("password").style.border == "none" && document.getElementById("confirmpassword").style.border == "none" && password !== confirmpassword) { document.getElementById("password").style.border = "red"; document.getElementById("confirmpassword").style.border = "red"; } if(firstname && lastname && username && password && confirmpassword && email !== "") { window.open() } } </script> <h><font size=4 color=3BCCBE><b>Full Name</b></font><h/> <br> <input type="text" id="firstname" size="15px" placeholder="First"> <input type="text" id="lastname" size="15px" placeholder="Last"> <br> <br> <br> <br> <h><font size=4 color=3BCCBE><b>Choose your username</b></font></h> <br> <input type="text" id="username" size="37px"> <br> <p><font size=3 color="grey">atleast 6 characters long</font></p> <br> <h><font size=4 color=3BCCBE><b>Create a password</b></font></h> <br> <input type="password" id="password" size="37px"> <br> <br> <br> <br> <h><font size=4 color=3BCCBE><b>Confirm your password</b></font><h/> <br> <input type="password" id="confirmpassword" size="37px"> <br> <br> <br> <br> <h><font size=4 color=3BCCBE><b>Email address</b></font><h/> <br> <input type="text" id="email" size="37px"> <br> <br> <br> <br> <input type="button" value="Submit" onclick="submitinfo()" style="height:50px; width:85px; font-size:22px;> <br> </body> </html>

    Read the article

  • Indian government department have more unsecure website then others.

    - by Anirudha
    Originally posted on: http://geekswithblogs.net/anirugu/archive/2013/10/26/indian-government-department-have-more-unsecure-website-then-others.aspxOne of my friend share his college experience with me. He is not related with computer science. One day he told me that Ankia Fadia come to their college. In front of many student he show how to hack BSNL website by tricks. he break the flow how BSNL site work. I have told them BSNL is one of the most unsecure website of India   If you logged-in to website maybe it’s run in few seconds but sometime it run in 58 minute. OK this is not grammar mistake 58 minute is less then 1 hour. This means open a tab and put the link to open. it will open in hours. If you are using IE8, Chrome and Firefox you will be forced to use IE7 or downgrade. I simply use Ie7 mode in IE for make it work. This happen because they use something that is called DynaTrace. This site is most unsecure. now guess how !   Suppose my username is xyz and password is abc. How I can reset the password I simply go to website and in their site when I do reset my password he told me to fill password and password will not worked here.you can use here password here to reset my password. Remember that username are different then broadband username and password. Suppose if I want to reset your password I simply need to know your broadband username and I can reset it myself. I just logged in with my username and when I open the page for reset password I can fill your bb username and password will work here. I have not tried this. the broadband username can easily guess. this is depend on same way how people’s broandband username made. IS this Safe ? Nope, There are many thing on the site which make me feel that is 1900 century website. They still lived in popup life.  These site are nothing but a crap. not work most of time and when work it’s run too slowly.

    Read the article

  • Public EC Meeting Today at 15:00; new WebEx password

    - by Heather VanCura
    Update:  Public EC Meeting is today at 15:00 PST; note new WebEx meeting password is 12345; login from https://jcp.webex.com. Audio remains the same: +1 (866) 682-4770 (US) Conference code: 627-9803 Security code: 52732 ("JCPEC" on your phone handset) For global access numbers see http://www.intercall.com/oracle/access_numbers.htm Or +1 (408) 774-4073

    Read the article

  • passwordless ssh not working

    - by kuurious
    I've tried to setup a password-less ssh b/w A to B and B to A as well. Generated the public and private key using ssh-keygen -trsa on both the machines. Used the ssh-copy-id utility to copy the public-keys from A to B as well as B to A. The passwordless ssh works from A to B but not from B to A. I've checked the permissions of the ~/ssh/ folder and seems to be normal. A's .ssh folder permissions: -rw------- 1 root root 13530 2011-07-26 23:00 known_hosts -rw------- 1 root root 403 2011-07-27 00:35 id_rsa.pub -rw------- 1 root root 1675 2011-07-27 00:35 id_rsa -rw------- 1 root root 799 2011-07-27 00:37 authorized_keys drwxrwx--- 70 root root 4096 2011-07-27 00:37 .. drwx------ 2 root root 4096 2011-07-27 00:38 . B's .ssh folder permissions: -rw------- 1 root root 884 2011-07-07 13:15 known_hosts -rw-r--r-- 1 root root 396 2011-07-27 00:15 id_rsa.pub -rw------- 1 root root 1675 2011-07-27 00:15 id_rsa -rw------- 1 root root 2545 2011-07-27 00:36 authorized_keys drwxr-xr-x 8 root root 4096 2011-07-06 19:44 .. drwx------ 2 root root 4096 2011-07-27 00:15 . A is an ubuntu 10.04 (OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009) B is a debian machine (OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007) From A: #ssh B works fine. From B: #ssh -vvv A ... ... debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /root/.ssh/identity ((nil)) debug2: key: /root/.ssh/id_rsa (0x7f1581f23a50) debug2: key: /root/.ssh/id_dsa ((nil)) debug3: Wrote 64 bytes for a total of 1127 debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug3: no such identity: /root/.ssh/identity debug1: Offering public key: /root/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug3: Wrote 368 bytes for a total of 1495 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /root/.ssh/id_dsa debug3: no such identity: /root/.ssh/id_dsa debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password [email protected]'s password: Which essentially means it's not authenticating using the file /root/id_rsa. I ran the ssh-add command in both the machines as well. The authentication part of /etc/ssh/sshd_config file is # Authentication: LoginGraceTime 120 PermitRootLogin yes StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files I'm running out of ideas. Any help would be appreciated.

