Re: [PHP-DB] password in md5 to connect to mysql instead of clear password
On Thu, 24 Feb 2005 02:37:01 -0800 (PST), Gael Lams <[EMAIL PROTECTED]> wrote: > Hi all > > I use the classic following rows to connect to a mysql > database. I always put $passsword in clear in the php > connection file and I wonder whether there is a way to > have it in md5 so that someone reading the file could > not use it to connect to the db. I googled a bit but > find only threads explaining how to have password > saved in md5 inside a mysql table which is not I would > like to do Because MySQL is using another password-hashing-algoritm other than MD5, as far as I know, it is not possible. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] How to emulate phpMyadmin for editing with checkboxes
Mahmoud Badreddine wrote: I changed my checkbox statement to looke like the following: where "ID" is the name of the auto-incremental id of my table. This is the output I get from my post_r debug statement: [isSelected] => Array ( [0] => [1] => [2] => ) Look at the HTML that's generated. I'll bet that $row['ID'] doesn't have the value you think it does, so you're creating empty values for each of the checkboxes. Since you said leaving the value attribute out gives you "on" for each one, this has to be the case. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] How-to pass informational mysql messages to the browser
Hello everyone, My PHP/mysql pages are working perfectly, the problem is users don't know if what they are doing is working. I have a system that adds and deletes tape id's from mysql via a PHP front end. I would like to pass the same success/failure messages that I would get if I performed the add/delete directly within mysql. For example, If I delete a tape from the db within mysql, after I hit enter I get the following message: mysql> delete from tape_tracking_test where media_id like 'TR44'; Query OK, 1 row affected (0.01 sec) I would like to display this message to the browser: Query OK, 1 row affected (0.01 sec) Any help would be appreciated, Thanks, Mike -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: password in md5 to connect to mysql instead of clear password
Gael Lams,
The problem is, MD5 is non-reversible. Any encryption you use that is
non reversible... obviously cannot be reversed, right? If it can't be
reversed, that's what you have to send for the connection - and anyone
sending that will get through just fine.
Here, let me explain. If you were to store the password MD5'd, say in
$password, you would have to pass that (the md5'd version) to
mysql_connect(). If you can pass it to that function, anyone can... and
so the encryption doesn't help anyone (except that the password is longer.)
Generally, the solution would be a challenge login, but even then the
client needs to know the clear text password, and so it needs to be
saved somewhere.
There is one solution to this: certificates, but that's still by
machine. See the documentatation for more information:
http://www.php.net/ref.mysql
-[Unknown]
Original Message
Hi all
I use the classic following rows to connect to a mysql
database. I always put $passsword in clear in the php
connection file and I wonder whether there is a way to
have it in md5 so that someone reading the file could
not use it to connect to the db. I googled a bit but
find only threads explaining how to have password
saved in md5 inside a mysql table which is not I would
like to do
Regards,
Gaël
function SQLConnect()
{
$server_name = 'localhost';
$db_name = 'cmsdb';
$user_name = 'user';
$password = 'clearpassword';
if (!$dbconnect =
mysql_connect($server_name, $user_name, $password))
{
echo "Connection failed to the
host 'localhost'.";
exit;
}
if (!mysql_select_db($db_name))
{
echo "Cannot connect to
database '.$db_name.'";
exit;
}
}
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] How to emulate phpMyadmin for editing with checkboxes
Thank you for your generous response.
I am almost there, but not quite.
I changed my checkbox statement to looke like the following:
where "ID" is the name of the auto-incremental id of my table.
This is the output I get from my post_r debug statement:
Array
(
[isSelected] => Array
(
[0] =>
[1] =>
[2] =>
)
[SUBMIT] => Edit
)
As I was debugging I tried the checkbox statement without the value
attribute or parameter, so it looked like the following:
and the debug info from post_r is the following
Array
(
[isSelected] => Array
(
[0] => on
[1] => on
[2] => on
)
[SUBMIT] => Edit
)
which makes me wonder whether or not an 'int' value can be input for the
value of a checkbox array.
