Need Help and Idea Too!!

**subzero** · 14.08.10, 21:06

Use php session

like

if(isset($_SESSION['user']))
{
Hey you subzero!!
}else{
do i know you sir ??
}

to set this use

$_SESSION['id']=session_id();
$_SESSION['user']=$user;

Hope that helps you

so your site link will look like this

http://csite.com/buyproduct.php

and not like this

http://csite.com/buyproduct.php?sid=hwejfghsdjfhjsdhfjsdhfjsdfh_hack_me_code_so_easy_please_shfjdshfjdshfjdshfjdshf

lol its too hard to crack session site thats why i say no one has your id on my site

**something else** · 14.08.10, 21:10

its better if you md5 them and save them in the database as md5 as otherwize your leaving yourself open for attacks

**subzero** · 14.08.10, 21:12

md5 can be cracked bro lol

hash private key is the best way to go

doing private key means hash cracker can't undo your hash password unless cracker has your private key to uncrack your hash code.

**something else** · 14.08.10, 21:15

yeah private key is better ..... but as khan was saying ... he is leaving password on full view with no encryption so any encyption is better than none.

**subzero** · 14.08.10, 21:16

that i agreed with you bro

i use referrer on scotspaul gotten his password easy lol

**something else** · 14.08.10, 21:27

i used sql injection on his lol whilst in owner cp i had noticed dj lee had put a javascript file in his profile <script> link to another site </script> lol

**khan** · 14.08.10, 21:30

I cant Encrypt the password on db as because They already have more than 5000 user having their password without encryption.
There Is the Point. This cops me to do use encrypted password.

**subzero** · 14.08.10, 21:31

lol yeah nasty guy dj lee lol

Thats why i asked you to use sessions to hide your user/pass

all it needs is user

**something else** · 14.08.10, 21:33

i only hacked in there as i seen dj lee was registered there and i wanted to change some of his details lol

khan create another field in your database and then use a simple whilst statement to encypt all passwords and put them back into database

**khan** · 14.08.10, 21:36

Originally posted by something else View Post

i only hacked in there as i seen dj lee was registered there and i wanted to change some of his details lol

khan create another field in your database and then use a simple whilst statement to encypt all passwords and put them back into database

How ??
Or I think it can be hide by Mod rewrite! Can It?

**something else** · 14.08.10, 21:45

use something simular to this:

PHP Code:


while ($sql = mysql_fetch_array(mysql_query("SELECT id, pass FROM members))){

$done = mysql_query("UPDATE members SET newpass='".md5($sql[1])."' WHERE id='".$sql[0]."'");

print $sql[0];

if($done) print ') done<br/>';

else print ') oops<br/>';

}

but with a better encryption method

**khan** · 14.08.10, 21:48

Sub Says private key encryption. Hows to do that!!

**something else** · 14.08.10, 22:07

You may need to Limit the calls from database eg: LIMIT 1, 1000 as im not sure how the server would handle 10000 cals to database all at once lol ...your script may time out

Added after 12 minutes:

just personalize your own way of encrypting eg: $pass = crypt(md5("khan".$pass."khan"));

**khan** · 14.08.10, 22:07

And How to hide them with mod_rewrite on .htaccess?

Need Help and Idea Too!!

Need Help and Idea Too!!

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment