Search Results

Search found 298 results on 12 pages for 'the salt'.

Page 6/12 | < Previous Page | 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • How to do MVC the right way

    - by Ieyasu Sawada
    I've been doing MVC for a few months now using the CodeIgniter framework in PHP but I still don't know if I'm really doing things right. What I currently do is: Model - this is where I put database queries (select, insert, update, delete). Here's a sample from one of the models that I have: function register_user($user_login, $user_profile, $department, $role) { $department_id = $this->get_department_id($department); $role_id = $this->get_role_id($role); array_push($user_login, $department_id, $role_id); $this->db->query("INSERT INTO tbl_users SET username=?, hashed_password=?, salt=?, department_id=?, role_id=?", $user_login); $user_id = $this->db->insert_id(); array_push($user_profile, $user_id); $this->db->query(" INSERT INTO tbl_userprofile SET firstname=?, midname=?, lastname=?, user_id=? ", $user_profile); } Controller - talks to the model, calls up the methods in the model which queries the database, supplies the data which the views will display(success alerts, error alerts, data from database), inherits a parent controller which checks if user is logged in. Here's a sample: function create_user(){ $this->load->helper('encryption/Bcrypt'); $bcrypt = new Bcrypt(15); $user_data = array( 'username' => 'Username', 'firstname' => 'Firstname', 'middlename' => 'Middlename', 'lastname' => 'Lastname', 'password' => 'Password', 'department' => 'Department', 'role' => 'Role' ); foreach ($user_data as $key => $value) { $this->form_validation->set_rules($key, $value, 'required|trim'); } if ($this->form_validation->run() == FALSE) { $departments = $this->user_model->list_departments(); $it_roles = $this->user_model->list_roles(1); $tc_roles = $this->user_model->list_roles(2); $assessor_roles = $this->user_model->list_roles(3); $data['data'] = array('departments' => $departments, 'it_roles' => $it_roles, 'tc_roles' => $tc_roles, 'assessor_roles' => $assessor_roles); $data['content'] = 'admin/create_user'; parent::error_alert(); $this->load->view($this->_at, $data); } else { $username = $this->input->post('username'); $salt = $bcrypt->getSalt(); $hashed_password = $bcrypt->hash($this->input->post('password'), $salt); $fname = $this->input->post('firstname'); $mname = $this->input->post('middlename'); $lname = $this->input->post('lastname'); $department = $this->input->post('department'); $role = $this->input->post('role'); $user_login = array($username, $hashed_password, $salt); $user_profile = array($fname, $mname, $lname); $this->user_model->register_user($user_login, $user_profile, $department, $role); $data['content'] = 'admin/view_user'; parent::success_alert(4, 'User Sucessfully Registered!', 'You may now login using your account'); $data['data'] = array('username' => $username, 'fname' => $fname, 'mname' => $mname, 'lname' => $lname, 'department' => $department, 'role' => $role); $this->load->view($this->_at, $data); } } Views - this is where I put html, css, and JavaScript code (form validation code for the current form, looping through the data supplied by controller, a few if statements to hide and show things depending on the data supplied by the controller). <!--User registration form--> <form class="well min-form" method="post"> <div class="form-heading"> <h3>User Registration</h3> </div> <label for="username">Username</label> <input type="text" id="username" name="username" class="span3" autofocus> <label for="password">Password</label> <input type="password" id="password" name="password" class="span3"> <label for="firstname">First name</label> <input type="text" id="firstname" name="firstname" class="span3"> <label for="middlename">Middle name</label> <input type="text" id="middlename" name="middlename" class="span3"> <label for="lastname">Last name</label> <input type="text" id="lastname" name="lastname" class="span3"> <label for="department">Department</label> <input type="text" id="department" name="department" class="span3" list="list_departments"> <datalist id="list_departments"> <?php foreach ($data['departments'] as $row) { ?> <option data-id="<?php echo $row['department_id']; ?>" value="<?php echo $row['department']; ?>"><?php echo $row['department']; ?></option> <?php } ?> </datalist> <label for="role">Role</label> <input type="text" id="role" name="role" class="span3" list=""> <datalist id="list_it"> <?php foreach ($data['it_roles'] as $row) { ?> <option data-id="<?php echo $row['role_id']; ?>" value="<?php echo $row['role']; ?>"><?php echo $row['role']; ?></option> <?php } ?> </datalist> <datalist id="list_collection"> <?php foreach ($data['tc_roles'] as $row) { ?> <option data-id="<?php echo $row['role_id']; ?>" value="<?php echo $row['role']; ?>"><?php echo $row['role']; ?></option> <?php } ?> </datalist> <datalist id="list_assessor"> <?php foreach ($data['assessor_roles'] as $row) { ?> <option data-id="<?php echo $row['role_id']; ?>" value="<?php echo $row['role']; ?>"><?php echo $row['role']; ?></option> <?php } ?> </datalist> <p> <button type="submit" class="btn btn-success">Create User</button> </p> </form> <script> var departments = []; var roles = []; $('#list_departments option').each(function(i){ departments[i] = $(this).val(); }); $('#list_it option').each(function(i){ roles[roles.length + 1] = $(this).val(); }); $('#list_collection option').each(function(i){ roles[roles.length + 1] = $(this).val(); }); $('#list_assessor option').each(function(i){ roles[roles.length + 1] = $(this).val(); }); $('#department').blur(function(){ var department = $.trim($(this).val()); $('#role').attr('list', 'list_' + department); }); var password = new LiveValidation('password'); password.add(Validate.Presence); password.add(Validate.Length, {minimum: 10}); $('input[type=text]').each(function(i){ var field_id = $(this).attr('id'); var field = new LiveValidation(field_id); field.add(Validate.Presence); if(field_id == 'department'){ field.add(Validate.Inclusion, {within : departments}); } else if(field_id == 'role'){ field.add(Validate.Inclusion, {within : roles}) } }); </script> The codes above are actually code from the application that I'm currently working on. I'm working on it alone so I don't really have someone to review my code for me and point out the wrong things in it so I'm posting it here in hopes that someone could point out the wrong things that I've done in here. I'm also looking for some guidelines in writing MVC code like what are the things that should be and shouldn't be included in views, models and controllers. How else can I improve the current code that I have right now. I've written some really terrible code before(duplication of logic, etc.) that's why I want to improve my code so that I can easily maintain it in the future. Thanks!

