Secure Passwords

Here:

Expand|Select|Wrap|Line Numbers

 <?php 

session_start(); 

include_once "incfiles/connectdb.php"; 
 
$rand1 = rand(0,100);

$rand2 = rand(0,100);

$answer = $rand1 + $rand2;
 
if ($_POST['SubmitReg']){

$additional08989 = $_POST['additional']; 

$answers = $_POST['answers']; 

$register_user = $_POST['register_user']; 

$register_pass = $_POST['register_pass']; 

$register_pass2 = $_POST['register_pass2']; 

$register_gender = $_POST['register_gender']; 

$register_email = $_POST['register_email'];

$register_email2 = $_POST['register_email2']; 

$register_location=strip_tags($_POST['register_location']); 

$register_user=trim($register_user);

$register_pass=trim($register_pass); 
 
$today = gmdate('Y-m-d H:i:s');
 
$register_user = stripslashes($register_user); 

$register_email = stripslashes($register_email); 

$quote = stripslashes($quote); 

$register_user = strip_tags($register_user); 

$register_email = strip_tags($register_email); 

$number = $_POST['equals'];
 
if ($additional08989 != "GANCY78"){ echo "Use your head bro."; }

elseif ($additional08989 == "GANCY78"){
 
if((!$register_user) || (!$register_email) || (!$register_location) || (!$register_pass)){ 

echo "Please fill in all of the fields."; }else{
 
if ($number != "$answers"){ echo "Are you stupid bro? The answer is not $number."; }

elseif ($number == "$answers"){
 
if ($register_pass != $register_pass2){

echo "The passwords you entered do not match.";

}elseif ($register_pass == $register_pass2){
 
if ($register_email != $register_email2){

echo "The emails you entered do not match.";

}elseif ($register_email == $register_email2){
 
if ($register_user == "0"){ echo "Haha good joke, now try using an actual name?"; }

elseif ($register_user != "0"){ 
 
if (ereg('[^A-Za-z0-9 _]', $register_user)) {  

echo "You can't use symbols in your name.";

}elseif (!ereg('[^A-Za-z0-9 _]', $register_user)) { 
 
if (strlen($register_user) <= 2 || strlen($register_user) >= 20){

echo  "The username you entered is too big or too small.";

}elseif (strlen($register_user) > 2 || strlen($register_user) < 20){
 
$email_check = mysql_query("SELECT email FROM accounts WHERE email='$register_email' AND status='Alive'"); 

$username_check = mysql_query("SELECT username FROM accounts WHERE username='$register_user'"); 
 
$register_email_check = mysql_num_rows($email_check); 

$username_check = mysql_num_rows($username_check); 
 
if(($register_email_check > 0) || ($username_check > 0)){  
 
if($register_email_check > 0){ 

echo  "Some other gangster is already running that email address."; unset($register_email); } 

if($username_check > 0){ 

echo "some other gangster is already running that name."; unset($register_user); } 
 
}else{ 
 
$ip = $_SERVER['REMOTE_ADDR'];

Feb 10 '14 #1

Subscribe Post Reply

1207

Dormilich

8,658

Expert Mod 8TB

I'm with one.com so it doesn't show me what line my errors on but I still can't seem to figure out how to secure this.

ini_set() and php_flags disabled?

If there's anything you can suggest/help me with it'd be appreciated.

use Prepared Statements, they’re immune to SQL Injection.

ah, yes, passwords should always be hashed before storing in a DB, that should render SQL Injection useless as well (if applied in PHP).

as a last resort you could use a RegExp to find invalid characters.

Feb 11 '14 #2

curlyyh

Could you show me a quick example in code as to what I'd be doing if it's okay?

Feb 11 '14 #3

Dormilich

8,658

Expert Mod 8TB

there is too few information for anything code related.

Feb 11 '14 #4

curlyyh

can you see from line 41 all it decides is whether the password for the first box and the verify password box are the same.. I want it to be limited so you can only have passwords using, letters(lowercase&uppercase), numbers, underscores and dashes

Feb 13 '14 #5

curlyyh

Wait, sorry make that:

A-Z
a-z
0-9
underscores > (_)
dashes > (-)
fullstops > .
slash > /

Feb 13 '14 #6

Similar topics

Save passwords in scripts

by: Florian Lindner | last post by:

Hello, I've a scripts that allows limited manipulation of a database to users. This script of course needs to save a password for the database connection. The users, on the other hand need read...

Python

How to securely store passwords in .NET applications?

by: Peter Rilling | last post by:

How does Windows store passwords that it uses? For instance, when you install a service, you can provide it the username and password. This information is stored somehow so that at a later date...

C# / C Sharp

Passwords in web.config... is this secure?

by: John Buchmann | last post by:

In my web.config, I have a section that has a name and password: <credentials passwordFormat="Clear"> <user name="aaa" password="bbb" /> </credentials> Is this secure? What is to stop...

ASP.NET

How secure is MSAccess?

by: VB Programmer | last post by:

I am creating a new ASPX web app. I would like to use MS Access, but am concerned about security. There will be alot of secure info in this db (credit cards, passwords, client info, etc...) Is...

ASP.NET

is using LDAP or SESSION more secure for authentication and access control?

by: Notgiven | last post by:

I am considering a large project and they currently use LDAP on MS platform. It would be moved to a LAMP platform. OpenLDAP is an option though I have not used it before. I do feel fairly...

PHP

Secure password storage

by: Alvaro G. Vicario | last post by:

Iâ€™m writing a web application that needs to keep passwords in a database. These passwords are for third-party services and are different from the regular login passwords. I donâ€™t like...

PHP

How to secure the Dotnet code

by: Usman | last post by:

Hi I'm working on an application that contains classes for licensing, authentication etc, including all the algorithms of encryption/decryption etc. I wanted to secure this code, but after...

.NET Framework

Storing and passing secure passwords to MS Exchange

by: scoomey | last post by:

Hi folks- I've got an interesting problem. For our homebrewed PHP intranet application, I will soon be required to give users access to their email/calendar information from Microsoft Exchange....

PHP

Encrypting Passwords

by: Cord-Heinrich Pahlmann | last post by:

Hi, I have written a tool wich de/encrypts a few of my forum and bloggin-Passwords. My question is how secure it is. The following describes how I have encrypted my passwords. When I log in,...

PHP

Encrypting files with secure passwords

by: | last post by:

I've written code for encrpting files, but I can't seem to find examples where the password is secure from user input to wiping it from memory after decryption. Is this atually possible in c#?...

C# / C Sharp

Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"

by: taylorcarr | last post by:

A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...

General

Merging data from multiple Excel files

by: ryjfgjl | last post by:

In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...

Data Management

Migrating Website to Cloud - Emmanuel Katto

by: emmanuelkatto | last post by:

Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel

General

Looking to do Android software development, any suggestions? Is flutter better?

by: nemocccc | last post by:

hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?

General

Is that possible of reading the .csv file in column wise and the column have different lengths ?

by: Sonnysonu | last post by:

This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...

C / C++

How to build RAID in BIOS?

by: Hystou | last post by:

There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

Computer Hardware

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...

Windows Server

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...

C / C++

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

Online Marketing