Jump to content
Larry Ullman's Book Forums

Server Not Supporting Hash_Hmac() .... Chapter 4, Page 79


Recommended Posts

PHP VERSION 5.3.13

PHPMYADMIN VERSION 5.0.91

 

Hello everyone.

 

One simple question: if my hosting server doesn't support hash_hmac(), where do I insert this line of syntax in the 'registration.php' file as advised on page 79, chapter 4:

 

return mysql_real_escape_string ($dbc, sha1 ($password, true));

 

Error message goes like this:

 

Fatal error: Call to undefined function create_password_hash() in /hermes/waloraweb004/b1384/moo.laissezfairelondonco/wolfcut/register.php on line 72

 

Line 72 of register.php goes like this:

 

$q = "INSERT INTO users (username, email, pass, first_name, last_name, date_expires) VALUES ('$u', '$e', '" . create_password_hash($p) . "', '$fn', '$ln', ADDDATE(NOW(), INTERVAL 1 MONTH) )";

 

Any advice much appreciated :)

Link to comment
Share on other sites

Hi Armlocker,

 

Have you done much PHP previously? I only say this because this book is pretty complex at times and if you don't know why this error is happening then it's probably too advanced for you at this moment.

 

Anyway, the error is due to an undeclared function, that doesn't happen on line 72. It's just where you tried to call create_password_hash(). So is the function actually declared in that file or accessible to the current page?

  • Upvote 1
Link to comment
Share on other sites

woooo - hoooo. Problem solved.... here's how:

 

firstly:

went into mysql.inc.php and changed the "mysql_real_escape_string" from hash hmac to simply SHA1

 

secondly:

went into register.php and on "INSERT INTO..." line where you add user to database, I deleted the "create_password_hash" and replaced it with "SHA1"

 

thirdly:

upon registering a new user, I magically recieved an email confirmation without "Fatal Error"

 

Thank you Jonathon for giving me the lead on this. I then found out the rest using a combination of PHP and MySQL (4th edition) by Larry to understand the all about passwords and SQL injections and applying it to the Ecommerce book.

 

Question:

According to the book, SHA1 is not that secure; and on my phpmyadmin on the password field I am using Varbinary(32), instead of CHAR(40), as recommended in Larrys PHP and MySQL book, which still works fine in registering a new user. (two questions here I know) - will this pose a problem later???

 

==================================

 

I am a newbie, so will be definitely asking a lot more questions. I am determined to complete both examples on the Ecommerce book ... so please bear with me advanced users :)

Link to comment
Share on other sites

I am also having this Fatal Error message in the login.inc.page:

 

Call to undefined function_get_password_hash()

 

I tried the above technique by changing it to SHA1 ($p), but it doesn't seem to work this time. Any suggestions?

 

by the way.... Happy New Year!

Link to comment
Share on other sites

Thanks Larry - interesting read. Something I will have to delve into after I complete both your examples in the Ecommerce book. In the meantime I've made good with SHA1 and amending the database to CHAR (40), as suggested on page 135 of the php and mysql book (4th edition)

 

Speak soon, I'm working on the login.inc.php script and encountering errors there too. Hopefully I can make full use of your brilliant books.

Link to comment
Share on other sites

 Share

×
×
  • Create New...