    Read the article

  • Fusion Middleware 11gR1 : 6??????

    - by Hiroyuki Yoshino
    2010?6??Fusion Middleware 11gR1 ?????????????? ?????????????3??????? 1. Oracle Enterprise Single Sign-On ?????Microsoft Windows (32-bit), Microsoft Windows x64 ???????????????? 10g?????????????????????????????????????Logon Manager?64-bit???????????? ????·????????????????????????·????????Non Oracle LDAP Certification?????????????? 2. Oracle Tuxedo Oracle Tuxedo 11g???????????? 10g???Oracle Tuxedo System and Application Monitor (TSAM), Oracle Service Architecture Leveraging Tuxedo (SALT)??????????? ??????AIX on Power Systems, HP-UX Itanium, Linux x86, Linux x86-64, Microsoft Windows (32-bit), Microsoft Windows x64, Solaris SPARC (64-bit), Other Platforms ?????????????????????????????????? ????·?????????????????Oracle Tuxedo ? Platform Data Sheets, TSAM ? Supported Platforms, SALT ? Supported Platforms ?????????? 3. Application Adapters ???Mainframe Adapters, CDC Adapters????Application Adapters?11g????????????? JD Edwards, PeopleSoft, SAP, Siebel ??????????????????? ??????AIX on Power Systems, HP-UX Itanium, HP-UX PA-RISC, Linux x86, Linux x86-64, Microsoft Windows (32-bit), Microsoft Windows x64, Solaris SPARC (64-bit) ??????????????? ??????(??????????????????)????????·????????Adapter Certification?????????????? ????? ????????(Media Pack)??????????????(Media Pack)????????????????? (2010?6??????????????????????)

    Read the article

  • Please Critique this PHP Login Script

    - by NightMICU
    Greetings, A site I developed was recently compromised, most likely by a brute force or Rainbow Table attack. The original log-in script did not have a SALT, passwords were stored in MD5. Below is an updated script, complete with SALT and IP address banning. In addition, it will send a Mayday email & SMS and disable the account should the same IP address or account attempt 4 failed log-ins. Please look it over and let me know what could be improved, what is missing, and what is just plain strange. Many thanks! <?php //Start session session_start(); //Include DB config include $_SERVER['DOCUMENT_ROOT'] . '/includes/pdo_conn.inc.php'; //Error message array $errmsg_arr = array(); $errflag = false; //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return $str; } //Define a SALT, the one here is for demo define('SALT', '63Yf5QNA'); //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Encrypt password $encryptedPassword = md5(SALT . $password); //Input Validations //Obtain IP address and check for past failed attempts $ip_address = $_SERVER['REMOTE_ADDR']; $checkIPBan = $db->prepare("SELECT COUNT(*) FROM ip_ban WHERE ipAddr = ? OR login = ?"); $checkIPBan->execute(array($ip_address, $login)); $numAttempts = $checkIPBan->fetchColumn(); //If there are 4 failed attempts, send back to login and temporarily ban IP address if ($numAttempts == 1) { $getTotalAttempts = $db->prepare("SELECT attempts FROM ip_ban WHERE ipAddr = ? OR login = ?"); $getTotalAttempts->execute(array($ip_address, $login)); $totalAttempts = $getTotalAttempts->fetch(); $totalAttempts = $totalAttempts['attempts']; if ($totalAttempts >= 4) { //Send Mayday SMS $to = "[email protected]"; $subject = "Banned Account - $login"; $mailheaders = 'From: [email protected]' . "\r\n"; $mailheaders .= 'Reply-To: [email protected]' . "\r\n"; $mailheaders .= 'MIME-Version: 1.0' . "\r\n"; $mailheaders .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $msg = "<p>IP Address - " . $ip_address . ", Username - " . $login . "</p>"; mail($to, $subject, $msg, $mailheaders); $setAccountBan = $db->query("UPDATE ip_ban SET isBanned = 1 WHERE ipAddr = '$ip_address'"); $setAccountBan->execute(); $errmsg_arr[] = 'Too Many Login Attempts'; $errflag = true; } } if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header('Location: http://somewhere.com/login.php'); exit(); } //Query database $loginSQL = $db->prepare("SELECT password FROM user_control WHERE username = ?"); $loginSQL->execute(array($login)); $loginResult = $loginSQL->fetch(); //Compare passwords if($loginResult['password'] == $encryptedPassword) { //Login Successful session_regenerate_id(); //Collect details about user and assign session details $getMemDetails = $db->prepare("SELECT * FROM user_control WHERE username = ?"); $getMemDetails->execute(array($login)); $member = $getMemDetails->fetch(); $_SESSION['SESS_MEMBER_ID'] = $member['user_id']; $_SESSION['SESS_USERNAME'] = $member['username']; $_SESSION['SESS_FIRST_NAME'] = $member['name_f']; $_SESSION['SESS_LAST_NAME'] = $member['name_l']; $_SESSION['SESS_STATUS'] = $member['status']; $_SESSION['SESS_LEVEL'] = $member['level']; //Get Last Login $_SESSION['SESS_LAST_LOGIN'] = $member['lastLogin']; //Set Last Login info $updateLog = $db->prepare("UPDATE user_control SET lastLogin = DATE_ADD(NOW(), INTERVAL 1 HOUR), ip_addr = ? WHERE user_id = ?"); $updateLog->execute(array($ip_address, $member['user_id'])); session_write_close(); //If there are past failed log-in attempts, delete old entries if ($numAttempts > 0) { //Past failed log-ins from this IP address. Delete old entries $deleteIPBan = $db->prepare("DELETE FROM ip_ban WHERE ipAddr = ?"); $deleteIPBan->execute(array($ip_address)); } if ($member['level'] != "3" || $member['status'] == "Suspended") { header("location: http://somewhere.com"); } else { header('Location: http://somewhere.com'); } exit(); } else { //Login failed. Add IP address and other details to ban table if ($numAttempts < 1) { //Add a new entry to IP Ban table $addBanEntry = $db->prepare("INSERT INTO ip_ban (ipAddr, login, attempts) VALUES (?,?,?)"); $addBanEntry->execute(array($ip_address, $login, 1)); } else { //increment Attempts count $updateBanEntry = $db->prepare("UPDATE ip_ban SET ipAddr = ?, login = ?, attempts = attempts+1 WHERE ipAddr = ? OR login = ?"); $updateBanEntry->execute(array($ip_address, $login, $ip_address, $login)); } header('Location: http://somewhere.com/login.php'); exit(); } ?>

