Search Results

Search found 12055 results on 483 pages for 'password complexity'.

Page 87/483 | < Previous Page | 83 84 85 86 87 88 89 90 91 92 93 94  | Next Page >

  • expanding/collapsing div using jQuery

    - by Hristo
    I'm trying to expand and collapse a <div> by clicking some text inside the <div>. The behavior right now is very odd. For example, if I click the text after the <div> is expanded... the <div> will collapse and then expand again. Also, if I click somewhere inside the div after it is expanded, it will collapse again, and I think that is because I'm triggering the animation since the <div> being animated is inside the wrapper <div>. Here's the code: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> <!-- Links --> <link rel="stylesheet" type="text/css" href="style.css" /> <!-- Scripts --> <script type="text/javascript" src="jQuery.js"></script> <script> // document script $(function(){ // login box event handler $('#login').click(function() { $('#loginBox').toggle( function() { $('.loginBox').animate({ height: '150px' }, '1000' ); $('#username').show(); $('#password').hide(); $('#placeHolder').show(); }, function() { $('.loginBox').animate({ height: '50px' }, '1000' ); $('#username').hide(); $('#password').hide(); $('#placeHolder').hide(); } ); }); // username field focus and blur event handlers $('#username').focus(function() { if($(this).hasClass('placeHolder')){ $(this).val(''); $(this).removeClass('placeHolder'); } }); $('#username').blur(function() { if($(this).val() == '') { $(this).val('Username'); $(this).addClass('placeHolder'); } }); // password field focus and blur event handlers $('#placeHolder').focus(function() { $(this).hide(); $('#password').show(); $('#password').focus(); $('#password').removeClass('placeHolder'); }); $('#password').blur(function() { if($(this).val() == '') { $('#placeHolder').show(); $(this).hide(); } }); }); </script> </head> <body> <div id="loginBox" class="loginBox"> <a id="login" class="login">Proceed to Login</a><br /> <div> <form> <input type="text" id="username" class="placeHolder" value="Username" /> <input type="password" id="password" class="placeHolder" value="" /> <input type="text" id="placeHolder" class="placeHolder" value="Password" /> </form> </div> </div> </body> </html> Any ideas? Thanks, Hristo

    Read the article

  • Multi tenant membership provider ASP.NET MVC

    - by Masna
    Hello, I'm building a multi-tenant app with ASP.NET MVC and have a problem with validating users. Situation I have: -a table with User(ID, Name, FirstName, Email) This table is made, so that a users who is registered in two tenants doesn't need to login again. -a table with Tentantuser(ID, TenantID, UserID (FK to table User), UserName, Loginname, Password, Active) This table contains de login en password for one tenant. Example: UserX is registered in TenantA and TenantB UserX logs in on TenantA, with his login and password for TenantA System verifies or login and password are correct in the table TenantUser System validates UserX which userID corresponds to the Id in the table User UserX goes to TenantB and is automatically logged in My problem: How can I create a custom Provider so I can check the login & password in a tenant? For example: public abstract bool ValidateUser(string username,string password); How can I say to my provider on which tenant the user is? How can I change this in something like: public overrides bool ValidateUser(string username,string password, string tenant); ? Or what is another way to solve this issue?

    Read the article

  • ASP.NET MVC Page - hyper links in HTML.ValidationSummary

    - by Rita
    Hi I have Registration page and if the validation fails, it displays the error messages using HTML.ValidationSummary control. Now i have to display the Hyperlink in that Validation Error Message. But it is treating href also as string. The Validation Message that I am trying to display with hyperlink is: **"User already exists in the system, please <a href='../Login.aspx'>login</a>"** Appreciate your responses. Here is my Code: <% using (Html.BeginForm()) {%> <%= Html.ValidationSummary(false) %> <fieldset> <div class="cssform">; <p> <%= Html.LabelFor(model => model.email)%><em>*</em> <%= Html.TextBoxFor(model => model.email, new { @class = "required email" })%> <%= Html.ValidationMessageFor(model => model.email)%> </p> <p> <%= Html.Label("Confirm email")%><em>*</em> <%= Html.TextBox("confirm_email")%> <%= Html.ValidationMessage("confirm_email") %> </p> <p> <%= Html.Label("Password")%><em>*</em> <%= Html.Password("Password", null, new { @class = "required" })%> <%= Html.ValidationMessage("Password")%><br /> (Note: Password should be minimum 6 characters) </p> <p> <%= Html.Label("Confirm Password")%><em>*</em> <%= Html.Password("confirm_password")%> <%= Html.ValidationMessage("confirm_password") %> </p><hr /> <% } %

