Jump to content
Larry Ullman's Book Forums

Error In Activate/register.php


Recommended Posts

Hello All,

 

Been a while, though peep in now and then..

 

I have 2 little issues with the Registration/Log-in Application based on Larry's code.

 

When one registers there is an error showing on the page since the link to activate sent in the email seems to be wrong; here's a dummy account attempt email:

http://venture-wilderness.com/reg_log.phpregistrar/activate.php?x=webmaster%40venture-wilderness.com&y=6c9a4cd312207c885d6a4ceb3a59fe91

 It completes the chore of entering details to the DB, only that it enters the activation Hash also in the DB in the column where there's a NULL for a normal user and ! for the staff/admin. All this worked quite flawlessly until now. Somehow somewhere the code seems to have got a hiccup. 

 

The second problem arises basically in the database where it stores the hashed password. I increased the VARCHAR to 123 as I read somewhere that using Blowfish with a random Format+Salt of 22 characters can generate a Hash stringlength of anywhere between 13 and 123. It enters only 49 characters and 3 dots at the end making it 52 in all. What am I doing wrong?

 

The function I wrote to augment password security:

<?php

function password_encrypt ($password) {
		$hash_format = "$2y$10$"; //Use Blowfish with a "cost" of 10
		$salt_length = 22; //Use 22 characters or more
		$salted = generate_salt ($salt_length);
		$format_and_salt = $hash_format . $salted;
		$hash = crypt($password, $format_and_salt);
		return $hash;
	}

function generate_salt ($length) {		
		// MD5 returns 32 characters
		$unique_random_string = md5(uniqid(mt_rand() , true));

		// Valid Characters for salt: [a-zA-Z0-9./]
		$base64_string = base64_encode($unique_random_string);

		// to convert '+' to '.' in base64 encoding
		$modified_base64_string = str_replace ('+' , '.' , $base64_string);

		// Truncate String to the Correct Length
		$salt = substr($modified_base64_string , 0 , $length);

		return $salt;
	}
?>

What am I doing wrong?

 

Warm regards,

 

zabberwan

Link to comment
Share on other sites

I'm not really following either of the problems explained. As for the activation, I can say to debug this you'll want to look at the query in pieces to see what's the problem: the email address or the activation code. Or, if this is the login query, it could be that the column has an empty string value, not a NULL value. 

Link to comment
Share on other sites

 Share

×
×
  • Create New...