    Read the article

  • Email Verification plugin for rails?

    - by Larry K
    Hi, I'd like to verify a user's email address by sending them a verify-email-message. Do you know of a good Rails plugin that they've used or seen? Since I didn't see anything good via Google, at this point, my thought is: Add a verified boolean field to the user model. Default false. After user is added (unverified), combine email with a salt (a secret), and create the sha1 hash of the email/salt combo. The result is the verification. Send a welcoming / verification email to the user. Email includes a url that has the email address and verification as GET args to a verify action on my server. The verify action recomputes the verification using the supplied email and checks that the new verification matches the one in the url. If it does, then the User rec for the email is marked 'verified' Also will provide action to re-send the verification email. Any comments on the above? Thanks, Larry

    Read the article

  • JSON, Ajax login and signup form problem, critique

    - by user552828
    Here is my problem; indexdeneme2.php has two forms Sign up and Login form, and there is validation.js and login.js which are handling the AJAX and JSON response, there are validate.php and login.php which are my scripts for validating and login. When you sign up, it sends the data to validate.php perfectly and validate.php response with JSON perfectly, validate.js must show the error in #error div. validation.js works perfectly if it is working alone. I use same kind of script for login form. Login.php also works perfectly it responses with JSON and login.js shows the errors are appear in #errorlogin div. But this works when login.js works alone. When I try to work login.js and validate.js together, it is not working. validate.php and login.php works perfectly but login.js and validation.js are not working together. They can't handle the responses coming from php scripts. It is not showing the errors in #errorlogin and #error div. They intercept each other I guess. By the way if you can critique my login.php and validate.php I will be really appreciated. Thank you all. this is indexdeneme2.php <?php include('functions.php')?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> <link rel="stylesheet" href="css/cssdeneme1.css" /> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script> <script type="text/javascript" src="validation.js"></script> <script type="text/javascript" src="login.js"></script> <script type="text/javascript"> var RecaptchaOptions = { theme : 'custom', custom_theme_widget: 'recaptcha_widget' }; </script> </head> <body onload="document.signup.reset()"> <div id="topbar"> <div class="wrapper"> </div> </div> <div id="middlebar"> <div class="wrapper"> <div id="middleleft"> <div id="mainformsecondcover"> <div id="mainform"> <div id="formhead"> <div id="signup">Sign Up</div> </div> <form method="post" action="validate.php" id="myform" name="signup"> <div id="form"> <table border="0" cellpadding="0" cellspacing="1"> <tbody> <tr> <td class="formlabel"> <label for="name">First Name:</label> </td> <td class="forminput"> <input type="text" name="name" id="name" /> </td> </tr> <tr> <td class="formlabel"> <label for="lastname">Last Name:</label> </td> <td class="forminput"> <input type="text" name="surname" id="lastname" /> </td> </tr> <tr> <td class="formlabel"> <label for="email">Email:</label> </td> <td class="forminput"> <input type="text" name="email" id="email" /> </td> </tr> <tr> <td class="formlabel"> <label for="remail">Re-Enter Email:</label> </td> <td class="forminput"> <input type="text" name="remail" id="remail" /> </td> </tr> <tr> <td class="formlabel"> <label for="password">Password:</label> </td> <td class="forminput"> <input type="password" name="password" id="password" maxlength="16" /> </td> </tr> <tr> <td class="formlabel"> <label for="gender">I am:</label> </td> <td class="forminput"> <select name="gender" id="gender"> <option value="0" selected="selected">-Select Sex-</option> <option value="1">Male</option> <option value="2">Female</option> </select> </td> </tr> <tr> <td class="formlabel"> <label>My Birthday:</label> </td> <td class="forminput"> <select size="1" name="day"> <option value="0" selected="selected">Day</option> <?php formDay(); ?> </select>&nbsp; <select size="1" name="month"> <option value="0" selected="selected">Month</option> <option value="1">January</option> <option value="2">February</option> <option value="3">March</option> <option value="4">April</option> <option value="5">May</option> <option value="6">June</option> <option value="7">July</option> <option value="8">August</option> <option value="9">September</option> <option value="10">October</option> <option value="11">November</option> <option value="12">December</option> </select>&nbsp; <select size="1" name="year"> <option value="0" selected="selected">Year</option> <?php formYear(); ?> </select> </td> </tr> <tr> <td class="formlabel"> <label for="recaptcha_response_field">Security Check:</label> </td> </tr> </tbody> </table> <?php require_once('captchalib.php'); ?> </div> <div id="formbottom"> <div id="error"> </div> <div id="formbottomright"> <input type="submit" id="formbutton" value="Sign Up" /> <img id="loading" src="css/images/ajax-loader.gif" height="35" width="35" alt="Processing.." style="float:right; display:block" /> </div> </div> </form> </div> </div> </div> <div id="middleright"> <div id="loginform"> <form name="login" action="login.php" method="post" id="login"> <label for="username">Email:</label> <input type="text" name="emaillogin" /> <label for="password">Password:</label> <input type="password" name="passwordlogin" maxlength="16" /> <input type="submit" value="Login" /> <img id="loading2" src="css/images/ajax-loader.gif" height="35" width="35" alt="Processing.." style="float:right; display:block" /> </form> </div> <div id="errorlogin"></div> </div> </div> </div> <div id="bottombar"> <div class="wrapper"></div> </div> </body> </html> validation.js $(document).ready(function(){ $('#myform').submit(function(e) { register(); e.preventDefault(); }); }); function register() { hideshow('loading',1); error(0); $.ajax({ type: "POST", url: "validate.php", data: $('#myform').serialize(), dataType: "json", success: function(msg){ if(parseInt(msg.status)==1) { window.location=msg.txt; } else if(parseInt(msg.status)==0) { error(1,msg.txt); Recaptcha.reload(); } hideshow('loading',0); } }); } function hideshow(el,act) { if(act) $('#'+el).css('visibility','visible'); else $('#'+el).css('visibility','hidden'); } function error(act,txt) { hideshow('error',act); if(txt) $('#error').html(txt); } login.js $(document).ready(function(){ $('#login').submit(function(e) { login(); e.preventDefault(); }); }); function login() { error(2); $.ajax({ type: "POST", url: "login.php", data: $('#login').serialize(), dataType: "json", success: function(msg){ if(parseInt(msg.status)==3) { window.location=msg.txt; } else if(parseInt(msg.status)==2) { error(3,msg.txt); } } }); } function error(act,txt) { hideshow('error',act); if(txt) $('#errorlogin').html(txt); } login.php <?php session_start(); require("connect.php"); $email = $_POST['emaillogin']; $password = $_POST['passwordlogin']; $email = mysql_real_escape_string($email); $password = mysql_real_escape_string($password); if(empty($email)) { die('{status:2,txt:"Enter your email address."}'); } if(!filter_var($email, FILTER_VALIDATE_EMAIL)) { die('{status:2,txt:"Invalid email or password"}'); } if(empty($password)) { die('{status:2,txt:"Enter your password."}'); } if(strlen($password)<6 || strlen($password)>16) { die('{status:2,txt:"Invalid email or password"}'); } $query = "SELECT password, salt FROM users WHERE Email = '$email';"; $result = mysql_query($query); if(mysql_num_rows($result) < 1) //no such user exists { die('{status:2,txt:"Invalid email or password"}'); } $userData = mysql_fetch_array($result, MYSQL_ASSOC); $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) ); if($hash != $userData['password']) //incorrect password { die('{status:2,txt:"Invalid email or password"}'); } //////////////////////////////////////////////////////////////////////////////////// if('{status:3}') { session_regenerate_id (); //this is a security measure $getMemDetails = "SELECT * FROM users WHERE Email = '$email'"; $link = mysql_query($getMemDetails); $member = mysql_fetch_row($link); $_SESSION['valid'] = 1; $_SESSION['userid'] = $member[0]; $_SESSION['name'] = $member[1]; session_write_close(); mysql_close($con); echo '{status:3,txt:"success.php"}'; } validate.php <?php $name = $_POST['name']; $surname = $_POST['surname']; $email = $_POST['email']; $remail = $_POST['remail']; $gender = $_POST['gender']; $bdate = $_POST['year'].'-'.$_POST['month'].'-'.$_POST['day']; $bday = $_POST['day']; $bmon = $_POST['month']; $byear = $_POST['year']; $cdate = date("Y-n-j"); $password = $_POST['password']; $hash = hash('sha256', $password); $regdate = date("Y-m-d"); function createSalt() { $string = md5(uniqid(rand(), true)); return substr($string, 0, 3); } $salt = createSalt(); $hash = hash('sha256', $salt . $hash); if(empty($name) || empty($surname) || empty($email) || empty($remail) || empty($password) ) { die('{status:0,txt:"All the fields are required"}'); } if(!preg_match('/^[A-Za-z\s ]+$/', $name)) { die('{status:0,txt:"Please check your name"}'); } if(!preg_match('/^[A-Za-z\s ]+$/', $surname)) { die('{status:0,txt:"Please check your last name"}'); } if($bdate > $cdate) { die('{status:0,txt:"Please check your birthday"}'); } if(!