    Read the article

  • How can I permanently save a password-protected SSH key?

    - by pl1nk
    I am using Awesome Window Manager How can I permanently add private keys with password? Inspired by the answer here I have added the private keys in ~/.ssh/config Contents of ~/.ssh/config: IdentityFile 'private key full path' Permissions of ~/.ssh/config: 0700 But it doesn't work for me. If I manually add the key in every session, it works but I'm looking for a more elegant way (not in .bashrc)

    Read the article

  • From the Tips Box: Xbox Output on Two Screens, High Tech Halloween Props, and Old Flash Drives as Password Reset Disks

    - by Jason Fitzpatrick
    Once a week we round up some great reader tips and share them with everyone, this week we’re looking at outputting your Xbox 360 to two screens, spooky high-tech Halloween props, and recycling old flash drives as password reset disks. HTG Explains: What is the Windows Page File and Should You Disable It? How To Get a Better Wireless Signal and Reduce Wireless Network Interference How To Troubleshoot Internet Connection Problems

    Read the article

  • ssh Prompts For Password After Account Unlocked - Despite ssh key?

    - by user1011471
    Here's what happened: I set up ssh key so that user could ssh from A to B without a password. I got user's password wrong in some other context too many times, and user's account got locked out. (IT uses Active Directory here) IT unlocked the account. Concurrent to the unlocking, a script was running, calling something like ssh user@B some-health-check-command every 5 seconds or so -- which seemed to work fine before I caused user to get locked out in step 2. IT reports user reliably gets locked out a short time after each unlock attempt. I thought the ssh key would allow ssh user@B some-command as long as the account is not locked. But it behaves as if, when user gets unlocked, B suddenly asks for a password and since my command repeatedly runs without supplying a password, the account gets locked out after 5 attempts. Account cannot be accessed at this time. Please contact your system administrator. My questions are... Is that what's happening? Or: what's happening? More importantly: How can I reconfigure things such that my script doesn't cause problems? Can I accomplish what I want without having to install Expect? (I don't know if I have permission to do so) Other notes: Not using ssh-agent currently. The ssh command is running on our Jenkins master, a linux box. A and B are Mac OS X. user is managed in Active Directory and normally can sign into all three machines. Other than these things and the ssh key I set up, everything else has the default configuration as far as I know.

    Read the article

  • How to connect to DB2 when the password ends with '!' in Windows

    - by AngocA
    I am facing a problem to use the DB2 tools when using generic account with a generated password which ends with the Bang sign '!' to connect to DB2 database. I am not allowed to change the password because it is already used by other processes. I know the user is valid and I can connect to the database with its credentials, but not from all db2 tools. When using the Control Center it is okay. When using the Command Editor (GUI) or the Command Windows, I got this error message: connect to WAREHOUS user administrator using ! SQL0104N An unexpected token "!" was found following "<identifier>". Expected tokens may include: "NEW". SQLSTATE=42601 Let's say that my password is: pass@! I am trying to use c:\>db2 connect to sample user administrator using "pass@!" or c:\>db2 connect to sample user administrator using pass@! And it both cases I got the same error message. I could change the way I connect but it is not useful for me, for example: c:\>db2 connect to sample user administrator Enter current password for administrator: But I cannot use it from a batch file easily. I would like to know how can I connect from the Command Editor, in order to use this user from the Graphical Tools. BTW, I know that the Control Center is deprecated.

    Read the article

  • How to change password on RAR archive w/o modifying arch. files attributes (modified/created)?

