Need Help and Idea Too!!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Need Help and Idea Too!!

    As I am now working on my new project for a company, I need some Help from you.
    That is db saved data of user registration like nick=nick and pcode=pcode;

    and it used like http://csite.com/buyproduct.php?nick=$nick&pcode=$pcode

    But I dont want to show the nick and password of that user on browser. Can i encrypt nick=$nick&pcode=$pcode?
    How can I do that!
    Just like this http://csite.com/buyproduct.php?nick...dfwvyrwjfksf??

    md5 can't coz i wont get value of it to verify from db.
    Any Other?
    I can make the db again with encrypted password. But the site hav more than 5000 members.
    Or Do you have any other Idea to hide that value?

    #2
    Use php session

    like

    if(isset($_SESSION['user']))
    {
    Hey you subzero!!
    }else{
    do i know you sir ??
    }

    to set this use

    $_SESSION['id']=session_id();
    $_SESSION['user']=$user;

    Hope that helps you

    so your site link will look like this



    and not like this


    lol its too hard to crack session site thats why i say no one has your id on my site
    Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
    Visit: WapMasterz Coming Back Soon!
    _______
    SCRIPTS FOR SALE BY SUBZERO
    Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
    FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
    _______
    Info & Tips
    php.net
    w3schools.com

    Comment


      #3
      its better if you md5 them and save them in the database as md5 as otherwize your leaving yourself open for attacks

      Comment


        #4
        md5 can be cracked bro lol

        hash private key is the best way to go

        doing private key means hash cracker can't undo your hash password unless cracker has your private key to uncrack your hash code.
        Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
        Visit: WapMasterz Coming Back Soon!
        _______
        SCRIPTS FOR SALE BY SUBZERO
        Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
        FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
        _______
        Info & Tips
        php.net
        w3schools.com

        Comment


          #5
          yeah private key is better ..... but as khan was saying ... he is leaving password on full view with no encryption so any encyption is better than none.

          Comment


            #6
            that i agreed with you bro

            i use referrer on scotspaul gotten his password easy lol
            Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
            Visit: WapMasterz Coming Back Soon!
            _______
            SCRIPTS FOR SALE BY SUBZERO
            Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
            FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
            _______
            Info & Tips
            php.net
            w3schools.com

            Comment


              #7
              i used sql injection on his lol whilst in owner cp i had noticed dj lee had put a javascript file in his profile <script> link to another site </script> lol

              Comment


                #8
                I cant Encrypt the password on db as because They already have more than 5000 user having their password without encryption.
                There Is the Point. This cops me to do use encrypted password.

                Comment


                  #9
                  lol yeah nasty guy dj lee lol


                  Thats why i asked you to use sessions to hide your user/pass

                  all it needs is user
                  Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
                  Visit: WapMasterz Coming Back Soon!
                  _______
                  SCRIPTS FOR SALE BY SUBZERO
                  Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
                  FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
                  _______
                  Info & Tips
                  php.net
                  w3schools.com

                  Comment


                    #10
                    i only hacked in there as i seen dj lee was registered there and i wanted to change some of his details lol

                    khan create another field in your database and then use a simple whilst statement to encypt all passwords and put them back into database

                    Comment


                      #11
                      Originally posted by something else View Post
                      i only hacked in there as i seen dj lee was registered there and i wanted to change some of his details lol

                      khan create another field in your database and then use a simple whilst statement to encypt all passwords and put them back into database
                      How ??
                      Or I think it can be hide by Mod rewrite! Can It?

                      Comment


                        #12
                        use something simular to this:
                        PHP Code:
                        while ($sql mysql_fetch_array(mysql_query("SELECT id, pass FROM members))){
                        $done = mysql_query("UPDATE members SET newpass='".md5($sql[1])."' WHERE id='".$sql[0]."'");
                        print 
                        $sql[0];
                        if(
                        $done) print ') done<br/>';
                        else print ') oops<br/>';

                        but with a better encryption method
                        Last edited by something else; 14.08.10, 21:48.

                        Comment


                          #13
                          Sub Says private key encryption. Hows to do that!!

                          Comment


                            #14
                            You may need to Limit the calls from database eg: LIMIT 1, 1000 as im not sure how the server would handle 10000 cals to database all at once lol ...your script may time out

                            Added after 12 minutes:

                            just personalize your own way of encrypting eg: $pass = crypt(md5("khan".$pass."khan"));
                            Last edited by something else; 14.08.10, 22:07.

                            Comment


                              #15
                              And How to hide them with mod_rewrite on .htaccess?

                              Comment

                              Working...
                              X