(int)$gender) { die('{status:0,txt:"You have to select your sex"}'); } if(!(int)$bday || !(int)$bmon || !(int)$byear) { die('{status:0,txt:"You have to fill in your birthday"}'); } if(!$email == $remail) { die('{status:0,txt:"Emails doesn&sbquo;t match"}'); } if(!filter_var($email, FILTER_VALIDATE_EMAIL)) { die('{status:0,txt:"Enter a valid email"}'); } if(strlen($password)<6 || strlen($password)>16) { die('{status:0,txt:"Password must be between 6-16 characters"}'); } if (!$_POST["recaptcha_challenge_field"]===$_POST["recaptcha_response_field"]) { die('{status:0,txt:"You entered incorrect security code"}'); } if('{status:1}') { require("connect.php"); function getRealIpAddr() { if (!empty($_SERVER['HTTP_CLIENT_IP'])) { $ip=$_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip=$_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip=$_SERVER['REMOTE_ADDR']; } return $ip; } $rip = getRealIpAddr(); $ipn = inet_pton($rip); $checkuser = mysql_query("SELECT Email FROM users WHERE Email = '$email'"); $username_exist = mysql_num_rows($checkuser); if ( $username_exist !== 0 ) { mysql_close($con); die('{status:0,txt:"This email Address is already registered!"}'); } else { $query = "INSERT INTO users (name, surname, date, Email, Gender, password, salt, RegistrationDate, IP) VALUES ('$name', '$surname', '$bdate', '$email', '$gender', '$hash', '$salt', '$cdate', '$ipn')"; $link = mysql_query($query); if(!$link) { die('Becerilemedi: ' . mysql_error()); } else { mysql_close($con); echo '{status:1,txt:"afterreg.php"}'; } } } ?> css of indexdeneme2.php * { padding:0; margin:0; } #topbar { width:100%; height:50px; } .wrapper { margin:0 auto; width:1000px; height:100%; } #middlebar { width:100%; height:650px; } #middleleft { width:55%; float:left; height:650px; } #middleright { width:45%; float:right; height:650px; } #mainformsecondcover { width:404px; padding:0px; margin:0px; border:4px solid #59B; border-radius: 14px; -moz-border-radius: 14px; -webkit-border-radius: 14px; } #mainform { width:400px; border:2px solid #CCC; border-radius: 11px; -moz-border-radius: 11px; -webkit-border-radius: 11px; } #formhead { margin:7px; } #signup { margin-top:13px; margin-left:13px; margin-bottom:3px; color:#333; font-size:18px; font-family:"Lucida Sans Unicode", "Lucida Grande", sans-serif; font-weight:bold } #form { margin:7px; } #form table { margin:0px; width:380px; } #form table tr{ height:28px; } #form table td{ height:18px; } .formlabel { cursor:pointer; display:table-cell; text-align:right; font-size:12px; color:#000; font-weight:normal; vertical-align:middle; font-family:"Lucida Sans Unicode", "Lucida Grande", sans-serif; letter-spacing:1px; width:120px; height:37px; padding-right:5px; } .formlabel label{ cursor:pointer } .forminput input { width:240px; font-size:13px; padding:4px; } #recaptcha_image { width:300px; height:57px; border:2px solid #CCC; } #recaptcha_widget { margin-left:35px; } #securityinfo { font-size: 11px; line-height: 16px; } #formbottom { width:360px; min-height:45px; } #error { float:left; width:200px; border:1px solid #F00; margin-left:20px; margin-top:7px; text-align:center; color:#F00; font-family:"Lucida Sans Unicode", "Lucida Grande", sans-serif; font-size:11px; line-height:16px; padding:2px; visibility:hidden; } #errorlogin { float:left; width:200px; border:1px solid #F00; margin-left:20px; margin-top:7px; text-align:center; color:#F00; font-family:"Lucida Sans Unicode", "Lucida Grande", sans-serif; font-size:11px; line-height:16px; padding:2px; visibility:hidden; } #formbottomright { float:right; height:45px; width:115px; margin-left:5px; } #loading { visibility:hidden; } #loading2 { visibility:hidden; } #formbutton { display:block; font-size:14px; color:#FFF; background: #0b85c6; /* Old browsers */ background: -moz-linear-gradient(top, #0b85c6 0%, #59b 100%); /* FF3.6+ */ background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#0b85c6), color-stop(100%,#59b)); /* Chrome,Safari4+ */ background: -webkit-linear-gradient(top, #0b85c6 0%,#59b 100%); /* Chrome10+,Safari5.1+ */ background: -o-linear-gradient(top, #0b85c6 0%,#59b 100%); /* Opera11.10+ */ background: -ms-linear-gradient(top, #0b85c6 0%,#59b 100%); /* IE10+ */ filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#0B85C6', endColorstr='#59B',GradientType=0 ); /* IE6-9 */ background: linear-gradient(top, #0b85c6 0%,#59b 100%); /* W3C */ font-family:"Lucida Sans Unicode", "Lucida Grande", sans-serif; height:26px; width:60px; margin:7px; text-align:center; padding-bottom:4px; padding-left:4px; padding-right:4px; float:left; margin-right:5px; } #bottombar { width:100%; height:50px; } {}