From: John Holmes <[EMAIL PROTECTED]>
To: Mahmoud Badreddine <[EMAIL PROTECTED]>
CC: php-db@lists.php.net
Subject: Re: [PHP-DB] How to emulate phpMyadmin for editing with checkboxes
Date: Wed, 23 Feb 2005 22:11:18 -0500
Mahmoud Badreddine wrote:
Problem statement:
I would like to give my users the option of clicking on a checkbox which I
have provided as a field in a table and then clicking on the edit (or
delete ) button to edit the info pertaining to the checked record.
In other words , in case my statement of the problem isn't clear, I would
like to do the editing or deletion the same way it's done in phpMyadmin.
Click on the checkbox followed by the desired action.
Details:
I have included in my table a field which I have called "chosen" which is
of type enum('1','0')
As soon as I hit the "edit" button , I am redirected to a php script. In
that scritp the first action I would like to make is to update the field
chosen from the value '0' to the value '1'.
This way I will be able to update based on the value of that field. But my
problem is how to link the checkbox input to this field. The checkbox
input is blind to which record it is acting upon. But there must be a way.
Each record has an ID, right? So set the value of the checkbox to the ID of
the record. Make the checkboxes an array, also.
Do that for each checkbox. When the form is submitted, you'll have
$_POST['choices'] that contain the IDs of all the records selected.
array_values($_POST['choices']) will give you the values or you can loop
through the array yourself.
Now perform whatever "action" was selected. The action can be a value
passed from a drop down select box. No need for a "chosen" column in the
database. You'll just run into trouble with that anyhow, because how do you
get the records back to "unchosen"? How do you determin who "chose" a
record? What happens if they choose records, but don't perform an action?
If their browser or computer crashes? etc... :)
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals www.phparch.com
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] password in md5 to connect to mysql instead of clear password
Gael Lams wrote: Hi all I use the classic following rows to connect to a mysql database. I always put $passsword in clear in the php connection file and I wonder whether there is a way to have it in md5 so that someone reading the file could not use it to connect to the db. I googled a bit but find only threads explaining how to have password saved in md5 inside a mysql table which is not I would like to do [snip] No. Think about it - if your script is able to connect using this MD5 hash of the password - anyone who could read that script could similarly just connect using the MD5. Store your password in an included file outside of the webroot. Cheers, -- - Martin Norland, Sys Admin / Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] How-to pass informational mysql messages to the browser
Hello everyone, My PHP/mysql pages are working perfectly, the problem is users don't know if what they are doing is working. I have a system that adds and deletes tape id's from mysql via a PHP front end. I would like to pass the same success/failure messages that I would get if I performed the add/delete directly within mysql. For example, If I delete a tape from the db within mysql, after I hit enter I get the following message: mysql> delete from tape_tracking_test where media_id like 'TR44'; Query OK, 1 row affected (0.01 sec) I would like to display this message to the browser: Query OK, 1 row affected (0.01 sec) Any help would be appreciated, Thanks, Mike -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] password in md5 to connect to mysql instead of clear password
Nope, the login function uses cleartext. Put your connect function in a
seperate file in a secure directory, and include() it to make the connection.
That seems to be the way to do it, someone else may have a better idea.
-Micah
On Thursday 24 February 2005 02:37 am, Gael Lams wrote:
> Hi all
>
> I use the classic following rows to connect to a mysql
> database. I always put $passsword in clear in the php
> connection file and I wonder whether there is a way to
> have it in md5 so that someone reading the file could
> not use it to connect to the db. I googled a bit but
> find only threads explaining how to have password
> saved in md5 inside a mysql table which is not I would
> like to do
>
> Regards,
>
> Gaël
>
> function SQLConnect()
> {
> $server_name = 'localhost';
> $db_name = 'cmsdb';
> $user_name = 'user';
> $password = 'clearpassword';
>
> if (!$dbconnect =
> mysql_connect($server_name, $user_name, $password))
> {
> echo "Connection failed to the
> host 'localhost'.";
> exit;
> }
> if (!mysql_select_db($db_name))
> {
> echo "Cannot connect to
> database '.$db_name.'";
> exit;
> }
> }
>
>
>
> __
> Do you Yahoo!?
> Yahoo! Mail - Easier than ever with enhanced search. Learn more.
> http://info.mail.yahoo.com/mail_250
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] password in md5 to connect to mysql instead of clear password
Not answering your question but I'd put the connect info into a separate
include file. This should then be placed in a directory that can be
accessed by the Web Server but not by any other user (except root). Then
when you need to establish a connection you just need to include the file.
graeme.
Gael Lams wrote:
Hi all
I use the classic following rows to connect to a mysql
database. I always put $passsword in clear in the php
connection file and I wonder whether there is a way to
have it in md5 so that someone reading the file could
not use it to connect to the db. I googled a bit but
find only threads explaining how to have password
saved in md5 inside a mysql table which is not I would
like to do
Regards,
Gaël
function SQLConnect()
{
$server_name = 'localhost';
$db_name = 'cmsdb';
$user_name = 'user';
$password = 'clearpassword';
if (!$dbconnect =
mysql_connect($server_name, $user_name, $password))
{
echo "Connection failed to the
host 'localhost'.";
exit;
}
if (!mysql_select_db($db_name))
{
echo "Cannot connect to
database '.$db_name.'";
exit;
}
}
__
Do you Yahoo!?
Yahoo! Mail - Easier than ever with enhanced search. Learn more.
http://info.mail.yahoo.com/mail_250
--
Experience is a good teacher, but she sends in terrific bills.
Minna Antrim
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] max character size mysql can contain
Hi guiz, I was just wondering if anyone has an idea the maximum size of characters(in bytes) a mysql database can contain thanx - A passion till tomorrow, Opeyemi Obembe | ng.clawz.com - Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less.
[PHP-DB] MySQLPHP decrypt(password)
hi all I am using password() to crypt a user password online. but how do i decrypt a user password, when user forgot his/her password? kind regards m -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] most popular places
Hi there, I am trying to do a tricky task with PHP and MySQl 4.0.x There are 3 content tables where each of them contains a city_id and there is a 4th table which holds the city_id and the acording city_name Now I would like to find out the most used city names. For example: members picturesreports 3 4 3 2 9 8 9 8 8 So the most used city_ids are 8 3 9 To find this out would be a chelenging task, but to merge them with the city name is even more difficult I am working on this quite a while now and cant find a way. Maybe someone of you guys could give me a smart push. Thank you for any help, Merlin -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] password in md5 to connect to mysql instead of clear password
On Thu, 2005-02-24 at 02:37 -0800, Gael Lams wrote:
> Hi all
>
> I use the classic following rows to connect to a mysql
> database. I always put $passsword in clear in the php
> connection file and I wonder whether there is a way to
> have it in md5 so that someone reading the file could
> not use it to connect to the db. I googled a bit but
> find only threads explaining how to have password
> saved in md5 inside a mysql table which is not I would
> like to do
>
> Regards,
>
> Gal
>
> function SQLConnect()
> {
> $server_name = 'localhost';
> $db_name = 'cmsdb';
> $user_name = 'user';
> $password = 'clearpassword';
>
> if (!$dbconnect =
> mysql_connect($server_name, $user_name, $password))
> {
> echo "Connection failed to the
> host 'localhost'.";
> exit;
> }
> if (!mysql_select_db($db_name))
> {
> echo "Cannot connect to
> database '.$db_name.'";
> exit;
> }
> }
You could probably do this if you managed to take the mysql source code
and changed the login functions.
..but if someone can see your password in MD5 format..could they then
not login with the same privileges as with your plain text?
-Robby
--
/***
* Robby Russell | Owner.Developer.Geek
* PLANET ARGON | www.planetargon.com
* Portland, OR | [EMAIL PROTECTED]
* 503.351.4730 | blog.planetargon.com
* PHP/PostgreSQL Hosting & Development
* --- Now hosting Ruby on Rails Apps ---
/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] max character size mysql can contain
Yemi Obembe wondered: Hi guiz, I was just wondering if anyone has an idea the maximum size of characters(in bytes) a mysql database can contain thanx * This is determined by the OS file-size limit as MyQSL stores its data in regular files. I think maybe 4G on windows. Not sure on *nix, but likely much bigger. David
Re: [PHP-DB] most popular places
the only way i can think of off the top of my head would not be
intense as you would have to do a foreach for each of the cities such
as
$qry = select * from table
$total = mysql_num_rows( $qry );
foreach( $cities as $city ) {
// do db query such as
// $qry = mysql_query(SELECT id FROM table where members=$city OR
pictures=$city OR reports=$city);
//$cities[$city] = $total / mysql_num_rows($qry);
with something like this you would get an array, you could then sort
the array based on highest to lowest value, you could then display the
cities which are used the most, if you really want to get into the
details you could do seperate queries for the members, pictures,
reports and store them as such
$citites[$city]['members'] etc...
--
Joseph Crawford Jr.
Codebowl Solutions
[EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] MySQLPHP decrypt(password)
moses Woldeselassie wrote: hi all I am using password() to crypt a user password online. but how do i decrypt a user password, when user forgot his/her password? kind regards m You don't - that's the point. You have to provide them with a way to reset their password, based on some other method of authentication. Traditionally this is done with mailing a user a password reset link, and having that link only available for a short period of time. Cheers, -- - Martin Norland, Sys Admin / Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] most popular places
Use a join to get the city name Use grouping to group the most common cities select a.*, b.* from table1 a inner join table2 b on a.id = b.id [where clause] group by a.id Would need a little more data about the structure of the tables to give a more complete answer bastien From: Merlin <[EMAIL PROTECTED]> To: php-db@lists.php.net Subject: [PHP-DB] most popular places Date: Fri, 25 Feb 2005 16:08:54 +0100 Hi there, I am trying to do a tricky task with PHP and MySQl 4.0.x There are 3 content tables where each of them contains a city_id and there is a 4th table which holds the city_id and the acording city_name Now I would like to find out the most used city names. For example: members picturesreports 3 4 3 2 9 8 9 8 8 So the most used city_ids are 8 3 9 To find this out would be a chelenging task, but to merge them with the city name is even more difficult I am working on this quite a while now and cant find a way. Maybe someone of you guys could give me a smart push. Thank you for any help, Merlin -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] How-to pass informational mysql messages to the browser
I like to use a js alert box to notify the users
/*
alert box popup confimation message function
*/
function confirm($msg)
{
echo "alert(\"".$msg."\");";
}//end function
Then in the code I create the message as needed. In your case, you can
validate the query worked and then do :
$msg = "Tape deleted"; //simple to even add the tape number in as well
confirm($msg);
bastien
From: "Mike Millner" <[EMAIL PROTECTED]>
To:
Subject: [PHP-DB] How-to pass informational mysql messages to the browser
Date: Thu, 24 Feb 2005 15:07:00 -0700
Hello everyone,
My PHP/mysql pages are working perfectly, the problem is users don't know
if what they are doing is working.
I have a system that adds and deletes tape id's from mysql via a PHP front
end.
I would like to pass the same success/failure messages that I would get if
I performed the add/delete directly within mysql.
For example, If I delete a tape from the db within mysql, after I hit enter
I get the following message:
mysql> delete from tape_tracking_test where media_id like 'TR44';
Query OK, 1 row affected (0.01 sec)
I would like to display this message to the browser:
Query OK, 1 row affected (0.01 sec)
Any help would be appreciated,
Thanks,
Mike
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] most popular places
Merlin wrote: I am trying to do a tricky task with PHP and MySQl 4.0.x There are 3 content tables where each of them contains a city_id and there is a 4th table which holds the city_id and the acording city_name Now I would like to find out the most used city names. For example: memberspictures reports 343 298 988 So the most used city_ids are 8 3 9 To find this out would be a chelenging task, but to merge them with the city name is even more difficult I am working on this quite a while now and cant find a way. Maybe someone of you guys could give me a smart push. [snip] SELECT COUNT(m.city_id), other.city_name FROM members as m, other GROUP BY m.city_id WHERE m.city_id = other.city_id; can't think off the top of my head any easy way to do that together with all the tables in one query, seems like it should be possible though. This should get you pointed in the right direction if you aren't already (note - sql is untested, and I always hose my GROUP BY's on the first try - but it should be close :) ) Cheers, -- - Martin Norland, Sys Admin / Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] max character size mysql can contain
DBs can be hugeMany now are apporaching terabyte sizes...You need to learn how DBs handle the files that are used to store the data...there are fileystem size limitations bastien From: Yemi Obembe <[EMAIL PROTECTED]> To: php-db@lists.php.net Subject: [PHP-DB] max character size mysql can contain Date: Fri, 25 Feb 2005 00:19:42 -0800 (PST) Hi guiz, I was just wondering if anyone has an idea the maximum size of characters(in bytes) a mysql database can contain thanx - A passion till tomorrow, Opeyemi Obembe | ng.clawz.com - Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] MySQLPHP decrypt(password)
You can't. Its an MD5 hash, not an encryption...I reset the password to a
random one, and email it to the user, also flag the account to force them to
change the password upon login...
