php-general Digest 10 Nov 2009 18:03:47 -0000 Issue 6436
Topics (messages 299764 through 299768):
Re: Hash function
299764 by: Hans Ã
hlin
Re: Multilingual website, texts in external JavaScriptproblem
299765 by: Peter Ford
Form Validation filter - Regex Q
299766 by: Haig Davis
299767 by: Al
299768 by: Nathan Rixham
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
Hope this is what your looking for...
<?php
/**
* This is a part of the SN1000 System
*
* @author Hans Åhlin
* @copyright (C)2009 Hans Åhlin
* @owner Hans Åhlin
* @version 1.000.000
* @contact [email protected]
*
* Copyrighted by the owner of SN1000
* ALL COPYING, PUBLISHING AND EDITING WITH OUT THE
* COPYRIGHT HOLDERS WRITTEN PERMISSION IS FORBIDDEN,
* THIS INCLUDES THE CODE, TEXT, GRAPHICS AND SOUNDS.
* For more information and/or questions please
* contact us at [email protected] Including the
* concerning page file name and dns address
*/
if(__DEBUG__ == 1){
$TestPW = 'This is the test password!!!';
echo "\n*****************************************\n";
echo "** PASSWORD HASH FUNCTION\n";
echo "** snlib_hash_password()\n";
echo "*****************************************\n";
echo "The test password: $TestPW";
echo "\n";
echo snlib_hash_password($TestPW);
echo "\n*****************************************\n";
}
/**
* This function salts and scrambles the password for higher security
*
* @version 1.000.000
* @param $Password
* @return SHA1
*/
function snlib_hash_password($Password){
$PWLength = strlen($Password);
if(__DEBUG__ == 1){
echo 'The length of the test password: ';
echo $PWLength;
echo "\n";
}
$ScrambledPW = "";
$i = 0;
while($PWLength != 0){
$PWLength--;
$ScrambledPW .= $PWLength . $Password[$PWLength] .
$Password[$i] . $i;
$i++;
}
if(__DEBUG__ == 1){
echo 'The scrambled test password: ';
echo $ScrambledPW;
echo "\n";
}
$PasswordHASH = sha1($ScrambledPW);
return $PasswordHASH;
}
?>
For legal purposes i her grant you all to use this file fore any
purpose, and for the same reason i can not take away the copyright
notice...
2009/11/9 Ali Asghar Toraby Parizy <[email protected]>:
> hi friends
> I need a hash function to build a Unique serial number by mixing a request
> code and a user name
> request codes are strings like this: They are literally HEX codes of MAC mac
> addresses.
> "002314EFD000544AB05345300045675609782123C3254B312123D12312EE13123F123D123123E00000000E00000000E0000000E0000000E0000000E00000000E00000000"
> i want to create a function that mix together this request code with user
> name that user entered and create new serial number.
> What implications i have to satisfy to create such hash function in php?
> Thanks for any suggestion
>
--
MvH / Hans Åhlin
Tel: +46761488019
http//www.kronan-net.com/
--- End Message ---
--- Begin Message ---
leledumbo wrote:
>> I don't see why you can't use inline script in XHTML 1.0 Strict
>
> Because I don't know about CDATA, thanks.
Glad to be of service!
As another regular contributor to this list often points out, there's always
something new to learn :)
--
Peter Ford phone: 01580 893333
Developer fax: 01580 893399
Justcroft International Ltd., Staplehurst, Kent
--- End Message ---
--- Begin Message ---
Morning All,
I've been figthing with this little problem for two days now, so far no luck
with google and am beginning to question my own sanity.
I have a application that has over one hundred forms some quite lengthy so
what I'm trying to achieve rather than writing a bunch of individual
sanitize statements then form validation statemenst that I could run $_POST
through a foreach loop and filter the values by form class i.e.is it an
emaill addreess or simply a text block with letters and numbers. The regex's
alone work fine as does the foreach loop the only issue I have is the IF
statement comparing $key to expected varieable names.
Heres the bit of code envolved.
if(isset($_POST['submit'])){
foreach($_POST as $keyTemp => $valueTemp){
$key = mysqlclean($keyTemp);
$value = mysqlclean($valueTemp);
$$key = $key;
$$key = $value;
if($key != ("$customerServiceEmail") || ("$billingEmail") ||
("$website")){
if(preg_match("/[^a-zA-Z0-9\s]/", $value)){
$style = "yellow";
$formMsg = "Invalid Characters";
$bad = $key;
}
}
if($key = ("$customerServiceEmail") || ("$billingEmail")){
if(preg_match("/^([a-za-z0-9._%...@[a-za-z0-9.-]+\.[a-za-z]{2,4})*$/",
$value)){
$style = "yellow";
$formMsg = "Invalid Characters";
$bad = $key;
}
}
}
}
Thanks for taking a peek.
