Wrox Programmer Forums

Need to download code?

View our list of code downloads.

| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
BOOK: PHP and MySQL: Create-Modify-Reuse ISBN: 978-0-470-19242-9
This is the forum to discuss the Wrox book PHP and MySQL: Create-Modify-Reuse by Timothy Boronczyk, Martin E. Psinas; ISBN: 9780470192429
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: PHP and MySQL: Create-Modify-Reuse ISBN: 978-0-470-19242-9 section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old July 14th, 2009, 02:02 PM
Authorized User
Points: 374, Level: 6
Points: 374, Level: 6 Points: 374, Level: 6 Points: 374, Level: 6
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jul 2009
Location: San Jose, Californina
Posts: 77
Thanks: 4
Thanked 6 Times in 6 Posts
Default User registration forgotpass.php

I like the book, it is real good.
I think there may be a bug in
Chapter 1, User Registration, the forgotpass.php file.

There is a section in forgotpass.php that reads
Code:
// store new password
$user->password = $password;
$user->save();
It seems sha1 should be used here.
Code:
// store new password
$user->password = sha1($password)
$user->save();
If you don't use sha1, it will store the password unencrypted in the database,
Then, when login.php does this comparision

$user->password == sha1($_POST('password'))
it will fail.
As you can see login.php encrypts the posted value,
so if the value in your database is not encrypted this
comparison will never pass.

I tested it using sha1 in forgotpass.php and it worked fine.
Without using sha1, I could not login.
Reply With Quote
  #2 (permalink)  
Old September 5th, 2009, 10:58 PM
Registered User
 
Join Date: Sep 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks for pointing that out - saved me some time.
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
transact-user.php Matthias BOOK: Beginning PHP, Apache, MySQL Web Development ISBN: 978-0-7645-5744-6 1 December 18th, 2005 09:34 AM
send e-mail to user after registration 2 p2ptolu Classic ASP Databases 0 April 18th, 2005 06:28 AM
send e-mail to user after registration p2ptolu Classic ASP Databases 6 April 8th, 2005 05:32 AM
Php User functionalities codeprice PHP How-To 2 August 25th, 2004 05:30 PM



All times are GMT -4. The time now is 11:42 PM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.