armlocker Posted December 30, 2012 Share Posted December 30, 2012 PHP VERSION 5.3.13 PHPMYADMIN VERSION 5.0.91 Hello everyone. One simple question: if my hosting server doesn't support hash_hmac(), where do I insert this line of syntax in the 'registration.php' file as advised on page 79, chapter 4: return mysql_real_escape_string ($dbc, sha1 ($password, true)); Error message goes like this: Fatal error: Call to undefined function create_password_hash() in /hermes/waloraweb004/b1384/moo.laissezfairelondonco/wolfcut/register.php on line 72 Line 72 of register.php goes like this: $q = "INSERT INTO users (username, email, pass, first_name, last_name, date_expires) VALUES ('$u', '$e', '" . create_password_hash($p) . "', '$fn', '$ln', ADDDATE(NOW(), INTERVAL 1 MONTH) )"; Any advice much appreciated Link to comment Share on other sites More sharing options...
Jonathon Posted December 30, 2012 Share Posted December 30, 2012 Hi Armlocker, Have you done much PHP previously? I only say this because this book is pretty complex at times and if you don't know why this error is happening then it's probably too advanced for you at this moment. Anyway, the error is due to an undeclared function, that doesn't happen on line 72. It's just where you tried to call create_password_hash(). So is the function actually declared in that file or accessible to the current page? 1 Link to comment Share on other sites More sharing options...
armlocker Posted December 31, 2012 Author Share Posted December 31, 2012 woooo - hoooo. Problem solved.... here's how: firstly: went into mysql.inc.php and changed the "mysql_real_escape_string" from hash hmac to simply SHA1 secondly: went into register.php and on "INSERT INTO..." line where you add user to database, I deleted the "create_password_hash" and replaced it with "SHA1" thirdly: upon registering a new user, I magically recieved an email confirmation without "Fatal Error" Thank you Jonathon for giving me the lead on this. I then found out the rest using a combination of PHP and MySQL (4th edition) by Larry to understand the all about passwords and SQL injections and applying it to the Ecommerce book. Question: According to the book, SHA1 is not that secure; and on my phpmyadmin on the password field I am using Varbinary(32), instead of CHAR(40), as recommended in Larrys PHP and MySQL book, which still works fine in registering a new user. (two questions here I know) - will this pose a problem later??? ================================== I am a newbie, so will be definitely asking a lot more questions. I am determined to complete both examples on the Ecommerce book ... so please bear with me advanced users Link to comment Share on other sites More sharing options...
armlocker Posted December 31, 2012 Author Share Posted December 31, 2012 I am also having this Fatal Error message in the login.inc.page: Call to undefined function_get_password_hash() I tried the above technique by changing it to SHA1 ($p), but it doesn't seem to work this time. Any suggestions? by the way.... Happy New Year! Link to comment Share on other sites More sharing options...
Larry Posted December 31, 2012 Share Posted December 31, 2012 Glad it's working for you. As for the security, it depends upon the application, but I would not use SHA1() these days. Second, if you're not storing binary data, you shouldn't use a binary column type. Link to comment Share on other sites More sharing options...
armlocker Posted December 31, 2012 Author Share Posted December 31, 2012 Hi Larry - I used varbinary because that was the example given in the Ecommerce book. Apparently hash_hmac doesn't work on my hosting server, so I made do with SHA1, what do you recommend I use instead? Best wishes for 2013 Link to comment Share on other sites More sharing options...
Larry Posted December 31, 2012 Share Posted December 31, 2012 I understand why you used varbinary because that's what the book used, but once you changed your code, you should change the database accordingly. As for hashing, read this: http://php.net/manual/en/faq.passwords.php#faq.passwords.fasthash Link to comment Share on other sites More sharing options...
armlocker Posted December 31, 2012 Author Share Posted December 31, 2012 Thanks Larry - interesting read. Something I will have to delve into after I complete both your examples in the Ecommerce book. In the meantime I've made good with SHA1 and amending the database to CHAR (40), as suggested on page 135 of the php and mysql book (4th edition) Speak soon, I'm working on the login.inc.php script and encountering errors there too. Hopefully I can make full use of your brilliant books. Link to comment Share on other sites More sharing options...
Recommended Posts