    - by Larry78
    How do I change the password of an .RAR archive, without changing the date/time attributes of the files in the archive? Unfortunately you can't directly change the password of the archive with WinRAR, you have to extract the files, and then make a new archive with the new password. So the created/modified attributes of the files in the archive get changed. I know you can manually change the attributes of a file with available utilities - but there are hundreds of files in the archive, each with unique attributes, so it would take a very long time to "fix" each file before re-archiving it. I'm using WinRAR 3.51, the last free version. Windows XP Pro SP3. Update: I don't care if the output is a .RAR file or a ZIP file IZArc4.1 will convert the RAR to a ZIP, and it keeps the dates. The problem is it compresses the file - there isn't a "store" option, and setting the default to store in the main configuration doesn't effect conversions. The RAR contains uncompressed files. None of these other archiving programs will even do a conversion. A couple claim to, or try to, but the errors returned indicate a very lousy application. So far I've tried PeaZip, 7-Zip, FilZip, TugZip, SimplyZipSE, QuickZip, and WinShrink (from downloads.cnet.com). WinRAR gives the error "skipping encryped archive" when I try the conversion. It asks for the password first, and I know it's right, as I opened the archive, and I can read/view all the files in it. It works on non-encrypted files.

    Read the article

  • How to run an application using sudo without a password?

    - by tutuca
    ... but still be required for applications that need admin privilegies? In order to allow the following: $ apache2ctl restart httpd not running, trying to start (13)Permission denied: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down Unable to open logs $ sudo !! sudo apache2ctl restart #no password asked $ #works! For reference I've seen this setup on amazon's e3 instances Any idea?