    Read the article

  • XMPP SASL authentication on Ejabberd with PHP

    - by bucabay
    I'm trying to authenticate with an XMPP server using SASL. /** * Send Authentication, SASL * @return Bool * @param $username String * @param $password String */ function authenticate($username, $password) { $this->username = $username; $this->password = $password; var_dump($username, $password, $this->domain); $auth = base64_encode($username.'@'.$this->domain."\u0000".$username."\u0000".$password); $xml = '<auth mechanism="PLAIN" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">'.$auth.'</auth>'; if ($this->write($xml)) { if ($xml = $this->listen(1, true)) { if (preg_match("/<success/i", $xml)) { $this->authenticated = $this->_sendStream(); } } } $this->events->trigger('authenticate', $this->authenticated); return $this->authenticated; } The XMPP server however responds with: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><bad-protocol/></failure> This is against an Ejabberd server. When I open the XMPP stream, it advertises: <stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>DIGEST-MD5</mechanism><mechanism>PLAIN</mechanism></mechanisms><register xmlns='http://jabber.org/features/iq-register'/></stream:features> So it seams to me that SASL - PLAIN should work. I have a JavaScript version, that works perfectly on OpenFire server. (I can't test it on Ejabberd at the moment) sendAuthentication: function() { clearTimeout(XMPP.sendAuthentication_timer); var auth = Base64.encode(XMPP.username+'@'+XMPP.domain+'\u0000'+XMPP.username+'\u0000'+XMPP.password); mySocket.events.receive.observe(XMPP.receivedAuthSuccess, function() { mySocket.send('<auth mechanism="PLAIN" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">' + auth + '</auth>'); }); } So I can't get why the PHP version is not working.

    Read the article

  • how does hash element make a secure login on zend framework?

    - by ulduz114
    hello all i saw a example for login form same blow code class Form_Login extends Zend_Form { //put your code here public function init($timeout=360){ $this->addElement('hash', 'token', array( 'timeout' => $timeout )); $this->setName('Login'); $username = $this->createElement ( 'text', 'username' ); $username->setLabel('user name:') ->setRequired(); $this->addElement($username); $password=$this->createElement('password','password'); $password->setLabel('password:'); $password->setRequired(); $this->addElement($password); $login=$this->createElement('submit','login'); $login->setLabel('Login'); $this->addElement($login); $this->setMethod('post'); $this->setAction(Zend_Controller_Front::getInstance()->getBaseUrl().'/authentication/login'); } } and in submitAction a part code same below if (!$form->isValid($request->getPost())) { if (count($form->getErrors('token')) > 0) { return $this->_forward('csrf-forbidden', 'error'); } $this->view->form = $form; return $this->render('login'); } now , my question, whats the reason for use of hash element? how this hash element make secure login? anybody may help explain these? thanks

    Read the article

  • Asp.net Login Status Question: It Aint Working

    - by contactmatt
    I'm starting to use Role Management in my website, and I'm current following along on the tutorial from http://www.asp.net/Learn/Security/tutorial-02-vb.aspx . I'm having a problem with the asp:LoginStatus control. It is not telling me that I am currently logged in after a successful login. This can't be true because after successfully logging in, my LoggedInTemplate is shown. The username and passwords are simply stored in a array. Heres the Login.aspx page code. Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) _ Handles btnLogin.Click ' Three valid username/password pairs: Scott/password, Jisun/password, and Sam/password. Dim users() As String = {"Scott", "Jisun", "Sam"} Dim passwords() As String = {"password", "password", "password"} For i As Integer = 0 To users.Length - 1 Dim validUsername As Boolean = (String.Compare(txtUserName.Text, users(i), True) = 0) Dim validPassword As Boolean = (String.Compare(txtPassword.Text, passwords(i), False) = 0) If validUsername AndAlso validPassword Then FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, chkRemember.Checked) End If Next ' If we reach here, the user's credentials were invalid lblInvalid.Visible = True End Sub Here is the content place holder on the master page specifically designed to hold Login Information. On successfull login, the page is redirected to '/Default.aspx', and the LoggedIn Template below is shown...but the status says Log In. <asp:ContentPlaceHolder Id="LoginContent" runat="server"> <asp:LoginView ID="LoginView1" runat="server"> <LoggedInTemplate> Welcome back, <asp:LoginName ID="LoginName1" runat="server" />. </LoggedInTemplate> <AnonymousTemplate> Hello, stranger. </AnonymousTemplate> </asp:LoginView> <br /> <asp:LoginStatus ID="LoginStatus1" runat="server" LogoutAction="Redirect" LogoutPageUrl="~/Logout.aspx" /> </asp:ContentPlaceHolder> Forms authentication is enabled. I'm not sure what to do about this :o.

    Read the article

  • Why can't I get a TRUE return in this prepared statement?

    - by Cortopasta
    I can't seem to get this to do anything but return false. My best guess is that the prepared statement isn't executing, but I have no idea why. private function check_credentials($plain_username, $md5_password) { global $dbcon; $ac = new ac(); $ac->dbconnect(); $userid = $dbcon->prepare('SELECT id FROM users WHERE username = :username AND password = :password LIMIT 1'); $userid->bindParam(':username', $plain_username); $userid->bindParam(':password', $md5_password); $userid->execute(); $id = $userid->fetch(); Return $id; } *EDIT:*I've even tried hard coding the username and password into the function itself to try and isolate the problem like this: private function check_credentials($plain_username, $md5_password) { global $dbcon; $plain_username = "jim"; $md5_username = "waffles"; $ac = new ac(); $ac->dbconnect(); $userid = $dbcon->prepare('SELECT id FROM users WHERE username = :username AND password = :password LIMIT 1'); $userid->bindParam(':username', $plain_username); $userid->bindParam(':password', $md5_password); $userid->execute(); print_r($dbcon->errorInfo()); $id = $userid->fetch(); Return $id; } Still nothing :-/

