Page 1 of 1

Hide password

Posted: Tue Apr 20, 2004 4:50 pm
by blackace
I and just learning PHP and trying to tweak a PHP classifieds mananger for my site.

In the classifieds manger when a user creates a new account the password is visible. Also, when the user logs in after logging out you can see the password I am trying to hide the password from prying eyes.
I am trying to hide it encrypt() function. I am not sure where it goes.
I am not sure why the developer didn't encrypt it when he was writing the script.

Thanks for your help.

Code: Select all

<?
include("common.php");
//set up SQL connection
	$link = mysql_connect ($server, $user, $password);
		if (! $link)
			&#123;
			die ("Couldn't connect to mySQL server");
			&#125;
		if (!mysql_select_db ($db, $link) )
			&#123;
			die ("Coldn't open $db: ".mysql_error() );
			&#125;
			
		print "<!-- HERE BEGINNETH THE HEADER -->\r\n";
		include("./templates/user_top.html");

	//ADD A RECORD
	if ($action=="add")
		&#123;
		
		
		//add slashes to input so things don't get <span style='color:blue' title='I&#39;m naughty, are you naughty?'>smurf</span> up in mySQL	
		$agent = addslashes($agent);
		$notes = addslashes($notes);
		
		$num_rows = 0;
		//make sure there isn't another person by that name
		$sql = "SELECT * FROM agents WHERE agent = '$agent'";
		$output = mysql_query($sql,$link);
		$num_rows = mysql_num_rows($output);
		if ($num_rows > 0)
			&#123;
			print "There is already an agent by that name.  Please try another name.<P>";
			&#125;
		elseif ($agent == "")
			&#123;die ("<P>Please Enter A Name!<P><FORM><INPUT TYPE="BUTTON" VALUE="BACK" onClick="history.back()"></FORM>");&#125;
		elseif ($agentpass == "")
			&#123;die ("<P>Please Enter A Password!<P><FORM><INPUT TYPE="BUTTON" VALUE="BACK" onClick="history.back()"></FORM>");&#125;
		elseif ($agentemail == "")
			&#123;die ("<P>Please Enter an Email Address!<P><FORM><INPUT TYPE="BUTTON" VALUE="BACK" onClick="history.back()"></FORM>");&#125;
		
		else
			//success! Go ahead and add the account.
			&#123;
			
			//handles the input for the database
			if ($linefeeds == "Y")
				&#123;
				$notes = ereg_replace("(\r\n|\n|\r)", "<br>", $notes);
				&#125;
		
			$query = "INSERT INTO agents (agent, agentpass, agenturl, agentemail, notes, agentphone, agentcell, agentfax) values ('$agent', '$agentpass', '$agenturl', '$agentemail', '$notes', '$agentphone', '$agentcell', '$agentfax')";
  			
  			if (!mysql_query ($query, $link) )
				&#123;	
				die (mysql_error());
				&#125;
			print "Your account has been added...";
			Print "<BR>Your login is: $agent";
			Print "<BR>Your password is $agentpass";
			Print "<P>Now, you may <a href="./agentadmin.php">login</a> and manage your properties.";
			&#125;
		&#125;
		else
		&#123;

		print "<table border=0 cellspacing=0 cellpadding=0 width=580><tr><td>";
 		print "<font face="arial,ms sans serif" size=3><b>Create Agent Account</b></font>";
 		print "</td></tr></table><P>";
		Print "<font face="arial,ms sans serif" size=2><P>";
			print "<form name="addagent" action="./addagent.php?action=add" method=post>";
			print "<table width=580 border=0 cellpadding=3>";
			print "<tr><td align=right><font color=red><B>*</b></font>Name:</td><td align=left> <input type="text" name="agent"></td></tr>";
			print "<tr><td align=right><font color=red><B>*</b></font>Password:</td><td align=left> <input type="text" name="agentpass"></td></tr>";
			print "<tr><td align=right><font color=red><B>*</b></font>Email:</td><td align=left> <input type="text" name="agentemail"> ";
			print "<tr height=5><td align=right></td><td align=left></td></tr>";
			
			print "<tr><td align=right>Phone:</td><td align=left> <input type="text" name="agentphone"></td></tr>";
			print "<tr><td align=right>Mobile:</td><td align=left> <input type="text" name="agentcell"></td></tr>";
			print "<tr><td align=right>Fax:</td><td align=left> <input type="text" name="agentfax"></td></tr>";
			
			print "<tr><td align=right>Homepage:</td><td align=left> <input type="text" name="agenturl"></td></tr>";
			print "<tr><td align=right>About you:</td><td align=left> <textarea name="notes" rows=4 cols=80></textarea></td></tr>";
			print "<tr height=5><td align=right></td><td align=left></td></tr>";
			print "<tr><td align=right></td><td align=left><font size=2>(<font color=red><B>*</b></font> Required Field)</font></td></tr>";
			
			print "</table>";

			
			print "<P>";
			print "<input type=submit value="SAVE"></form>";
			print "<font size=2>You can add images to your personal seller homepage once you create an account</font><BR>";
		&#125;	
			


		//print the footer
		print"\r\n<!-- THUS ENDETH THE MAIN CONTENT -->\r\n<!-- HERE BEGINNETH THE FOOTER -->";
		include("./templates/user_bottom.html");
		mysql_close($link);

?>

Posted: Tue Apr 20, 2004 5:03 pm
by tim
hmm?

<input type=password name=password>

Posted: Tue Apr 20, 2004 5:09 pm
by llanitedave
Change the following line:

Code: Select all

print "<tr><td align=right><font color=red><B>*</b></font>Password:</td><td align=left> <input type="text" name="agentpass"></td></tr>";
so that

Code: Select all

...<input type = "password"...>
Later on, you'll be asking how to get rid of those confusing tables...

And BTW, it's not really the PHP you're asking about, but HTML!

Posted: Tue Apr 20, 2004 5:15 pm
by tim
hmm, wasnt that what I already suggested?

:evil:

Posted: Tue Apr 20, 2004 5:18 pm
by llanitedave
I was just behind you... missed it by thaaaat much!

Posted: Tue Apr 20, 2004 5:20 pm
by tim
lol i was just joking with ya anyway!

mark always beats me to the punch!!!

Posted: Tue Apr 20, 2004 5:57 pm
by blackace
Thanks for the help. It works great! Just what I was looking to do.


THANKS!!!!!