    Read the article

  • JSON, Ajax login and signup form problem, critique

    - by user552828
    Here is my problem; indexdeneme2.php has two forms Sign up and Login form, and there is validation.js and login.js which are handling the AJAX and JSON response, there are validate.php and login.php which are my scripts for validating and login. When you sign up, it sends the data to validate.php perfectly and validate.php response with JSON perfectly, validate.js must show the error in #error div. validation.js works perfectly if it is working alone. I use same kind of script for login form. Login.php also works perfectly it responses with JSON and login.js shows the errors are appear in #errorlogin div. But this works when login.js works alone. When I try to work login.js and validate.js together, it is not working. validate.php and login.php works perfectly but login.js and validation.js are not working together. They can't handle the responses coming from php scripts. It is not showing the errors in #errorlogin and #error div. They intercept each other I guess. By the way if you can critique my login.php and validate.php I will be really appreciated. Thank you all. this is indexdeneme2.php <?php include('functions.php')?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> <link rel="stylesheet" href="css/cssdeneme1.css" /> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script> <script type="text/javascript" src="validation.js"></script> <script type="text/javascript" src="login.js"></script> <script type="text/javascript"> var RecaptchaOptions = { theme : 'custom', custom_theme_widget: 'recaptcha_widget' }; </script> </head> <body onload="document.signup.reset()"> <div id="topbar"> <div class="wrapper"> </div> </div> <div id="middlebar"> <div class="wrapper"> <div id="middleleft"> <div id="mainformsecondcover"> <div id="mainform"> <div id="formhead"> <div id="signup">Sign Up</div> </div> <form method="post" action="validate.php" id="myform" name="signup"> <div id="form"> <table border="0" cellpadding="0" cellspacing="1"> <tbody> <tr> <td class="formlabel"> <label for="name">First Name:</label> </td> <td class="forminput"> <input type="text" name="name" id="name" /> </td> </tr> <tr> <td class="formlabel"> <label for="lastname">Last Name:</label> </td> <td class="forminput"> <input type="text" name="surname" id="lastname" /> </td> </tr> <tr> <td class="formlabel"> <label for="email">Email:</label> </td> <td class="forminput"> <input type="text" name="email" id="email" /> </td> </tr> <tr> <td class="formlabel"> <label for="remail">Re-Enter Email:</label> </td> <td class="forminput"> <input type="text" name="remail" id="remail" /> </td> </tr> <tr> <td class="formlabel"> <label for="password">Password:</label> </td> <td class="forminput"> <input type="password" name="password" id="password" maxlength="16" /> </td> </tr> <tr> <td class="formlabel"> <label for="gender">I am:</label> </td> <td class="forminput"> <select name="gender" id="gender"> <option value="0" selected="selected">-Select Sex-</option> <option value="1">Male</option> <option value="2">Female</option> </select> </td> </tr> <tr> <td class="formlabel"> <label>My Birthday:</label> </td> <td class="forminput"> <select size="1" name="day"> <option value="0" selected="selected">Day</option> <?php formDay(); ?> </select>&nbsp; <select size="1" name="month"> <option value="0" selected="selected">Month</option> <option value="1">January</option> <option value="2">February</option> <option value="3">March</option> <option value="4">April</option> <option value="5">May</option> <option value="6">June</option> <option value="7">July</option> <option value="8">August</option> <option value="9">September</option> <option value="10">October</option> <option value="11">November</option> <option value="12">December</option> </select>&nbsp; <select size="1" name="year"> <option value="0" selected="selected">Year</option> <?php formYear(); ?> </select> </td> </tr> <tr> <td class="formlabel"> <label for="recaptcha_response_field">Security Check:</label> </td> </tr> </tbody> </table> <?php require_once('captchalib.php'); ?> </div> <div id="formbottom"> <div id="error"> </div> <div id="formbottomright"> <input type="submit" id="formbutton" value="Sign Up" /> <img id="loading" src="css/images/ajax-loader.gif" height="35" width="35" alt="Processing.." style="float:right; display:block" /> </div> </div> </form> </div> </div> </div> <div id="middleright"> <div id="loginform"> <form name="login" action="login.php" method="post" id="login"> <label for="username">Email:</label> <input type="text" name="emaillogin" /> <label for="password">Password:</label> <input type="password" name="passwordlogin" maxlength="16" /> <input type="submit" value="Login" /> <img id="loading2" src="css/images/ajax-loader.gif" height="35" width="35" alt="Processing.." style="float:right; display:block" /> </form> </div> <div id="errorlogin"></div> </div> </div> </div> <div id="bottombar"> <div class="wrapper"></div> </div> </body> </html> validation.js $(document).ready(function(){ $('#myform').submit(function(e) { register(); e.preventDefault(); }); }); function register() { hideshow('loading',1); error(0); $.ajax({ type: "POST", url: "validate.php", data: $('#myform').serialize(), dataType: "json", success: function(msg){ if(parseInt(msg.status)==1) { window.location=msg.txt; } else if(parseInt(msg.status)==0) { error(1,msg.txt); Recaptcha.reload(); } hideshow('loading',0); } }); } function hideshow(el,act) { if(act) $('#'+el).css('visibility','visible'); else $('#'+el).css('visibility','hidden'); } function error(act,txt) { hideshow('error',act); if(txt) $('#error').html(txt); } login.js $(document).ready(function(){ $('#login').submit(function(e) { login(); e.preventDefault(); }); }); function login() { error(2); $.ajax({ type: "POST", url: "login.php", data: $('#login').serialize(), dataType: "json", success: function(msg){ if(parseInt(msg.status)==3) { window.location=msg.txt; } else if(parseInt(msg.status)==2) { error(3,msg.txt); } } }); } function error(act,txt) { hideshow('error',act); if(txt) $('#errorlogin').html(txt); } login.php <?php session_start(); require("connect.php"); $email = $_POST['emaillogin']; $password = $_POST['passwordlogin']; $email = mysql_real_escape_string($email); $password = mysql_real_escape_string($password); if(empty($email)) { die('{status:2,txt:"Enter your email address."}'); } if(!filter_var($email, FILTER_VALIDATE_EMAIL)) { die('{status:2,txt:"Invalid email or password"}'); } if(empty($password)) { die('{status:2,txt:"Enter your password."