protype
asked on
How to use the crypt function
I need to know how to use the crypt function. i know it will encrypt the password,
I have paypal sending a password to my database for a restricted area.
Then my users login.
What i need to know is how do i encrypt the password that the user inputs when logging in so that in match's the password in the database.
HELP
I have paypal sending a password to my database for a restricted area.
Then my users login.
What i need to know is how do i encrypt the password that the user inputs when logging in so that in match's the password in the database.
HELP
I should also add that the crypt function is pretty well documented here:
http://us3.php.net/manual/en/function.crypt.php
The user-supplied notes are often very helpful on the PHP.net site.
Best, ~Ray
http://us3.php.net/manual/en/function.crypt.php
The user-supplied notes are often very helpful on the PHP.net site.
Best, ~Ray
ASKER
Hi Ray
PayPal sends an IPN to my server and in the IPN there is a encrypted password which was done via the SALT in the crypt function.
i think???????? do i have this correct
PayPal sends an IPN to my server and in the IPN there is a encrypted password which was done via the SALT in the crypt function.
i think???????? do i have this correct
Can you show me the PayPal Developer manual page for this? I've got plenty of experience in the IPN, but I have never seen an encrypted password there. Should not be too hard to figure out, tho.
Thanks, ~Ray
Thanks, ~Ray
ASKER
The hole problem with PayPal is............How complicated it is............manual??? i would not know where to start.
I am one week trying to get subscription section working on my site
I am one week trying to get subscription section working on my site
ASKER
OK i have looked into my question.......
What i am asking is how do i encrypt a password which a user enters on my site, so that it will be referenced against a password in my database which was entered by paypal.
What i am asking is how do i encrypt a password which a user enters on my site, so that it will be referenced against a password in my database which was entered by paypal.
ASKER
How do i write the crypt into my php
ASKER
This is the code used when the user is logging in
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['username22'])) {
$loginUsername=$_POST['username22'];
$password=$_POST['password22'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "../page_on_me_site.php";
$MM_redirectLoginFailed = "samo.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_Login, $Login);
$LoginRS__query=sprintf("SELECT username, password FROM paypal_subscriptions WHERE username='%s' AND password='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $Login) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
Hi, protype: To work with PayPal you need to be knowledgeable of the PayPal Developers documentation. They have online manuals and PDFs that describe how to use their web services. I agree with you that it is complicated - the "basics" is over 150 pages, and their interfaces are not in anything standard like XML (Feh!) so you have to write custom code for everything.
As you know if you have read the php man page on crypt(), you must provide a "salt" - it would seem to me that the "salt" in this case may be something that PayPal knows and you must find out from the PayPal documentation for developers. But as I read more about this by searching the 'net, I think you might want to look at this tutorial and see if it guides you in the right direction.
http://net.tutsplus.com/tutorials/php/using-paypals-instant-payment-notification-with-php/
Let me know what you think, ~Ray
As you know if you have read the php man page on crypt(), you must provide a "salt" - it would seem to me that the "salt" in this case may be something that PayPal knows and you must find out from the PayPal documentation for developers. But as I read more about this by searching the 'net, I think you might want to look at this tutorial and see if it guides you in the right direction.
http://net.tutsplus.com/tutorials/php/using-paypals-instant-payment-notification-with-php/
Let me know what you think, ~Ray
ASKER
I think i have the SALT i just need to add the crypt function to the php...................i am only learning and it is a killer.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Can you show me how to write the code for this as the it has me confused.
And i do have the SALT i just don't know how the code goes. once i have this sorted i'm working.
please help
And i do have the SALT i just don't know how the code goes. once i have this sorted i'm working.
please help
"Can you show me how to write the code for this as the it has me confused."
That is EXACTLY what I posted above. Get the salt string from PayPal and put it into the define statement at line 26. I don't know what more I can do to help??
That is EXACTLY what I posted above. Get the salt string from PayPal and put it into the define statement at line 26. I don't know what more I can do to help??
ASKER
I will need to get someone the write the php and show me, because i don't understand. I think you have told me where to put the code but i need to know how to write it.
Thanks anyway.