    Read the article

  • Simplest way to handle and display errors in a Python Pylons controller without a helper class

    - by ensnare
    I have a class User() that throw exceptions when attributes are incorrectly set. I am currently passing the exceptions from the models through the controller to the templates by essentially catching exceptions two times for each variable. Is this a correct way of doing it? Is there a better (but still simple) way? I prefer not to use any third party error or form handlers due to the extensive database queries we already have in place in our classes. Furthermore, how can I "stop" the chain of processing in the class if one of the values is invalid? Is there like a "break" syntax or something? Thanks. >>> u = User() >>> u.name = 'Jason Mendez' >>> u.password = '1234' Traceback (most recent call last): File "<stdin>", line 1, in <module> File "topic/model/user.py", line 79, in password return self._password ValueError: Your password must be greater than 6 characters In my controller "register," I have: class RegisterController(BaseController): def index(self): if request.POST: c.errors = {} u = User() try: u.name = c.name = request.POST['name'] except ValueError, error: c.errors['name'] = error try: u.email = c.email = request.POST['email'] except ValueError, error: c.errors['email'] = error try: u.password = c.password = request.POST['password'] except ValueError, error: c.errors['password'] = error try: u.commit() except ValueError, error: pass return render('/register.mako')

    Read the article

  • Designing secure consumer blackberry application

    - by Kiran Kuppa
    I am evaluating a requirement for a consumer blackberry application that places high premium on security of user's data. Seems like it is an insurance company. Here are my ideas on how I could go about it. I am sure this would be useful for others who are looking for similar stuff Force the user to use device password. (I am guessing that this would be possible - though not checked it yet). Application can request notifications when the device is about to be locked and just after it has been unlocked. Encryption of application specific data can be managed at those times. Application data would be encrypted with user's password. User's credentials would be encrypted with device password. Remote backup of the data could be done over HTTPS (any better ideas are appreciated) Questions: What if the user forgets his device password. If the user forgets his application password, what is the best and secure way to reset the password? If the user losses the phone, remote backup must be done and the application data must be cleaned up. I have some ideas on how to achieve (3) and shall share them. There must be an off-line verification of the user's identity and the administrator must provide a channel using which the user must be able to send command to the device to perform the wiping of application data. The idea is that the user is ALWAYS in control of his data. Without the user's consent, even the admin must not be able to do activities such as cleaning up the data. In the above scheme of things, it appears as if the user's password need not be sent over the air to server. Am I correct? Thanks, --Kiran Kumar

    Read the article

  • Devise routes to only use custom sign in page

    - by eblume
    I am trying to learn Devise and seem to have hit a problem that is nearly the same as many, many questions here on SO but just slightly different enough that I am not getting much traction following those questions' threads. I have a very simple application. Users can sign in and sign out (and also the devise 'forgot password' stuff is enabled - I am not concerned about it at this time) and that is it. They can't register, they can't edit their profile other than to change their password, they can't do anything except sign in and sign out. (Account creation will, for now, be handled manually at the command line.) I would vastly prefer that the only page that users can log in from was "/" (root_path). I already have it working where you can log in from "/", and that is great. The problem I am having is that if you type in your user/password combination incorrectly from the root_path login page, it automatically sends you to the Devise sign-in page to continue trying to sign in. How can I make Devise redirect to root_path on sign-in failure? Here are my routes - they are probably not optimal or correctly configured and I would appreciate pointers on fixing them: root to: "core_pages#splash" devise_for :users, skip: [:sessions] as :user do # get 'signin' => 'devise/sessions#new', as: :new_user_session post 'signin' => 'devise/sessions#create', as: :user_session delete 'signout' => 'devise/sessions#destroy', as: :destroy_user_session, via: Devise.mappings[:user].sign_out_via end match '/home' => 'core_pages#home' Note the commented-out 'get signin' line. The system works without this line but, surprisingly (to me), "GET /signin" results in a HTTP 400 (OK) response and renders the Devise login template. I would prefer it return some sort of 'invalid request' or just silently redirect the user to root_path. Running rake routes on these routes gives: root / core_pages#splash user_password POST /users/password(.:format) devise/passwords#create new_user_password GET /users/password/new(.:format) devise/passwords#new edit_user_password GET /users/password/edit(.:format) devise/passwords#edit PUT /users/password(.:format) devise/passwords#update user_session POST /signin(.:format) devise/sessions#create destroy_user_session DELETE /signout(.:format) devise/sessions#destroy home /home(.:format) core_pages#home Thanks!