}'); } if(strlen($password)<6 || strlen($password)>16) { die('{status:2,txt:"Invalid email or password"}'); } $query = "SELECT password, salt FROM users WHERE Email = '$email';"; $result = mysql_query($query); if(mysql_num_rows($result) < 1) //no such user exists { die('{status:2,txt:"Invalid email or password"}'); } $userData = mysql_fetch_array($result, MYSQL_ASSOC); $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) ); if($hash != $userData['password']) //incorrect password { die('{status:2,txt:"Invalid email or password"}'); } //////////////////////////////////////////////////////////////////////////////////// if('{status:3}') { session_regenerate_id (); //this is a security measure $getMemDetails = "SELECT * FROM users WHERE Email = '$email'"; $link = mysql_query($getMemDetails); $member = mysql_fetch_row($link); $_SESSION['valid'] = 1; $_SESSION['userid'] = $member[0]; $_SESSION['name'] = $member[1]; session_write_close(); mysql_close($con); echo '{status:3,txt:"success.php"}'; } validate.php <?php $name = $_POST['name']; $surname = $_POST['surname']; $email = $_POST['email']; $remail = $_POST['remail']; $gender = $_POST['gender']; $bdate = $_POST['year'].'-'.$_POST['month'].'-'.$_POST['day']; $bday = $_POST['day']; $bmon = $_POST['month']; $byear = $_POST['year']; $cdate = date("Y-n-j"); $password = $_POST['password']; $hash = hash('sha256', $password); $regdate = date("Y-m-d"); function createSalt() { $string = md5(uniqid(rand(), true)); return substr($string, 0, 3); } $salt = createSalt(); $hash = hash('sha256', $salt . $hash); if(empty($name) || empty($surname) || empty($email) || empty($remail) || empty($password) ) { die('{status:0,txt:"All the fields are required"}'); } if(!preg_match('/^[A-Za-z\s ]+$/', $name)) { die('{status:0,txt:"Please check your name"}'); } if(!preg_match('/^[A-Za-z\s ]+$/', $surname)) { die('{status:0,txt:"Please check your last name"}'); } if($bdate > $cdate) { die('{status:0,txt:"Please check your birthday"}'); } if(!(int)$gender) { die('{status:0,txt:"You have to select your sex"}'); } if(!(int)$bday || !(int)$bmon || !(int)$byear) { die('{status:0,txt:"You have to fill in your birthday"}'); } if(!$email == $remail) { die('{status:0,txt:"Emails doesn&sbquo;t match"}'); } if(!filter_var($email, FILTER_VALIDATE_EMAIL)) { die('{status:0,txt:"Enter a valid email"}'); } if(strlen($password)<6 || strlen($password)>16) { die('{status:0,txt:"Password must be between 6-16 characters"}'); } if (!$_POST["recaptcha_challenge_field"]===$_POST["recaptcha_response_field"]) { die('{status:0,txt:"You entered incorrect security code"}'); } if('{status:1}') { require("connect.php"); function getRealIpAddr() { if (!empty($_SERVER['HTTP_CLIENT_IP'])) { $ip=$_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip=$_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip=$_SERVER['REMOTE_ADDR']; } return $ip; } $rip = getRealIpAddr(); $ipn = inet_pton($rip); $checkuser = mysql_query("SELECT Email FROM users WHERE Email = '$email'"); $username_exist = mysql_num_rows($checkuser); if ( $username_exist !== 0 ) { mysql_close($con); die('{status:0,txt:"This email Address is already registered!"}'); } else { $query = "INSERT INTO users (name, surname, date, Email, Gender, password, salt, RegistrationDate, IP) VALUES ('$name', '$surname', '$bdate', '$email', '$gender', '$hash', '$salt', '$cdate', '$ipn')"; $link = mysql_query($query); if(!$link) { die('Becerilemedi: ' . mysql_error()); } else { mysql_close($con); echo '{status:1,txt:"afterreg.php"}'; } } } ?> css of indexdeneme2.php * { padding:0; margin:0; } #topbar { width:100%; height:50px; } .wrapper { margin:0 auto; width:1000px; height:100%; } #middlebar { width:100%; height:650px; } #middleleft { width:55%; float:left; height:650px; } #middleright { width:45%; float:right; height:650px; } #mainformsecondcover { width:404px; padding:0px; margin:0px; border:4px solid #59B; border-radius: 14px; -moz-border-radius: 14px; -webkit-border-radius: 14px; } #mainform { width:400px; border:2px solid #CCC; border-radius: 11px; -moz-border-radius: 11px; -webkit-border-radius: 11px; } #formhead { margin:7px; } #signup { margin-top:13px; margin-left:13px; margin-bottom:3px; color:#333; font-size:18px; font-family:"Lucida Sans Unicode", "Lucida Grande", sans-serif; font-weight:bold } #form { margin:7px; } #form table { margin:0px; width:380px; } #form table tr{ height:28px; } #form table td{ height:18px; } .formlabel { cursor:pointer; display:table-cell; text-align:right; font-size:12px; color:#000; font-weight:normal; vertical-align:middle; font-family:"Lucida Sans Unicode", "Lucida Grande", sans-serif; letter-spacing:1px; width:120px; height:37px; padding-right:5px; } .formlabel label{ cursor:pointer } .forminput input { width:240px; font-size:13px; padding:4px; } #recaptcha_image { width:300px; height:57px; border:2px solid #CCC; } #recaptcha_widget { margin-left:35px; } #securityinfo { font-size: 11px; line-height: 16px; } #formbottom { width:360px; min-height:45px; } #error { float:left; width:200px; border:1px solid #F00; margin-left:20px; margin-top:7px; text-align:center; color:#F00; font-family:"Lucida Sans Unicode", "Lucida Grande", sans-serif; font-size:11px; line-height:16px; padding:2px; visibility:hidden; } #errorlogin { float:left; width:200px; border:1px solid #F00; margin-left:20px; margin-top:7px; text-align:center; color:#F00; font-family:"Lucida Sans Unicode", "Lucida Grande", sans-serif; font-size:11px; line-height:16px; padding:2px; visibility:hidden; } #formbottomright { float:right; height:45px; width:115px; margin-left:5px; } #loading { visibility:hidden; } #loading2 { visibility:hidden; } #formbutton { display:block; font-size:14px; color:#FFF; background: #0b85c6; /* Old browsers */ background: -moz-linear-gradient(top, #0b85c6 0%, #59b 100%); /* FF3.6+ */ background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#0b85c6), color-stop(100%,#59b)); /* Chrome,Safari4+ */ background: -webkit-linear-gradient(top, #0b85c6 0%,#59b 100%); /* Chrome10+,Safari5.1+ */ background: -o-linear-gradient(top, #0b85c6 0%,#59b 100%); /* Opera11.10+ */ background: -ms-linear-gradient(top, #0b85c6 0%,#59b 100%); /* IE10+ */ filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#0B85C6', endColorstr='#59B',GradientType=0 ); /* IE6-9 */ background: linear-gradient(top, #0b85c6 0%,#59b 100%); /* W3C */ font-family:"Lucida Sans Unicode", "Lucida Grande", sans-serif; height:26px; width:60px; margin:7px; text-align:center; padding-bottom:4px; padding-left:4px; padding-right:4px; float:left; margin-right:5px; } #bottombar { width:100%; height:50px; } {}