    Read the article

  • Retrieving related data in the Symfony Admin Generator

    - by bjoern
    I have a problem with the Admin Generator. The Table of Pages have the column sf_guard_user_id. The rest of the table looks as this part of the generator.yml in the line display, list: title: Pages display: [=title, sfGuardUser, views, state, privacy, created_at, updated_at] sort: [created_at, desc] fields: sfGuardUser: { label: Author } created_at: { label: Published, date_format: dd.MM.y } updated_at: { label: Updated, date_format: dd.MM.y } table_method: retrieveUserList Now the sf_guard_user_id is been replaced and the username ist displayed. Don't get me wrong, that works fine. But how can I get other variables from the sfGuarsUser relation? When I only add salt or another variable to display I get this, Unknown record property / related component "salt" on "simplePage" But why?

    Read the article

  • Named Blueprints with factory_girl

    - by Jason Nerer
    I am using Factory Girl but like the machinist syntax. So I wonder, if there is any way creating a named blueprint for class, so that I can have something like that: User.blueprint(:no_discount_user) do admin false hashed_password "226bc1eca359a09f5f1b96e26efeb4bb1aeae383" is_trader false name "foolish" salt "21746899800.223524289203464" end User.blueprint(:discount_user) do admin false hashed_password "226bc1eca359a09f5f1b96e26efeb4bb1aeae383" is_trader true name "deadbeef" salt "21746899800.223524289203464" discount_rate { DiscountRate.make(:rate => 20.00) } end DiscountRate.blueprint do rate {10} not_before ... not_after ... end Is there a way making factory_girl with machinist syntax acting like that? I did not find one. Help appreciated. Thx in advance Jason

    Read the article

  • How can * be a safe hashed password?

    - by Exception e
    phpass is a widely used hashing 'framework'. While evaluating phpass' HashPassword I came across this odd method fragment. function HashPassword($password) { // <snip> trying to generate a hash… # Returning '*' on error is safe here, but would _not_ be safe # in a crypt(3)-like function used _both_ for generating new # hashes and for validating passwords against existing hashes. return '*'; } This is the complete phpsalt class: # Portable PHP password hashing framework. # # Version 0.2 / genuine. # # Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in # the public domain. # # # class PasswordHash { var $itoa64; var $iteration_count_log2; var $portable_hashes; var $random_state; function PasswordHash($iteration_count_log2, $portable_hashes) { $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) $iteration_count_log2 = 8; $this->iteration_count_log2 = $iteration_count_log2; $this->portable_hashes = $portable_hashes; $this->random_state = microtime() . getmypid(); } function get_random_bytes($count) { $output = ''; if (is_readable('/dev/urandom') && ($fh = @fopen('/dev/urandom', 'rb'))) { $output = fread($fh, $count); fclose($fh); } if (strlen($output) < $count) { $output = ''; for ($i = 0; $i < $count; $i += 16) { $this->random_state = md5(microtime() . $this->random_state); $output .= pack('H*', md5($this->random_state)); } $output = substr($output, 0, $count); } return $output; } function encode64($input, $count) { $output = ''; $i = 0; do { $value = ord($input[$i++]); $output .= $this->itoa64[$value & 0x3f]; if ($i < $count) $value |= ord($input[$i]) << 8; $output .= $this->itoa64[($value >> 6) & 0x3f]; if ($i++ >= $count) break; if ($i < $count) $value |= ord($input[$i]) << 16; $output .= $this->itoa64[($value >> 12) & 0x3f]; if ($i++ >= $count) break; $output .= $this->itoa64[($value >> 18) & 0x3f]; } while ($i < $count); return $output; } function gensalt_private($input) { $output = '$P$'; $output .= $this->itoa64[min($this->iteration_count_log2 + ((PHP_VERSION >= '5') ? 5 : 3), 30)]; $output .= $this->encode64($input, 6); return $output; } function crypt_private($password, $setting) { $output = '*0'; if (substr($setting, 0, 2) == $output) $output = '*1'; if (substr($setting, 0, 3) != '$P$') return $output; $count_log2 = strpos($this->itoa64, $setting[3]); if ($count_log2 < 7 || $count_log2 > 30) return $output; $count = 1 << $count_log2; $salt = substr($setting, 4, 8); if (strlen($salt) != 8) return $output; # We're kind of forced to use MD5 here since it's the only # cryptographic primitive available in all versions of PHP # currently in use. To implement our own low-level crypto # in PHP would result in much worse performance and # consequently in lower iteration counts and hashes that are # quicker to crack (by non-PHP code). if (PHP_VERSION >= '5') { $hash = md5($salt . $password, TRUE); do { $hash = md5($hash . $password, TRUE); } while (--$count); } else { $hash = pack('H*', md5($salt . $password)); do { $hash = pack('H*', md5($hash . $password)); } while (--$count); } $output = substr($setting, 0, 12); $output .= $this->encode64($hash, 16); return $output; } function gensalt_extended($input) { $count_log2 = min($this->iteration_count_log2 + 8, 24); # This should be odd to not reveal weak DES keys, and the # maximum valid value is (2**24 - 1) which is odd anyway. $count = (1 << $count_log2) - 1; $output = '_'; $output .= $this->itoa64[$count & 0x3f]; $output .= $this->itoa64[($count >> 6) & 0x3f]; $output .= $this->itoa64[($count >> 12) & 0x3f]; $output .= $this->itoa64[($count >> 18) & 0x3f]; $output .= $this->encode64($input, 3); return $output; } function gensalt_blowfish($input) { # This one needs to use a different order of characters and a # different encoding scheme from the one in encode64() above. # We care because the last character in our encoded string will # only represent 2 bits. While two known implementations of # bcrypt will happily accept and correct a salt string which # has the 4 unused bits set to non-zero, we do not want to take # chances and we also do not want to waste an additional byte # of entropy. $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $output = '$2a$'; $output .= chr(ord('0') + $this->iteration_count_log2 / 10); $output .= chr(ord('0') + $this->iteration_count_log2 % 10); $output .= '$'; $i = 0; do { $c1 = ord($input[$i++]); $output .= $itoa64[$c1 >> 2]; $c1 = ($c1 & 0x03) << 4; if ($i >= 16) { $output .= $itoa64[$c1]; break; } $c2 = ord($input[$i++]); $c1 |= $c2 >> 4; $output .= $itoa64[$c1]; $c1 = ($c2 & 0x0f) << 2; $c2 = ord($input[$i++]); $c1 |= $c2 >> 6; $output .= $itoa64[$c1]; $output .= $itoa64[$c2 & 0x3f]; } while (1); return $output; } function HashPassword($password) { $random = ''; if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) { $random = $this->get_random_bytes(16); $hash = crypt($password, $this->gensalt_blowfish($random)); if (strlen($hash) == 60) return $hash; } if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) { if (strlen($random) < 3) $random = $this->get_random_bytes(3); $hash = crypt($password, $this->gensalt_extended($random)); if (strlen($hash) == 20) return $hash; } if (strlen($random) < 6) $random = $this->get_random_bytes(6); $hash = $this->crypt_private($password, $this->gensalt_private($random)); if (strlen($hash) == 34) return $hash; # Returning '*' on error is safe here, but would _not_ be safe # in a crypt(3)-like function used _both_ for generating new # hashes and for validating passwords against existing hashes. return '*'; } function CheckPassword($password, $stored_hash) { $hash = $this->crypt_private($password, $stored_hash); if ($hash[0] == '*') $hash = crypt($password, $stored_hash); return $hash == $stored_hash; } }