    Read the article

  • Using PHP and cURL to login to indyarocks.com

    - by Divya
    I am new to cURL and don't know much about it. I basically want to login to my account on www.indyarocks.com through libcurl for PHP. I don't know what type of authentication it uses (I don't know how to find that out.). When I go to http://www.indyarocks.com, I get a login form which asks for my username and password. I put in my username and password and click login and everything is good. I tried to automate this using cURL. This is a snippet of my code. curl_setopt($curl_connection, CURLOPT_URL, "http://www.indyarocks.com/loginchk.php"); curl_setopt($curl_connection, CURLOPT_POST, 1); curl_setopt($curl_connection, CURLOPT_HTTPAUTH, CURLAUTH_ANY); curl_setopt($curl_connection, CURLOPT_USERPWD, $username.':'.$password); I looked at the source of the login page and found out the address of the page to which the username and password are sent (the action attribute of the form) which is "http://www.indyarocks.com/loginchk.php" and set it as the target url. When I run this, I get username or password is wrong error and the login fails. My username and password is correct. I don't know what the problem is. Can the password be encrypted? Can that be responsible for this failure? Please help me get around this problem. I'll be really thankful. Thanks in advance.

    Read the article

  • SSL + Jquery + Ajax

    - by chobo2
    Hi I starting too look at a bit of security into my site. My site I would consider a very low security risk as it has really no personal information from the user other than email. However the security risk will go up a bit as I am partnering with a company and the initial password for this companies users will be the same password they use essentially to get onto the network and every piece of software. So I have up my security( what is fine by me...I wanted to get around to this anyways). So one of my security concerns is this. A user logs in. form submit(non ajax is done). Password is hashed & Salted and compared to one in the database. Reject or let them proceed. So this uses no jquery or ajax but is just asp.net mvc and C#. Still if my understanding is right the password is sent in clear text. So if a use SSL and I would not need to worry about that is this correct? If that is true is that all I need? Second the user can change their password at anytime. This is done through ajax. So when the password is sent it is sent in clear text( and I can verify this by looking at firebug). So if I have SSL enabled on this page is that all I need or do I need to do more? So I am just kinda confused of what I need to make the password being sent to the server(both ajax and full post ways secure). I am not sure if I need to do more then SSL or if that is enough and if it is not enough what is the next layer of security?

    Read the article

  • How to add Remember me function at custom login box ?

    - by morningglory
    In my theme, there's custom page for the login. Login function at functions.php is like this function log_in($username, $password) { $user = parse_user($username); $username = $username; $password = $password; if(isEmptyString($username)) return new WP_Error('username', 'required'); if(isEmptyString($password)) return new WP_Error('password', "required"); if(!wp_check_password( $password, $user->user_pass ) ) return new WP_Error('wrong_password', "wrong"); wp_set_auth_cookie($user->ID, $remember); wp_login($username, $password); redirect_profile(); } function parse_user($info = null, $return = 'object') { if ( is_null( $info ) ) { global $current_user; if ( empty( $current_user->ID ) ) return null; $info = get_userdata( $current_user->ID ); } elseif ( empty( $info ) ) { return null; } if( $return == 'ID' ) { if ( is_object( $info ) ) return $info->ID; if ( is_numeric( $info ) ) return $info; } elseif( $return == 'object' ) { if ( is_object( $info ) && $info->ID) return $info; if ( is_object( $info )) return get_userdata( $info->ID ); if ( is_numeric( $info ) ) return get_userdata( $info ); if ( is_string( $info ) ) return get_userdatabylogin( $info ); } else { return null; } } I want to add remember me checkbox for user to logged in all the time until they logout. How can i add this ? Please kindly help me out. Thank you.

    Read the article

  • Basic security, PHP mySQl

    - by yuudachi
    So I am making a basic log-in page. I have a good idea of what to do, but I'm still unsure of some things. I have a database full of students and a password column of course. I know I'm going to use md5 encryption in that column. The student enters their e-mail and student ID, and they get e-mailed a password if correct. But, where do I create the password? Do I have to manually add the password (which is just a randomly generated string) in mySQL to all the students? And I am suppose to send the password to the student; how will I know what to send the student if the password is encrypted? I was thinking about generating the password when the student first enters their e-mail and student ID. They get an e-mail of the random string, and at the same time, I add the same random string to the database, encrypted. Is that how it's suppose to work though? And it feels unsafe doing that all on the same page. Sorry for the long-winded, newbish question. I find this all facisnating at the same time as well (AES and RSA encryption :O)