Haig
--- End Message ---
--- Begin Message ---
Haig Davis wrote:
Morning All,
I've been figthing with this little problem for two days now, so far no luck
with google and am beginning to question my own sanity.
I have a application that has over one hundred forms some quite lengthy so
what I'm trying to achieve rather than writing a bunch of individual
sanitize statements then form validation statemenst that I could run $_POST
through a foreach loop and filter the values by form class i.e.is it an
emaill addreess or simply a text block with letters and numbers. The regex's
alone work fine as does the foreach loop the only issue I have is the IF
statement comparing $key to expected varieable names.
Heres the bit of code envolved.
if(isset($_POST['submit'])){
foreach($_POST as $keyTemp => $valueTemp){
$key = mysqlclean($keyTemp);
$value = mysqlclean($valueTemp);
$$key = $key;
$$key = $value;
if($key != ("$customerServiceEmail") || ("$billingEmail") ||
("$website")){
if(preg_match("/[^a-zA-Z0-9\s]/", $value)){
$style = "yellow";
$formMsg = "Invalid Characters";
$bad = $key;
}
}
if($key = ("$customerServiceEmail") || ("$billingEmail")){
if(preg_match("/^([a-za-z0-9._%...@[a-za-z0-9.-]+\.[a-za-z]{2,4})*$/",
$value)){
$style = "yellow";
$formMsg = "Invalid Characters";
$bad = $key;
}
}
}
}
Thanks for taking a peek.
Haig
1] Pear has several classes that will help you from reinventing the wheel.
2] I always, when possible, restrict what users are allowed to enter. Then, I
simply delete or warn them about anything that is not permissible. e.g., they
can enter any of the plain html tags. Any tags not in this list are removed.
//region******** Usable XHTML elements for user admin prepared user instructions
[Only these XHTML tags can be used] ********/
$inlineHtmlTagsArray = array('a', 'b', 'img', 'em', 'object', 'option',
'select', 'span', 'strong',);//Note img is both empty and inline
$blockHtmlTagsArray = array('div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'p',
'pre',);
$emptyHtmlTagsArray = array('br', 'hr', 'img',);
$listHtmlTagsArray = array('li', 'ol', 'ul');
$tableHtmlTagsArray = array('col', 'table', 'tbody', 'td', 'th', 'thead',
'tr',);
I also do syntax and reverse DNS tests for all links and email addresses.
--- End Message ---
--- Begin Message ---
Haig Davis wrote:
> alone work fine as does the foreach loop the only issue I have is the IF
> statement comparing $key to expected varieable names.
>
> if($key != ("$customerServiceEmail") || ("$billingEmail") ||
multiple points here..
1: is the key name held in a php variable called $customerServiceEmail?
if you have <input name="customerServiceEmail" /> then use:
<?php
if( $key != 'customerServiceEmail' )
?>
if you have <input name="$customerServiceEmail" /> then use:
<?php
if( $key != '$customerServiceEmail' )
?>
2: if you need to compare multiples then you need to use either..
<?php
if( !in_array( $key , array('customerServiceEmail' , 'billingEmail' ,
'website') ) ) {
?>
<?php
if( $key != 'customerServiceEmail' && $key != 'billingEmail' && $key !=
'website' )
?>
note in the above I've *ass*umed some mistyped logic, in that only
proceed if not ('customerServiceEmail' || 'billingEmail' || 'website') -
which is in correct because string || string || string *always* equals 1
- hence you need the 3 comparisons achieved by using and(&&) or in_array.
3: these two lines override each other, and variable variables aren't
needed here
$$key = $key;
$$key = $value;
here's a full version for you that should work as you expect:
<?php
if( isset($_POST['submit']) ) {
foreach($_POST as $keyTemp => $valueTemp){
$key = mysqlclean($keyTemp);
$value = mysqlclean($valueTemp);
if( in_array( $key , array( 'customerServiceEmail' , 'billingEmail'
) ) ) {
// only email validate if its an email field
if(
preg_match("/^([a-za-z0-9._%...@[a-za-z0-9.-]+\.[a-za-z]{2,4})*$/",
$value) ) {
$style = "yellow";
$formMsg = "Invalid Characters";
$bad = $key;
}
} else if( $key == 'website' ) {
// placeholder incase you want URL validation
} else {
// only gets here if not and email field, and not a website address
if(preg_match("/[^a-zA-Z0-9\s]/", $value)){
$style = "yellow";
$formMsg = "Invalid Characters";
$bad = $key;
}
}
}
}
?>
regards;
--- End Message ---