    Read the article

  • Server authorization with MD5 and SQL.

    - by Charles
    I currently have a SQL database of passwords stored in MD5. The server needs to generate a unique key, then sends to the client. In the client, it will use the key as a salt then hash together with the password and send back to the server. The only problem is that the the SQL DB has the passwords in MD5 already. Therefore for this to work, I would have to MD5 the password client side, then MD5 it again with the salt. Am I doing this wrong, because it doesn't seem like a proper solution. Any information is appreciated.

    Read the article

  • Invalid character in a Base-64 string

    - by swetha
    I am getting this error when I am validating the user with sql membership provider this.provider.ValidateUser(userName, password); the password i have used is "freetrial". I tried trimming the spaces but still no luck!!! and the call stack is as follows: [FormatException: Invalid character in a Base-64 string.] System.Convert.FromBase64String(String s) +0 System.Web.Security.MembershipProvider.EncodePassword(String pass, Int32 passwordFormat, String salt) +54 System.Web.Security.SqlMembershipProvider.CheckPassword(String username, String password, Boolean updateLastLoginActivityDate, Boolean failIfNotApproved, String& salt, Int32& passwordFormat) +169 System.Web.Security.SqlMembershipProvider.CheckPassword(String username, String password, Boolean updateLastLoginActivityDate, Boolean failIfNotApproved) +42 System.Web.Security.SqlMembershipProvider.ValidateUser(String username, String password) +78

    Read the article

  • Static struct in C++

    - by pingvinus
    Hi, I want to define an structure, where some math constants would be stored. Here what I've got now: struct consts { //salt density kg/m3 static const double gamma; }; const double consts::gamma = 2350; It works fine, but there would be more than 10 floating point constants, so I doesn't want to wrote 'static const' before each of them. And define something like that: static const struct consts { //salt density kg/m3 double gamma; }; const double consts::gamma = 2350; It look fine, but I got these errors: 1. member function redeclaration not allowed 2. a nonstatic data member may not be defined outside its class I wondering if there any C++ way to do it?

    Read the article

  • node.js with SQL Server Native Client 11 scope_identity not being returned

    - by binderbound
    I'm having trouble with inserting a value into a database through node.js. Here is the offending code: sql.query(conn_str ,"INSERT INTO Login(email, hash, salt, firstName, lastName) VALUES(?, ?, ?, ?, ?); SELECT SCOPE_IDENTITY() AS 'Identity';" , [email, hash, salt, firstName, lastName], function(err, results){ console.log(results) } Unfortunately, the console is just echoing [], meaning results is an empty array, I suppose. Does anyone know why the identity is not being returned? Even if it was null, why isn't results then [{Identity: null }] ? Database is on Azure, which does have a "Scope_Identity" function, and the native client also recognises this function. Using node package "msnodesql" Please Help

    Read the article

  • Copying blocks (ie: copying them to instance variables) in Objective-C

    - by RyanWilcox
    I'm trying to understand blocks. I get how to use them normally, when passed directly to a method. I'm interested now in taking a block, storing it (say) in an instance variable and calling it later. The blocks programming guide makes it sound like I can do this, by using Block_copy / retain to copy the block away, but when I try to run it I crash my program. - (void) setupStoredBlock { int salt = 42; m_storedBlock = ^(int incoming){ return 2 + incoming + salt; }; [m_storedBlock retain]; } I try to call it later: - (void) runStoredBlock { int outputValue = m_storedBlock(5); NSLog(@"When we ran our stored blockwe got back: %d", outputValue); [m_storedBlock release]; } Anyone have any insights? (Or, is there something I'm not getting with blocks?) Thank you very much!