    Read the article

  • Error occurs while validating form input using jQuery in Firebug

    - by Param-Ganak
    I have written a custom validation code in jQuery, which is working fine. I have a login form which has two fields, i.e. userid and password. I have written a custom code for client side validation for these fields. This code is working fine and gives me proper error messages as per the situation. But the problem with this code is that when I enter the invalid data in any or both field and press submit button of form then it displays the proper error message but at the same time when I checked it in Firebug it displays following error message when submit button of the form is clicked validate is not defined function onclick(event) { javascript: return validate(); } (click clientX=473, clientY=273) Here is the JQUERY validation code $(document).ready(function (){ $("#id_login_form").validate({ rules: { userid: { required: true, minlength: 6, maxlength: 20, // basic: true }, password: { required: true, minlength: 6, maxlength: 15, // basic: true } }, messages: { userid: { required: " Please enter the username.", minlength: "User Name should be minimum 6 characters long.", maxlength: "User Name should be maximum 15 characters long.", // basic: "working here" }, password: { required: " Please enter the password.", minlength: "Password should be minimum 6 characters long.", maxlength: "Password should be maximum 15 characters long.", // basic: "working here too.", } }, errorClass: "errortext", errorLabelContainer: "#messagebox" } }); }); /* $.validator.addMethod('username_alphanum', function (value) { return /^(?![0-9]+$)[a-zA-Z 0-9_.]+$/.test(value); }, 'User name should be alphabetic or Alphanumeric and may contain . and _.'); $.validator.addMethod('alphanum', function (value) { return /^(?![a-zA-Z]+$)(?![0-9]+$)[a-zA-Z 0-9]+$/.test(value); }, 'Password should be Alphanumeric.'); $.validator.addMethod('basic', function (value) { return /^[a-zA-Z 0-9_.]+$/.test(value); }, 'working working working'); */ So please tell me where is I am wrong in my jQuery code. Thank You!

    Read the article

  • How to insert form data into MySQL database table

    - by Richard
    So I have this registration script: The HTML: <form action="register.php" method="POST"> <label>Username:</label> <input type="text" name="username" /><br /> <label>Password:</label> <input type="text" name="password" /><br /> <label>Gender:</label> <select name="gender"> <optgroup label="genderset"> <option value="Male">Male</option> <option value="Female">Female</option> <option value="Hermaphrodite">Hermaphrodite</option> <option value="Not Sure!!!">Not Sure!!!</option> </optgroup> </select><br /> <input type="submit" value="Register" /> </form> The PHP/SQL: <?php $username = $_POST['username']; $password = $_POST['password']; $gender = $_POST['gender']; mysql_query("INSERT INTO registration_info (username, password, gender) VALUES ('$username', '$password', '$gender') ") ?> The problem is, the username and password gets inserted into the "registration_info" table just fine. But the Gender input from the select drop down menu doesn't. Can some one tell me how to fix this, thanks.

    Read the article

  • Stored procedure or function expects parameter which is not supplied

    - by user2920046
    I am trying to insert data into a SQL Server database by calling a stored procedure, but I am getting the error Procedure or function 'SHOWuser' expects parameter '@userID', which was not supplied. My stored procedure is called "SHOWuser". I have checked it thoroughly and no parameters is missing. My code is: public void SHOWuser(string userName, string password, string emailAddress, List preferences) { SqlConnection dbcon = new SqlConnection(conn); try { SqlCommand cmd = new SqlCommand(); cmd.Connection = dbcon; cmd.CommandType = System.Data.CommandType.StoredProcedure; cmd.CommandText = "SHOWuser"; cmd.Parameters.AddWithValue("@userName", userName); cmd.Parameters.AddWithValue("@password", password); cmd.Parameters.AddWithValue("@emailAddress", emailAddress); dbcon.Open(); int i = Convert.ToInt32(cmd.ExecuteScalar()); cmd.Parameters.Clear(); cmd.CommandText = "tbl_pref"; foreach (int preference in preferences) { cmd.Parameters.Clear(); cmd.Parameters.AddWithValue("@userID", Convert.ToInt32(i)); cmd.Parameters.AddWithValue("@preferenceID", Convert.ToInt32(preference)); cmd.ExecuteNonQuery(); } } catch (Exception) { throw; } finally { dbcon.Close(); } and the stored procedure is: ALTER PROCEDURE [dbo].[SHOWuser] -- Add the parameters for the stored procedure here ( @userName varchar(50), @password nvarchar(50), @emailAddress nvarchar(50) ) AS BEGIN INSERT INTO tbl_user(userName,password,emailAddress) values(@userName,@password,@emailAddress) select tbl_user.userID,tbl_user.userName,tbl_user.password,tbl_user.emailAddress, stuff((select ',' + preferenceName from tbl_pref_master inner join tbl_preferences on tbl_pref_master.preferenceID = tbl_preferences.preferenceID where tbl_preferences.userID=tbl_user.userID FOR XML PATH ('')),1,1,' ' ) AS Preferences from tbl_user SELECT SCOPE_IDENTITY(); END Pls help, Thankx in advance...

    Read the article

  • Variable won't store in session

    - by Mittens
    So I'm trying to store the "rank" of a user when they log in to a control panel which displays different options depending on the given rank. I used the same method as I did for storing and displaying the username, which is displayed on the top of each page and works just fine. I can't for the life of me figure out why it won't work for the rank value, but I do know that it is not saving it in the session. Here is the bit that's not working; $username = ($_POST['username']); $password = hash('sha512', $_POST['password']); $dbhost = 'mysql:host=¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦;dbname=¦¦¦¦¦¦¦¦¦¦¦'; $dbuser = '¦¦¦¦¦¦¦¦¦¦¦'; $dbpassword = '¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦'; try { $db = new PDO($dbhost, $dbuser, $dbpassword); $statement = $db->prepare("select password from users where email = :name"); $statement->execute(array(':name' => $username)); $result = $statement->fetch(); $pass = $result[password]; $rank = $result[rank];} catch(PDOException $e) {echo $e->getMessage();} if ($password == $pass) { session_start(); $_SESSION['username'] = $username; $_SESSION['rank'] = $rank; header('Location: http://¦¦¦¦¦¦¦¦¦.ca/manage.php'); } else{ include'../../includes/head.inc'; echo '<h1>Incorrect username or password.</h1>'; include'../../includes/footer.inc'; } I'm also new to the whole PDO thing, hence why my method of authenticating the password is pretty sketchy.