[code]
function mail_password()
{
global $err_msg;
//get the variables from the form
if ((isset($_POST['email']))&&(isset($_POST['lg_name']))){
$email = $_POST['email'];
$mid = $_POST['lg_name'];
$date_cookie = $_COOKIE['last_time'];
}else{
$err_msg = "Please enter both your email address and your username.
Thank you.";
show_form();
die();
}//end if
//create the sql and run the query
$sql = "SELECT * FROM users WHERE user_email='$email' and user_name =
'$mid'";
$result = connect($sql);
//check the query results
if (mysql_num_rows($result)!=1){
$err_msg = "No results found. Please re-enter your
username and email address to try again.";
show_form();
}else{
$row = mysql_fetch_array($result);
$email2 = $row['cust_email'];
$pass = $row['cust_pw'];
//call the change password function and pass it the information related to
the record to create the temp password
$new_pass = change_password($mid, $pass);
$sendto = $email2;
$from = "WebMaster <[EMAIL PROTECTED]>";
$subject= "Forgotten Password";
$message= "Dear $email2,
Your password is $new_pass.
Regards,
Webmaster";
echo $message;
$headers = "MIME-Version: 1.0\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\n";
$headers .= "X-Priority: 3\n";
$headers .= "X-MSMail-Priority: Normal\n";
$headers .= "X-Mailer: php\n";
$headers .= "From: \"".$from."\" <".$from.">\n";
if (!mail($sendto, $subject, $message, $headers)){
echo "Mail failed to send";
}else{
header("location:confirm1.htm");
}//end if
}//end if
}//end function
//---
// change password function
//---
function change_password($id, $password)
{
//generate a random password
$pass = "";
$salt = "abchefghjkmnpqrstuvwxyz0123456789";
srand((double)microtime()*100);
$i = 0;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($salt, $num, 1);
$pass = $pass . $tmp;
$i++;
}
//change the password in the db
$sql = "update cust_info set cust_pw ='".md5($pass)."', temp_pass = 1 where
cust_lg = '$id' and cust_pw = '$password'";
$result = connect($sql);
if ($result){
return $pass;
}else{
change_password($id, $password);
}
}//end function
[/code]
bastien
From: "moses Woldeselassie" <[EMAIL PROTECTED]>
To: php-db@lists.php.net
Subject: [PHP-DB] MySQLPHP decrypt(password)
Date: Fri, 25 Feb 2005 10:20:55 +
hi all
I am using password() to crypt a user password online. but how do i decrypt
a user password, when user forgot his/her password?
kind regards
m
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] password in md5 to connect to mysql instead of clear password
I was just thinking that a better way to do this is with a public/private key
set. Then it would be secure, but as someone else mentioned, you'd have to
patch the source to make it work.
-Micah
On Friday 25 February 2005 07:29 am, Robby Russell wrote:
> On Thu, 2005-02-24 at 02:37 -0800, Gael Lams wrote:
> > Hi all
> >
> > I use the classic following rows to connect to a mysql
> > database. I always put $passsword in clear in the php
> > connection file and I wonder whether there is a way to
> > have it in md5 so that someone reading the file could
> > not use it to connect to the db. I googled a bit but
> > find only threads explaining how to have password
> > saved in md5 inside a mysql table which is not I would
> > like to do
> >
> > Regards,
> >
> > Gal
> >
> > function SQLConnect()
> > {
> > $server_name = 'localhost';
> > $db_name = 'cmsdb';
> > $user_name = 'user';
> > $password = 'clearpassword';
> >
> > if (!$dbconnect =
> > mysql_connect($server_name, $user_name, $password))
> > {
> > echo "Connection failed to the
> > host 'localhost'.";
> > exit;
> > }
> > if (!mysql_select_db($db_name))
> > {
> > echo "Cannot connect to
> > database '.$db_name.'";
> > exit;
> > }
> > }
>
> You could probably do this if you managed to take the mysql source code
> and changed the login functions.
>
> ..but if someone can see your password in MD5 format..could they then
> not login with the same privileges as with your plain text?