    Read the article

  • Is MD5 really that bad?

    - by Col. Shrapnel
    Everyone says that MD5 is "broken". Though I have never seen a code that can show it's weakness. So, I hope someone of local experts can prove it with simple test. I have an MD5 hash c1e877411f5cb44d10ece283a37e1668 And a simple code to produce it $salt="#bh35^&Res%"; $pass="***"; echo $hash=md5($salt.$pass); So, the question is: 1. Is MD% really that bad? 2. If so, what's the pass behind the asterisks?

    Read the article

  • Find and replace numbers in string with regex

    - by James
    What I'm trying to achieve is to replace the numbers in the string with a new values calculated from the (match * int). So the string input looks like: 500g Flour 14g Salt 7g Dry yeast 45ml Olive oil 309ml Water And the result should look like this: 1000g Flour 14g Salt 14g Dry yeast 90ml Olive oil 618 ml Water row["ingredients"] is a DataRow. This is where I'm at: System.Text.RegularExpressions. Regex.Replace(row["ingredients"].ToString(), @"[^/d]", Delegate(Match match) { return match * 2; }, RegexOptions.Multiline); Any solution is greatly appreciated.

    Read the article

  • Spring @Value annotation not using defaults when property is not present

    - by garyj
    Hi All I am trying to use @Value annotation in the parameters of a constructor as follows: @Autowired public StringEncryptor( @Value("${encryptor.password:\"\"}") String password, @Value("${encryptor.algorithm:\"PBEWithMD5AndTripleDES\"}") String algorithm, @Value("${encryptor.poolSize:10}") Integer poolSize, @Value("${encryptor.salt:\"\"}") String salt) { ... } When the properties file is present on the classpath, the properties are loaded perfectly and the test executes fine. However when I remove the properties file from the classpath, I would have expected that the default values would have been used, for example poolSize would be set to 10 or algorithm to PBEWithMD5AndTripleDES however this is not the case. Running the code through a debugger (which would only work after changing @Value("${encryptor.poolSize:10}") Integer poolSize to @Value("${encryptor.poolSize:10}") String poolSize as it was causing NumberFormatExceptions) I find that the defaults are not being set and the parameters are in the form of: poolSize = ${encryptor.poolSize:10} or algorithm = ${encryptor.algorithm:"PBEWithMD5AndTripleDES"} rather than the expected poolSize = 10 or algorithm = "PBEWithMD5AndTripleDES" Based on SPR-4785 the notation such as ${my.property:myDefaultValue} should work. Yet it's not happening for me! Thank you

    Read the article

  • password/login system in php

    - by Jonathan
    For a login system in php would this be a suitable outline of how it would work: users types in username and password, clicks login button. Checks if user exists in database, if it does, then retrieve the salt for that user hash the password and salt (would this be done on the client or server side? I think client side would be better, but php is server side so how would you do this?) check value against value in database, if the values match then user has typed in correct password and they are logged in.

    Read the article

  • Ideas for extending tic-tac-toe game?

    - by pimvdb
    I'm building a 3D tic-tac-toe game and this is what I've implemented so far: 3D renderer with texture mapping Playing against the computer Playing online (multiplayer) Now I'm a little lost what I could add. Obviously, tic-tac-toe isn't that exciting or advanced, but I just miss something to salt it a little bit. Therefore, could anyone please suggest some ideas that would be worth implementing? Thanks!

    Read the article

  • Encrypted Hidden Redux : Let's Get Salty

    - by HeartattacK
    In this article, Ashic Mahtab shows an elegant, reusable and unobtrusive way in which to persist sensitive data to the browser in hidden inputs and restoring them on postback without needing to change any code in controllers or actions. The approach is an improvement of his previous article and incorporates a per session salt during encryption. Note: Cross posted from Heartysoft.com. Permalink

    Read the article

  • Try the Linux desktop of the future

    <b>Tux Radar:</b> "For the tinkerers and testers, 2010 is shaping up to be a perfect year. Almost every desktop and application we can think of is going to have a major release, and while release dates and roadmaps always have to be taken with a pinch of salt, many of these projects have built technology and enhancements you can play with now."

    Read the article

  • Getting baseline and performance stats - the easy way.

    - by fatherjack
    OK, pretty much any DBA worth their salt has read Brent Ozar's (Blog | Twitter) blog about getting a baseline of your server's performance counters and then getting the same counters at regular intervals afterwards so that you can track performance trends and evidence how you are making your servers faster or cope with extra load without costing your boss any money for hardware upgrades. No? well, go read it now. I can wait a while as there is a great video there too...http://www.brentozar.com/archive/2006/12/dba-101-using-perfmon-for-sql-performance-tuning/,...(read more)

    Read the article

  • What actions should I not rely on the packaged functionality of my language for?

    - by David Peterman
    While talking with one of my coworkers, he was talking about the issues the language we used had with encryption/decryption and said that a developer should always salt their own hashes. Another example I can think of is the mysql_real_escape_string in PHP that programmers use to sanitize input data. I've heard many times that a developer should sanitize the data themselves. My question is what things should a developer always do on their own, for whatever reason, and not rely on the standard libraries packaged with a language for it?

    Read the article

< Previous Page | 2 3 4 5 6 7 8 9 10 11 12  | Next Page >