    Read the article

  • Migrating to new dovecot server; Dovecot fails to authenticate using old password database

    - by Ironlenny
    I am migrating my companies intranet from a OS X server to an Ubuntu 12.04 server. We use a flat file to store user names and passwords hashs. This file is used by Apache and Dovecot to authenticate users. The Ubuntu server is running Dovecot 2.0 while the OS X server is running Dovecot 1.2. I have already migrated WebDav which uses Apache for authentication. Authentication works. I'm in the process of migrating our Prosody server which uses Dovecot for authentiation. Dovecot is up and running, but when I test authentication using either telnet a login username password or doveadm sudo doveadm auth username, I get dovecot: auth: passwd-file(username): unknown user dovecot: auth: Debug: client out: FAIL#0111#011user=username in my log file. I can use sudo dovecot user username to perform a user lookup and it will return the user's info. I can generate a password hash locally and Dovecot will authenticate the test password just fine.

    Read the article

  • capistrano still asks for the 1st password even though I've set up an ssh key???

    - by Greg
    Hi, Background: I've setup an ssh key to avoid having to use passwords with capistrano per http://www.picky-ricky.com/2009/01/ssh-keys-with-capistrano.html. A basic ssh to my server does work fine without asking for passwords. I'm using "dreamhost.com" for hosting. Issue - When I run 'cap deploy' I still get asked for the 1st password (even through the previous 2nd and 3rd password requests are now automated). It is the capistrano command that start with "git clone - q ssh:....." for which the password is being requested. Question - Is there something I've missed? How can I get "cap deploy" totally passwordless? Some excerts from config/deploy.rb are: set :use_sudo, false ssh_options[:keys] = [File.join(ENV["HOME"], ".ssh", "id_rsa")] default_run_options[:pty] = true thanks PS. The permissions on the server are: drwx------ 2 mylogin pg840652 4096 2010-02-22 15:56 .ssh -rw------- 1 mylogin pg840652 404 2010-02-22 15:45 authorized_keys

    Read the article

  • Migrating Identity Providers - specifying a new users password hash.

    - by Stephen Denne
    We'd like to switch Identity Provider (and Web Access Manager), and also the user directory we use, but would like to do so without users needing to change their password. We currently have the SSHA of the passwords. I'm expecting to write code to perform the migration. I don't mind how complex the code has to be, rather my concern is whether such a migration is possible at all. MS Active Directory would be our preferred user store, but I believe that it can not have new users set up in it with a particular password hash. Is that correct? What user directory stores can be populated with users already set up with a SSHA password? What Identity Provider and Access Management products work with those stores?

    Read the article

  • Find out what resource is triggering bad password attempt?

    - by Craig Tataryn
    Background: Have a problem at work where I am constantly being locked out of my computer. We are in an environment that has a Domain Controller and we use Active Directory for authentication. By going through my normal workflow while on the phone with Desktop Support we were able to track the bad password attempts that were causing the lockouts to an application: "Eclipse". This is the application I use to do software development. I immediately thought it was a cached password for our SVN server that's the culprit, however the desktop support person couldn't tell me which resource the password attempt was being made against (i.e. which URL for instance). Question: Is there a way that I can monitor bad authentication requests made by an application on my desktop and find out what resource they are attempting it against?

    Read the article

  • In windows 7, how do I disable "Ease of Access" pop ups on the logon screen as I am typing my password?

    - by Silfheed
    So the question is pretty much in the title. Things to note: 'Use On-Screen Keyboard' is un-checked I have disabled Ease of Access by replacing utilman.exe But my problem now is that when I'm typing my password, It'll stop all together on the 'u' or the 'p' character and I have to click on the ease of access button then move focus back to the password to continue. Yes, one obvious solution is to not use a password that has 'u' or 'p' in it (which I've done), but that's obviously not a completely satisfying answer. Thanks! I feel a tumbleweed badge...

    Read the article

  • How can I prevent Apache from exposing a user's password?