Thanks anyway.
"you have told me where to put the code but i need to know how to write it."
Please explain - what do you mean by "how to write it?"
Thanks, ~Ray
Please explain - what do you mean by "how to write it?"
Thanks, ~Ray
ASKER
Sorry it took so long Ray,
This is the last thing i need to sort and i will have it working.
This is the last thing i need to sort and i will have it working.
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['username22'])) {
$loginUsername=$_POST['username22'];
$password=$_POST['password22'];
// YOU MIGHT TRY ADDING THE crypt() FUNCTION RIGHT HERE
// READ THE MAN PAGE HERE:
// http://us3.php.net/manual/en/function.crypt.php
// YOU MUST KNOW THE SALT VALUE IN ADVANCE OR crypt() WILL CHOOSE ONE
// AND IT WILL ALMOST CERTAINLY BE WRONG
// DEFINE THE SALT
define('pp'); // IS THIS WHAT I SHOULD BE DOING
$password = crypt($password, MY_SALT_STRING);
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "../page_on_me_site.php";
$MM_redirectLoginFailed = "samo.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_Login, $Login);
$LoginRS__query=sprintf("SELECT username, password FROM paypal_subscriptions WHERE username='%s' AND password='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $Login) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
ASKER
Ok i need to ask another related question.
I have the salt working when i test it BUT, every password seems to have a different salt like this
kq.K6/Cd2NLg2
u866uUGe1.0KA
f/evD8wWOx.C2
7CrEtSevW.h6E > looking at this one, if i use the 7C salt for the password "jag0glenn" i get the encrypted password of "7CrEtSevW.h6E", NOW as this would make sense to you it is a little confusing for someone learning, because now do i use a salt if the salt is different for every password, what i'm saying is How do i put the salt into my code.
example: $password =crypt($_POST['password22' ], '7C' );
HERE IS A LITTLE CODE YOU CAN RUN THAT WILL SHOW YOU HOW I'M TESTING
I have the salt working when i test it BUT, every password seems to have a different salt like this
kq.K6/Cd2NLg2
u866uUGe1.0KA
f/evD8wWOx.C2
7CrEtSevW.h6E > looking at this one, if i use the 7C salt for the password "jag0glenn" i get the encrypted password of "7CrEtSevW.h6E", NOW as this would make sense to you it is a little confusing for someone learning, because now do i use a salt if the salt is different for every password, what i'm saying is How do i put the salt into my code.
example: $password =crypt($_POST['password22'
HERE IS A LITTLE CODE YOU CAN RUN THAT WILL SHOW YOU HOW I'M TESTING
<!--Create a page and insert this code then save it as crypt.php
then run it. -->
<FORM ACTION="crypt.php" METHOD="post"> <br>
<INPUT TYPE="password" NAME="password" /> password <P> Insert the password = <strong>jag0glenn</strong> you should get the uotput = <strong>7CrEtSevW.h6E</strong><br>
<INPUT TYPE="submit" VALUE="calculate">
<P>
</FORM>
<?php
$password = crypt($_POST['password'], '7C'); // this is the use of crypt
if ($password == '7CrEtSevW.h6E')
{
echo "Well as you can see the password is $password. This is the output for the salt '7C'";
}
?>
ASKER
Ray
Thanks for the help go it working. All the paypal sorted and working, as you know it is my first attempt at PayPal and ecommerce and i got it sorted.
I had to learn how to build websites because i got shafted by a company who charged me a ridiculous amount of money then left me without a CMS.
I have more question and i just hope you can help as your help has been second to none.
I would like to show you the site but will not put the url up here.
Regards
Thanks for the help go it working. All the paypal sorted and working, as you know it is my first attempt at PayPal and ecommerce and i got it sorted.
I had to learn how to build websites because i got shafted by a company who charged me a ridiculous amount of money then left me without a CMS.
I have more question and i just hope you can help as your help has been second to none.
I would like to show you the site but will not put the url up here.
Regards
When the client wants to log in, the login script reads the password, makes the same hash and compares it to the hashed value in the data base. If they match, the login is permitted.
Does that help? ~Ray