>
> -Robby
>
> --
> /***
> * Robby Russell | Owner.Developer.Geek
> * PLANET ARGON | www.planetargon.com
> * Portland, OR | [EMAIL PROTECTED]
> * 503.351.4730 | blog.planetargon.com
> * PHP/PostgreSQL Hosting & Development
> * --- Now hosting Ruby on Rails Apps ---
> /
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] most popular places
With mysql 4.1 you could union and then subSelect maybe? I'm not super-familiar with sub selects, so this code won't likely run.. But then, you're runn 4.0x so it won't run anyway. :) select city_id, count(city_id) as num from ((select city_id from members) UNION (select city_id from pictures) UNION (select city_id from reports)) order by num On Friday 25 February 2005 07:08 am, Merlin wrote: > Hi there, > > I am trying to do a tricky task with PHP and MySQl 4.0.x > > There are 3 content tables where each of them contains a city_id > and there is a 4th table which holds the city_id and the acording city_name > > Now I would like to find out the most used city names. > > For example: > > members pictures reports > 3 4 3 > 2 9 8 > 9 8 8 > > So the most used city_ids are > 8 > 3 > 9 > > To find this out would be a chelenging task, but to merge them with the > city name is even more difficult > > I am working on this quite a while now and cant find a way. Maybe someone > of you guys could give me a smart push. > > Thank you for any help, > > Merlin -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] password in md5 to connect to mysql instead of clear password
[never made it to list, no idea why - been 26 hours - resending.] [ may have been since it had reply-to field before to - funny...] Gael Lams wrote: Hi all I use the classic following rows to connect to a mysql database. I always put $passsword in clear in the php connection file and I wonder whether there is a way to have it in md5 so that someone reading the file could not use it to connect to the db. I googled a bit but find only threads explaining how to have password saved in md5 inside a mysql table which is not I would like to do [snip] No. Think about it - if your script is able to connect using this MD5 hash of the password - anyone who could read that script could similarly just connect using the MD5. Store your password in an included file outside of the webroot. Cheers, -- - Martin Norland, Sys Admin / Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] password in md5 to connect to mysql instead of clear password
You could programmatically build the connection string in the php connection file, couldn't you? Have a line that sets a variable equal to the MD5 hashed value. Then, build the connection string, applying a call to a function that unhashes the password. That way, the password itself never appears in code. I don't know a thing about unhashing MD5 encrypted strings. Sorry I can't help you there. But, it sounds like you've already found that info. Good luck, Bob Sherer -Original Message- From: Jon-Eirik Pettersen [mailto:[EMAIL PROTECTED] Sent: Thursday, February 24, 2005 10:54 AM To: Gael Lams Cc: php-db@lists.php.net Subject: Re: [PHP-DB] password in md5 to connect to mysql instead of clear password On Thu, 24 Feb 2005 02:37:01 -0800 (PST), Gael Lams <[EMAIL PROTECTED]> wrote: > Hi all > > I use the classic following rows to connect to a mysql > database. I always put $passsword in clear in the php > connection file and I wonder whether there is a way to > have it in md5 so that someone reading the file could > not use it to connect to the db. I googled a bit but > find only threads explaining how to have password > saved in md5 inside a mysql table which is not I would > like to do Because MySQL is using another password-hashing-algoritm other than MD5, as far as I know, it is not possible. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] MySQLPHP decrypt(password)
On Fri, 2005-02-25 at 10:20 +, moses Woldeselassie wrote: >hi all > >I am using password() to crypt a user password online. but how do i decrypt >a user password, when user forgot his/her password? > > >kind regards >m > You don't. You make them reset their password. -Robby -- /*** * Robby Russell | Owner.Developer.Geek * PLANET ARGON | www.planetargon.com * Portland, OR | [EMAIL PROTECTED] * 503.351.4730 | blog.planetargon.com * PHP/PostgreSQL Hosting & Development * --- Now hosting Ruby on Rails Apps --- / -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] How-to pass informational mysql messages to the browser
try
if($mysql stuff her){
worked
}else{
doestn't work
}
I don't know how to get the other info you wanted besides just finding it
out before hand and see what he info is afterr you do the mydql stuff.