    - by Marius Marais
    When using basic authentication (specifically via LDAP, but htpasswd also) with Apache, it makes the REMOTE_USER variable available to the PHP / Ruby / Python code underneath -- this is very useful for offloading authentication to the webserver. In our office environment we have lots of internal applications working like this over SSL, all quite secure. BUT: Apache exposes the PHP_AUTH_USER (=REMOTE_USER) and PHP_AUTH_PW variables to any application inside PHP. (PHP_AUTH_PW contains the plaintext password the user entered.) This means it's possible for the app to harvest usernames and passwords. Presumably the same information is available to Python and Ruby (all three are currently in use; PHP is being phased out). So how can I prevent Apache from doing this? One idea is to use Kerberos Negotiate authentication (which does not expose the password and has the benefit of being SSO), but that automatically falls back to Basic for some browsers (Chrome and in some cases Firefox), causing the password to be exposed again.

    Read the article

  • How to disable the Windows 8 lock screen, without disabling the password?

    - by zeel
    Windows 8 now has a slide-away lock screen like so many other OSes designed for a touch interface. However on a non-touch PC/laptop this is just an extra annoying step in logging in. There is an option to disable it, but this also turns off the password requirement. Is there a way to disable the lock screen, and have Windows wake up directly to the password entry screen? Often when pressing a key to hide it there will be a noticeable delay before password entry is accepted, and no indicator, so one can easily lose the first character or so that they attempt to type, thus failing the login attempt.

    Read the article

  • non-interactive ssh sudo... prompts for the password in plain text

    - by Iain
    I'm running some non-interactive ssh commands. The ssh authentication is taken care of fine through the ssh agent, but if I run a command that requires sudo then the password prompt in my terminal is plain text. For example: ssh remotemachine "sudo -u www mkdir -p /path/to/new/folder" will prompt me for the password in plain text. Does anyone know how I can get it to use the normal secure prompt or that I can pass the password via a switch? (as then I can set up a secure prompt on this side before I send the command) Any help is much appreciated.

    Read the article

  • How to enable/disable authentication without password when executing commands as superuser?

    - by 44taka
    On a Fedora 19 system which I set up for somebody a while ago I noticed that no authentication is required when commands are executed as the superuser. So, for example, when running Yum Extender, configuring the firewall or running some command with sudo in the terminal, I am not asked to provide a password. (With graphical applications the authentication dialog pops up for a few milliseconds.) For better security I would like to disable this automatic (authentication-less) assumption of superuser privileges. I do not remember if or how I enabled this authentication without a password. I might have enabled it for convenience for the non-pro user of this machine, but did not do any "fancy" things (like editing config files) to do so. I did not edit the sudoer file. I just checked that. I might have checked a "Do not ask for password again" checkbox or something similar. Whatever I did, I would like to undo it and enforce authentication for superuser tasks again.

    Read the article

  • Using the login Details via Application

    - by ramin ss
    I have a CURL(in C++) to send my user and pass to remauth.php file so i think i do something wrong on remuth.php ( because i am basic in php and my program can not run because the auth not passed.) I use login via Application. my CURL: bool Auth_PerformSessionLogin(const char* username, const char* password) { curl_global_init(CURL_GLOBAL_ALL); CURL* curl = curl_easy_init(); if (curl) { char url[255]; _snprintf(url, sizeof(url), "http://%s/remauth.php", "SITEADDRESS.com"); char buf[8192] = {0}; char postBuf[8192]; _snprintf(postBuf, sizeof(postBuf), "%s&&%s", username, password); curl_easy_setopt(curl, CURLOPT_URL, url); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, AuthDataReceived); curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void*)&buf); curl_easy_setopt(curl, CURLOPT_USERAGENT, "IW4M"); curl_easy_setopt(curl, CURLOPT_FAILONERROR, true); curl_easy_setopt(curl, CURLOPT_POST, 1); curl_easy_setopt(curl, CURLOPT_POSTFIELDS, postBuf); curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, -1); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, false); CURLcode code = curl_easy_perform(curl); curl_easy_cleanup(curl); curl_global_cleanup(); if (code == CURLE_OK) { return Auth_ParseResultBuffer(buf); } else { Auth_Error(va("Could not reach the SITEADDRESS.comt server. Error code from CURL: %x.", code)); } return false; } curl_global_cleanup(); return false; } and my remauth.php: <?php ob_start(); $host=""; // Host name $dbusername=""; // Mysql username $dbpassword=""; // Mysql password $db_name=""; // Database name $tbl_name=""; // Table name // Connect to server and select databse. mysql_connect("$host", "$dbusername", "$dbpassword") or die(mysql_error()); mysql_select_db("$db_name") or die(mysql_error()); // Define $username and $password //$username=$username; //$password=md5($_POST['password']); //$password=$password; $username=$_POST['username']; $password=$_POST['password']; //$post_item[]='action='.$_POST['submit']; // To protect MySQL injection (more detail about MySQL injection) $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $sql="SELECT * FROM $tbl_name WHERE username='$username'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $username and $password, table row must be 1 row if($count==1){ $row = mysql_fetch_assoc($result); if (md5(md5($row['salt']).md5($password)) == $row['password']){ session_register("username"); session_register("password"); echo "#"; return true; } else { echo "o"; return false; } } else{ echo "o"; return false; } ob_end_flush(); ?> ///////////////////////////////////

