Hi, Can anyone help us to hash [sha1/md5] password and 'salts' it? The best is use sha1.. if($_POST['create_account']){ if(!$_POST['accept_terms']) $smarty->assign("error_terms", err_accept_terms); else if(!$_POST['username']) $smarty->assign("error_username", err_choose_username); else if(!preg_match('/^[a-zA-Z0-9]+$/', $_POST['username'])) $smarty->assign("error_username_chars", err_username_chars); else if(user_exists($_POST['username'])) $smarty->assign("error_username", err_account_exists); else if(!$_POST['pass1'] || $_POST['pass1'] != $_POST['pass2']) $smarty->assign("error_pass", err_password_mismatch); else if(!email_ok($_POST['email'])) $smarty->assign("error_email", err_email_incorrect); else if($_POST['code1'] != $_POST['code2']) $smarty->assign("error_code", err_invalid_code); else if(email_exists($_POST['email'])) $smarty->assign("error_email", err_email_exists); else { if($_POST['visible']) $visible = 1; else $visible = 0; $db = new database; $db->dblink(); $id = $db->db_insert("users", "time, username, pass, email, visible", time().", '{$_POST['username']}', '{$_POST['pass1']}', '{$_POST['email']}', $visible"); if($id) { $rec = $db->get_rec("users", "*", "id=$id"); $_SESSION['user'] = new user($rec); //confirmation email $msg = str_replace("#username", $_SESSION['user']->username, confirmation_mail); $msg = str_replace("#link", $base_href."welcome/".encrypt($_SESSION['user']->username."###".$_SESSION['user']->pass), $msg); mail($_SESSION['user']->email, confirmation_subject, $msg, "From: Admin<".CONTACT_MAIL.">"); $files = get_files('sample_photos'); $file = $files[0]; $old = "sample_photos/$file"; $parts = explode(".", $file); $last = count($parts) - 1; $ext = $parts[$last]; $filename = $_SESSION['user']->id.".".$ext; $new = "profile_images/$filename"; if(copy($old, $new)) $db->db_update("users", "avatar='$filename'", "id={$_SESSION['user']->id}"); copy($new, "avatars/$filename"); resize_picture(25, 25, "avatars/$filename", $ext); //confirmation email //$msg = str_replace("#username", $_SESSION['user']->username, confirmation_mail); //$msg = str_replace("#link", $base_href."welcome/".encrypt($_SESSION['user']->username."###".$_SESSION['user']->pass), $msg); //mail($_SESSION['user']->email, confirmation_subject, $msg, "From: Admin<".CONTACT_MAIL.">"); unset($_SESSION['user']); $page = "welcome_info"; } else $error = err_create_account; } if($page != "welcome_info") { $page = "home"; $smarty->assign("error", $error); $smarty->assign("reg", 1); } } //login a user if($_POST['login']){ $result = $db->get_recs("users", "*", "(username='{$_POST['user']}' or email='{$_POST['user']}') and pass='{$_POST['pass']}' and new=0"); $how_many = $db->count_recs($result); if($how_many != 0) { $rec = $db->fetch_objects($result); $_SESSION['user'] = new user($rec[0]); $_SESSION['user_id'] = $_SESSION['user']->id; if($_POST['remember_me']){ setcookie("login_user", $_SESSION['user']->username, time() + 86400 * 60); setcookie("login_pass", $_SESSION['user']->pass, time() + 86400 * 60); } unset($_SESSION['logged_out']); header("Location: profile/{$_SESSION['user']->username}"); } else { $result = $db->get_recs("users", "*", "(username='{$_POST['user']}' or email='{$_POST['user']}') and pass='{$_POST['pass']}' and new=1"); $how_many = $db->count_recs($result); if($how_many != 0){ //confirmation email $recs = $db->fetch_objects($result); if(is_array($recs)) foreach($recs as $rec){ $u = new user($rec); $msg = str_replace("#username", $u->username, confirmation_mail); $msg = str_replace("#link", $base_href."welcome/".encrypt($u->username."###".$u->pass), $msg); mail($u->email, confirmation_subject, $msg, "From: Admin<".CONTACT_MAIL.">"); $smarty->assign("login_error", err_account_inactive); } else $smarty->assign("login_error", err_login_incorrect); } else $smarty->assign("login_error", err_login_incorrect); } } //check if the user is logged in if($_SESSION['user']){ $rec = $db->get_rec("users", "id", "username='{$_SESSION['user']->username}'"); if($rec->id != $_SESSION['user_id']) $_SESSION['user_id'] = $rec->id; } else { //if not logged in but remembered in cookies if($_COOKIE['login_user'] && $_COOKIE['login_pass'] && !$_SESSION['logged_out']){ $rec = $db->get_rec("users", "*", "(username='{$_COOKIE['login_user']}' or email='{$_COOKIE['login_user']}') and pass='{$_COOKIE['login_pass']}'"); if($rec) $_SESSION['user'] = new user($rec); header("Location: profile/{$_SESSION['user']->username}"); } $code = random_string(5); $smarty->assign("code", $code); } PHP: ====================================================== Besides that i have problem with magic_quote.. when i post Jingle's Bells it will show :Jingle\\\'s Bells so anyon have any idea?
CANT... i got an error... Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/www/public_html/****/***.php on line *** when i use this : $id = $db->db_insert("users", "time, username, pass, email, visible", time().", '{$_POST['username']}', '{md5($_POST['pass1'])}', '{$_POST['email']}', $visible");
I think, the method db_insert can't handle in-line functions, I mean the usage of md5 function in the third parameter. So, just have the md5 hashed string ready and call the db_insert with that variable. The error message stated it clearly, its an SYNTAX error.
mail4kaja and ezprint2008's Thanks for your help ... now it works by using "md5 hashed string ready and call the db_insert with that variable"