    Read the article

  • Pipelining String in Powershell

    - by ChvyVele
    I'm trying to make a simple PowerShell function to have a Linux-style ssh command. Such as: ssh username@url I'm using plink to do this, and this is the function I have written: function ssh { param($usernameAndServer) $myArray = $usernameAndServer.Split("@") $myArray[0] | C:\plink.exe -ssh $myArray[1] } If entered correctly by the user, $myArray[0] is the username and $myArray[1] is the URL. Thus, it connects to the URL and when you're prompted for a username, the username is streamed in using the pipeline. Everything works perfectly, except the pipeline keeps feeding the username ($myArray[0]) and it is entered as the password over and over. Example: PS C:\Users\Mike> ssh xxxxx@yyyyy login as: xxxxx@yyyyy's password: Access denied xxxxx@yyyyy's password: Access denied xxxxx@yyyyy's password: Access denied xxxxx@yyyyy's password: Access denied xxxxx@yyyy's password: Access denied xxxxx@yyyyy's password: FATAL ERROR: Server sent disconnect message type 2 (protocol error): "Too many authentication failures for xxxxx" Where the username has been substituted with xxxxx and the URL has been substituted with yyyyy. Basically, I need to find out how to stop the script from piping in the username ($myArray[0]) after it has been entered once. Any ideas? I've looked all over the internet for a solution and haven't found anything.

    Read the article

  • Why can't we just use a hash of passphrase as the encryption key (and IV) with symmetric encryption algorithms?

    - by TX_
    Inspired by my previous question, now I have a very interesting idea: Do you really ever need to use Rfc2898DeriveBytes or similar classes to "securely derive" the encryption key and initialization vector from the passphrase string, or will just a simple hash of that string work equally well as a key/IV, when encrypting the data with symmetric algorithm (e.g. AES, DES, etc.)? I see tons of AES encryption code snippets, where Rfc2898DeriveBytes class is used to derive the encryption key and initialization vector (IV) from the password string. It is assumed that one should use a random salt and a shitload of iterations to derive secure enough key/IV for the encryption. While deriving bytes from password string using this method is quite useful in some scenarios, I think that's not applicable when encrypting data with symmetric algorithms! Here is why: using salt makes sense when there is a possibility to build precalculated rainbow tables, and when attacker gets his hands on hash he looks up the original password as a result. But... with symmetric data encryption, I think this is not required, as the hash of password string, or the encryption key, is never stored anywhere. So, if we just get the SHA1 hash of password, and use it as the encryption key/IV, isn't that going to be equally secure? What is the purpose of using Rfc2898DeriveBytes class to generate key/IV from password string (which is a very very performance-intensive operation), when we could just use a SHA1 (or any other) hash of that password? Hash would result in random bit distribution in a key (as opposed to using string bytes directly). And attacker would have to brute-force the whole range of key (e.g. if key length is 256bit he would have to try 2^256 combinations) anyway. So either I'm wrong in a dangerous way, or all those samples of AES encryption (including many upvoted answers here at SO), etc. that use Rfc2898DeriveBytes method to generate encryption key and IV are just wrong.

    Read the article

  • PHP login, getting wrong count value from query / fetch array

    - by Chris
    Hello, *EDIT*Thanks to the comments below it has been figured out that the problem lies with the md5, without everything works as it should. But how do i implent the md5 then? I am having some troubles with the following code below to login. The database and register system are already working. The problem lies that it does not find any result at all in the query. IF the count is 0 it should redirect the user to a secured page. But this only works if i write count = 0, but this should be 0 , only if the user name and password is found he should be directed to the secure (startpage) of the site after login. For example root (username) root (password) already exists but i cannot seem to properly login with it. <?php session_start(); if (!empty($_POST["send"])) { $username = ($_POST["username"]); $password = (md5($_POST["password"])); $count = 0; $con = mysql_connect("localhost" , "root", ""); mysql_select_db("testdb", $con); $result = mysql_query("SELECT name, password FROM user WHERE name = '".$username."' AND password = '".$password."' ") or die("Error select statement"); $count = mysql_num_rows($result); if($count > 0) // always goes the to else, only works with >=0 but then the data is not found in the database, hence incorrect { $row = mysql_fetch_array($result); $_SESSION["username"] = $row["name"]; header("Location: StartPage.php"); } else { echo "Wrong login data, please try again"; } mysql_close($con); } ?>