    Read the article

  • PHP Multiple User Login Form - Navigation to Different Pages Based on Login Credentials

    - by Zulu Irminger
    I am trying to create a login page that will send the user to a different index.php page based on their login credentials. For example, should a user with the "IT Technician" role log in, they will be sent to "index.php", and if a user with the "Student" role log in, they will be sent to the "student/index.php" page. I can't see what's wrong with my code, but it's not working... I'm getting the "wrong login credentials" message every time I press the login button. My code for the user login page is here: <?php session_start(); if (isset($_SESSION["manager"])) { header("location: http://www.zuluirminger.com/SchoolAdmin/index.php"); exit(); } ?> <?php if (isset($_POST["username"]) && isset($_POST["password"]) && isset($_POST["role"])) { $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); $role = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["role"]); include "adminscripts/connect_to_mysql.php"; $sql = mysql_query("SELECT id FROM Users WHERE username='$manager' AND password='$password' AND role='$role' LIMIT 1"); $existCount = mysql_num_rows($sql); if (($existCount == 1) && ($role == 'IT Technician')) { while ($row = mysql_fetch_array($sql)) { $id = $row["id"]; } $_SESSION["id"] = $id; $_SESSION["manager"] = $manager; $_SESSION["password"] = $password; $_SESSION["role"] = $role; header("location: http://www.zuluirminger.com/SchoolAdmin/index.php"); } else { echo 'Your login details were incorrect. Please try again <a href="http://www.zuluirminger.com/SchoolAdmin/index.php">here</a>'; exit(); } } ?> <?php if (isset($_POST["username"]) && isset($_POST["password"]) && isset($_POST["role"])) { $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); $role = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["role"]); include "adminscripts/connect_to_mysql.php"; $sql = mysql_query("SELECT id FROM Users WHERE username='$manager' AND password='$password' AND role='$role' LIMIT 1"); $existCount = mysql_num_rows($sql); if (($existCount == 1) && ($role == 'Student')) { while ($row = mysql_fetch_array($sql)) { $id = $row["id"]; } $_SESSION["id"] = $id; $_SESSION["manager"] = $manager; $_SESSION["password"] = $password; $_SESSION["role"] = $role; header("location: http://www.zuluirminger.com/SchoolAdmin/student/index.php"); } else { echo 'Your login details were incorrect. Please try again <a href="http://www.zuluirminger.com/SchoolAdmin/index.php">here</a>'; exit(); } } ?> And the form that the data is pulled from is shown here: <form id="LoginForm" name="LoginForm" method="post" action="http://www.zuluirminger.com/SchoolAdmin/user_login.php"> User Name:<br /> <input type="text" name="username" id="username" size="50" /><br /> <br /> Password:<br /> <input type="password" name="password" id="password" size="50" /><br /> <br /> Log in as: <select name="role" id="role"> <option value="">...</option> <option value="Head">Head</option> <option value="Deputy Head">Deputy Head</option> <option value="IT Technician">IT Technician</option> <option value="Pastoral Care">Pastoral Care</option> <option value="Bursar">Bursar</option> <option value="Secretary">Secretary</option> <option value="Housemaster">Housemaster</option> <option value="Teacher">Teacher</option> <option value="Tutor">Tutor</option> <option value="Sanatorium Staff">Sanatorium Staff</option> <option value="Kitchen Staff">Kitchen Staff</option> <option value="Parent">Parent</option> <option value="Student">Student</option> </select><br /> <br /> <input type="submit" name = "button" id="button" value="Log In" onclick="javascript:return validateLoginForm();" /> </h3> </form> Once logged in (and should the correct page be loaded, the validation code I have at the top of the script looks like this: <?php session_start(); if (!isset($_SESSION["manager"])) { header("location: http://www.zuluirminger.com/SchoolAdmin/user_login.php"); exit(); } $managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]); $password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); $role = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["role"]); include "adminscripts/connect_to_mysql.php"; $sql = mysql_query("SELECT id FROM Users WHERE username='$manager' AND password='$password' AND role='$role' LIMIT 1"); $existCount = mysql_num_rows($sql); if ($existCount == 0) { header("location: http://www.zuluirminger.com/SchoolAdmin/index.php"); exit(); } ?> Just so you're aware, the database table has the following fields: id, username, password and role. Any help would be greatly appreciated! Many thanks, Zulu

    Read the article

< Previous Page | 55 56 57 58 59 60 61 62 63 64 65 66  | Next Page >