From: "Mike Millner" <[EMAIL PROTECTED]>
To:
Subject: [PHP-DB] How-to pass informational mysql messages to the browser
Date: Thu, 24 Feb 2005 15:07:00 -0700
MIME-Version: 1.0
Received: from lists.php.net ([216.92.131.4]) by mc9-f16.hotmail.com with
Microsoft SMTPSVC(6.0.3790.211); Fri, 25 Feb 2005 09:43:46 -0800
Received: from ([216.92.131.4:17091] helo=lists.php.net)by pb1.pair.com
(ecelerity HEAD r(5124)) with SMTPid 48/A0-51537-2D36F124 for
<[EMAIL PROTECTED]>; Fri, 25 Feb 2005 12:43:46 -0500
Received: (qmail 74804 invoked by uid 1010); 25 Feb 2005 16:31:25 -
Received: (qmail 63883 invoked by uid 1010); 25 Feb 2005 15:56:23 -
X-Message-Info: JGTYoYF78jGWrXpi2PLaE9h/sWIqJx14oyCu07itRec=
Return-Path: <[EMAIL PROTECTED]>
X-Host-Fingerprint: 216.92.131.4 lists.php.net Mailing-List: contact
[EMAIL PROTECTED]; run by ezmlm
Precedence: bulk
list-help:
list-unsubscribe:
list-post:
Delivered-To: mailing list php-db@lists.php.net
Delivered-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
X-Host-Fingerprint: 216.241.44.155 slacker.mikeshome.com Linux 2.4/2.6
References: <[EMAIL PROTECTED]>
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-OriginalArrivalTime: 25 Feb 2005 17:43:46.0479 (UTC)
FILETIME=[8E668BF0:01C51B61]
Hello everyone,
My PHP/mysql pages are working perfectly, the problem is users don't know
if what they are doing is working.
I have a system that adds and deletes tape id's from mysql via a PHP front
end.
I would like to pass the same success/failure messages that I would get if
I performed the add/delete directly within mysql.
For example, If I delete a tape from the db within mysql, after I hit enter
I get the following message:
mysql> delete from tape_tracking_test where media_id like 'TR44';
Query OK, 1 row affected (0.01 sec)
I would like to display this message to the browser:
Query OK, 1 row affected (0.01 sec)
Any help would be appreciated,
Thanks,
Mike
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] password in md5 to connect to mysql instead of clear password
You can't unhash MD5.. it's one way only. You could encrypt something and unencrypt it later, but it's not clear what advantage you would get out of what you're saying. Perhaps I don't understand, but if you have a separate connection file, why would you need to pass a password at all? -Micah On Friday 25 February 2005 09:11 am, Bob Sherer wrote: > You could programmatically build the connection string in the php > connection file, couldn't you? Have a line that sets a variable equal to > the MD5 hashed value. Then, build the connection string, applying a call > to a function that unhashes the password. That way, the password itself > never appears in code. > > I don't know a thing about unhashing MD5 encrypted strings. Sorry I can't > help you there. But, it sounds like you've already found that info. > > Good luck, > > Bob Sherer > > -Original Message- > From: Jon-Eirik Pettersen [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 24, 2005 10:54 AM > To: Gael Lams > Cc: php-db@lists.php.net > Subject: Re: [PHP-DB] password in md5 to connect to mysql instead of > clear password > > On Thu, 24 Feb 2005 02:37:01 -0800 (PST), Gael Lams <[EMAIL PROTECTED]> wrote: > > Hi all > > > > I use the classic following rows to connect to a mysql > > database. I always put $passsword in clear in the php > > connection file and I wonder whether there is a way to > > have it in md5 so that someone reading the file could > > not use it to connect to the db. I googled a bit but > > find only threads explaining how to have password > > saved in md5 inside a mysql table which is not I would > > like to do > > Because MySQL is using another password-hashing-algoritm other than > MD5, as far as I know, it is not possible. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] password in md5 to connect to mysql instead of clear password
On Saturday 26 February 2005 04:16, Micah Stevens wrote: > I was just thinking that a better way to do this is with a > public/private key set. Then it would be secure, but as someone else > mentioned, you'd have to patch the source to make it work. How would it be safer? Correct me if I'm wrong: if I have access to your key then I can connect. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-db -- New Year Resolution: Ignore top posted posts -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] cancel <[EMAIL PROTECTED]>
This message was cancelled from within Mozilla. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