    Read the article

  • Returning Json object from controller action to jQuery

    - by PsychoCoder
    I'm attempting to get this working properly (2 days now). I'm working on a log in where I'm calling the controller action from jQuery, passing it a JSON object (utilizing json2.js) and returning a Json object from the controller. I'm able to call the action fine, but instead of being able to put the response where I want it it just opens a new window with this printed on the screen: {"Message":"Invalid username/password combination"} And the URL looks like http://localhost:13719/Account/LogOn so instead of calling the action and not reloading the page it's taking the user to the controller, which isn't good. So now for some code, first the controller code [HttpPost] public ActionResult LogOn(LogOnModel model, string returnUrl = "") { if (ModelState.IsValid) { var login = ObjectFactory.GetInstance<IRepository<PhotographerLogin>>(); var user = login.FindOne(x => x.Login == model.Username && x.Pwd == model.Password); if (user == null) return Json(new FailedLoginViewModel { Message = "Invalid username/password combination" }); else { if (!string.IsNullOrEmpty(returnUrl)) return Redirect(returnUrl); else return RedirectToAction("Index", "Home"); } } return RedirectToAction("Index", "Home"); } And the jQuery code $("#signin_submit").click(function () { var login = getLogin(); $.ajax({ type: "POST", url: "../Account/LogOn", data: JSON.stringify(login), dataType: 'json', contentType: 'application/json; charset=utf-8', error: function (xhr) { $("#message").text(xhr.statusText); }, success: function (result) { } }); }); function getLogin() { var un = $("#username").val(); var pwd = $("#password").val(); var rememberMe = $("#rememberme").val(); return (un == "") ? null : { Username: un, Password: pwd, RememberMe: rememberMe }; } In case you need to see the actual login form here that is as well <fieldset id="signin_menu"> <div> <span id="message"></span> </div> <% Html.EnableClientValidation(); %> <% using (Html.BeginForm("LogOn", "Account", FormMethod.Post, new { @id = "signin" })) {%> <% ViewContext.FormContext.ValidationSummaryId = "valLogOnContainer"; %> <%= Html.LabelFor(m => m.Username) %> <%= Html.TextBoxFor(m => m.Username, new { @class = "inputbox", @tabindex = "4", @id = "username" })%><%= Html.ValidationMessageFor(m => m.Username, "*")%> <p> <%= Html.LabelFor(m=>m.Password) %> <%= Html.PasswordFor(m => m.Password, new { @class = "inputbox", @tabindex = "5", @id = "password" })%><%= Html.ValidationMessageFor(m => m.Password, "*")%> </p> <p class="remember"> <input id="signin_submit" value="Sign in" tabindex="6" type="submit"/> <%= Html.CheckBoxFor(m => m.RememberMe, new { @class = "inputbox", @tabindex = "7", @id = "rememberme" })%> <%= Html.LabelFor(m => m.RememberMe) %> <p class="forgot"> <a href="#" id="forgot_password_link" title="Click here to reset your password.">Forgot your password?</a> </p> <p class="forgot-username"> <a href="#" id="forgot_username_link" title="Fogot your login name? We can help with that">Forgot your username?</a> </p> </p> <%= Html.ValidationSummaryJQuery("Please fix the following errors.", new Dictionary<string, object> { { "id", "valLogOnContainer" } })%> <% } %> </fieldset> The login form is loaded on the main page with <% Html.RenderPartial("LogonControl");%> Not sure if that has any bearing on this or not but thought I'd mention it. EDIT: The login form is loaded similar to the Twitter login, click a link and the form loads with the help of jQuery & CSS

    Read the article

  • Solaris ldap Authentication

    - by Tman
    Iv been having a trouble trying to get my Solaris 10 server to authenticate against an eDir server.im managed to Set up my linux(RHeL,SLES) servers to authenticate against the ldap Server.which works fine. Here is my configuration Files. ldapclient list: NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_BINDDN= cn=proxyuser,o=AEDev NS_LDAP_BINDPASSWD= {NS1}ecfa88f3a945c22222233 NS_LDAP_SERVERS= 192.168.0.19 NS_LDAP_SEARCH_BASEDN= ou=auth,o=AEDev NS_LDAP_AUTH= simple NS_LDAP_SEARCH_SCOPE= sub NS_LDAP_CACHETTL= 0 NS_LDAP_CREDENTIAL_LEVEL= anonymous NS_LDAP_SERVICE_SEARCH_DESC= group:ou=Groups,ou=auth,o=AEDev NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=users,ou=auth,o=AEDev?sub?objectClass=shadowAccount NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=auth,o=AEDev?sub?objectClass=posixAccount NS_LDAP_BIND_TIME= 10 NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:simple getent passwd works fine: root:x:0:0:Super-User:/:/sbin/sh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp: uucp:x:5:5:uucp Admin:/usr/lib/uucp: nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico smmsp:x:25:25:SendMail Message Submission Program:/: listen:x:37:4:Network Admin:/usr/net/nls: gdm:x:50:50:GDM Reserved UID:/: webservd:x:80:80:WebServer Reserved UID:/: postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh svctag:x:95:12:Service Tag UID:/: nobody:x:60001:60001:NFS Anonymous Access User:/: noaccess:x:60002:60002:No Access User:/: nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: tlla:x:2012:100::/home/tlla: test:x:2011:100::/home/test: thato:x:2010:100::/home/thato: pam.conf login auth sufficient pam_unix_auth.so.1 #server_policy login auth sufficient /usr/lib/security/pam_ldap.so.1 try_first_pass login auth required pam_dial_auth.so.1 rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_authtok_get.so.1 rlogin auth required pam_dhkeys.so.1 rlogin auth required pam_unix_cred.so.1 rlogin auth sufficient pam_unix_auth.so.1 rlogin auth sufficient /usr/lib/security/pam_ldap.so.1 try_first_pass rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_cred.so.1 rsh auth sufficient pam_unix_auth.so.1 #server_policy rsh auth sufficient /usr/lib/security/pam_ldap.so.1 try_first_pass other auth requisite pam_authtok_get.so.1 other auth required pam_dhkeys.so.1 other auth required pam_unix_cred.so.1 other auth sufficient pam_unix_auth.so.1 other auth sufficient /usr/lib/security/pam_ldap.so.1 try_first_pass passwd auth required pam_passwd_auth.so.1 passwd auth sufficient pam_unix_auth.so.1 ssh account sufficient pam_unix.so.1 ssh account sufficient /usr/lib/security/pam_ldap.so.1 try_first_pass other account requisite pam_roles.so.1 other account sufficient pam_unix_account.so.1 other account sufficient /usr/lib/security/pam_ldap.so.1 try_first_pass other password required pam_dhkeys.so.1 other password requisite pam_authtok_get.so.1 other password requisite pam_authtok_check.so.1 other password required pam_authtok_store.so.1 other password sufficient pam_unix.so.1 other password sufficient /usr/lib/security/pam_ldap.so.1 try_first_pass Local Authentication Works But LDAP Authentication Doesn't Work.

    Read the article

  • Bugzilla email issue

    - by xian
    My bugzilla system keep hit the following error: There was an error sending mail from '[email protected]' to '[email protected]':Can't send data I think that is some problem with my setting and configuration. First is the urlbase I have tried setting it to bugzilla.example.com, and http://127.0.0.1:81/, and http://10.0.0.236/ (My laptop IP address, I use this laptop to set up bugzilla) but the error still persists. Actually what should I put in the urlbase field? Parameter = Email Under mail_delivery_method, i choose SMTP. Under mailfrom, I put bugzilla-daemon. smtpserver, I tried leaving it blank, or setting it to 220.181.12.12 before, but could not solve my problem For my sql, the following is the data and command I used: C:\mysql\bin>mysql --user=root -p mysql Enter password: 1234 (When I install mysql into my laptop, it ask me to key an username and password, i have key in username as 'cvuser' and password as '1234', but here never ask me to key in any username) Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 1 Server version: 5.5.15 MySQL Community Server (GPL) mysql> GRANT ALL PRIVILEGES ON bugs.* TO 'bugs'@'localhost' IDENTIFIED BY '123456'; Query OK, 0 rows affected (0.03 sec) In C:\Bugzilla\localconfig, I put the following info: # # How to access the SQL database: # $db_host = "localhost"; # where is the database? $db_port = 3306; # which port to use $db_name = "bugs"; # name of the MySQL database $db_user = "bugs"; # user to attach to the MySQL database # # Enter your database password here. It's normally advisable to specify # a password for your bugzilla database user. # If you use apostrophe (') or a backslash (\) in your password, you'll # need to escape it by preceding it with a \ character. (\') or (\\) # $db_pass = '123456'; Can someone tell me where my mistake is? I have googled for this issue for few days but still cannot find the solution.

    Read the article

  • Can't login via ssh after upgrading to Ubuntu 12.10

    - by user42899
    I have an Ubuntu 12.04LTS instance on AWS EC2 and I upgraded it to 12.10 following the instructions at https://help.ubuntu.com/community/QuantalUpgrades. After upgrading I can no longer ssh into my VM. It isn't accepting my ssh key and my password is also rejected. The VM is running, reachable, and SSH is started. The problem seems to be about the authentication part. SSH has been the only way for me to access that VM. What are my options? ubuntu@alice:~$ ssh -v -i .ssh/sos.pem [email protected] OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012 debug1: Reading configuration data /home/ubuntu/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to www.hostname.com [37.37.37.37] port 22. debug1: Connection established. debug1: identity file .ssh/sos.pem type -1 debug1: identity file .ssh/sos.pem-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1 debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: RSA 33:33:33:33:33:33:33:33:33:33:33:33:33:33 debug1: Host '[www.hostname.com]:22' is known and matches the RSA host key. debug1: Found key in /home/ubuntu/.ssh/known_hosts:12 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: .ssh/sos.pem debug1: read PEM private key done: type RSA debug1: Authentications that can continue: publickey,password debug1: Next authentication method: password [email protected]'s password: debug1: Authentications that can continue: publickey,password Permission denied, please try again.

    Read the article

< Previous Page | 83 84 85 86 87 88 89 90 91 92 93 94  | Next Page >