• Questions That Don't Need Their Own Thread v3
4,068 replies, posted
• [QUOTE=Miljaker;35893483]2/3 year "informatica" here. Didn't have enough points to start internship so had to wait a full year. Couldn't do most classes from third year because they require internship completion. So I had a year of mixed second and third year classes. Pretty much done with second year now. Next year third year gonna be alot of free time because I did alot already. Hope to really get webdeveloping going in that period so I make enough money to move out of my parents house... still not sure if I should be freelancing or try and find a company to work for.[/QUOTE] what do you mean by "Didn't have enough points to start internship" you don't need any 'points' to apply for an internship
• [QUOTE=swift and shift;35893639]what do you mean by "Didn't have enough points to start internship" you don't need any 'points' to apply for an internship[/QUOTE] We live in the Netherlands. Part of our third year is a mandatory internship (for our ?study? not sure what it's called in the us/uk since we have a completely different educational system). Each year we have 60 points we can earn by getting a positive mark on exams and projects and some other stuff. You need at least (insert amount) of points to be allowed to start your internship, he failed some exams or projects in his second year, making him unable to start his internship.
• [QUOTE=swift and shift;35893639]what do you mean by "Didn't have enough points to start internship" you don't need any 'points' to apply for an internship[/QUOTE] I guess it's some kind of university application where they back your applications to an internship and help you find them or something. [editline]9th May 2012[/editline] Or not :v:
• [URL]http://en.wikipedia.org/wiki/Bologna_process#Netherlands[/URL] How the dutch education system sort of works. Nothing explained about those points you can google ECTS (European Credit Transfer System) for that.
• PHP problem; I need to get a Crypt() Function to encrypt passwords, then be able to decrypt the passwords when they are entered into plaintext. If anyone knows the answer I'd be grateful. [code]<?php $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // SQL connection mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); //Get Variable $username =$_POST['myusername']; $password =$_POST['mypassword']; $password2 =$_POST['mypassword2']; //db vars $user =$_POST['username']; $pass =$_POST['password']; $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $mypassword2 = stripslashes($mypassword2); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $mypassword2 = mysql_real_escape_string($mypassword2); if ($_POST['myusername'] &&$_POST['mypassword']) { if ($_POST['mypassword'] &&$_POST['mypassword2']) { if (strlen($_POST['myusername']) >0 && strlen ($_POST['mypassword']) >0 && strlen ($_POST['mypassword2']) >0){ !- The part that i need help with -! //test crypt !- The part i need help with -!!//$hash=CRYPT('mypassword','$1$SCg6iuU5$56TTOoB/Q2Y1/k8DauasA.');$sql = "insert into $tbl_name(username,password)values('$username', '$password')"; /*echo "$sql";*/ $result = mysql_query($sql); //or die(mysql_error()); if ($result == FALSE) { //username collision echo "Username already in use"; } else { //success print "<a href='main_login.php'> Back to login </a>"; } } else { echo " You Do not meet the required Conditions!"; } } else { echo "No password Specified"; } } else { echo "Username not specified"; } ?>[/code] • It's actually a friend of mine's problem, but I assume it was this, to quote him directly; [QUOTE]My problem is that i need to get a Crypt() Function to encrypt passwords, later then be able to decrypt the passwords when they are entered into plaintext.[/QUOTE] I assume he can't figure out how to do whatever that is. • I created myself a class for hashing: [php] /*** A little class for different hashing methods * hash_salted_sha512 is simple hash+salt of hashed str+salt * hash_bcrypt uses blowfish and returns hashed blowfish. * Average times with different blowfish strengths: * 10 - 0.062s * 12 - 0.25s * 14 - 1.01s * 15 - 2.04s */ class Crypt{ public static function hash_salted_sha512($str, $salt){ return hash('sha512', hash('sha512',$str.$salt).$salt); } public static function verify_salted_sha512($str,$salt, $compare){ return$compare === hash('sha512', hash('sha512', $str.$salt).$salt); } public static function hash_bcrypt($str, $salt,$strength){ return hash('sha512', crypt($str, '$2a$'.$strength.'$'.$salt)); } public static function verify_bcrypt($str,$salt, $strength,$compare){ return $compare === hash('sha512', crypt($str, '$2a$'.$strength.'$'.$salt)); } } [/php] Usage is simple: [php]$pass = $_POST['pass'];$salt = "abcde"; $original_pass = "txt"; if(Crypt::verify_salted_sha512($pass, $salt,$original_pass)) // grant access [/php] or with bcrypt: [php] $strength = 12;$pass = $_POST['pass'];$salt = "abcde"; $original_pass = "txt"; if(Crypt::verify_bcrypt($pass, $salt,$strength, $original_pass)) // grant acces [/php] • [QUOTE=mac338;35904533]It's actually a friend of mine's problem, but I assume it was this, to quote him directly; I assume he can't figure out how to do whatever that is.[/QUOTE] You don't decrypt the passwords. You're not even 'encrypting' when using crypt; you're hashing. With that being said, you need to hash the plaintext password and match it against the hash password stored in the database. If they're the same, then it's the right password. If they're not, then it's not the right password. I think. [editline]10th May 2012[/editline] like i said, it's not encryption; it's hashing. • [QUOTE=Ac!dL3ak;35904819]You don't decrypt the passwords. You're not even 'encrypting' when using crypt; you're hashing. With that being said, you need to hash the plaintext password and match it against the hash password stored in the database. If they're the same, then it's the right password. If they're not, then it's not the right password. I think. [editline]10th May 2012[/editline] like i said, it's not encryption; it's hashing.[/QUOTE] Thanks, he replied; [QUOTE]I know, I've been removing that crypt because it send a cryptation of the password to the database, but it wont match the plaintext with the database, thus the plaintext password will not work at all, just the encrypted password. PHP: Crypt() I usualy Mix them both up too. Can be used many ways. Persoanly, Hashing it with an MD5 algorithm is rather useless nowdays. Then With adding Salt to it, it's still makes it an one-way algorithm, Yet that's not the question, The question is how do i fix the problem.[/QUOTE] • [QUOTE=mac338;35905081]Thanks, he replied;[/QUOTE] I've done my research (lots of reading) and to me the best method seems to be using bcrypt. Someone has made implementing it easier with this: [url]https://gist.github.com/1053158[/url] This seems to be the best possible solution for password storage and checking. [I]Sources: [URL="http://stackoverflow.com/questions/1581610/how-can-i-store-my-users-passwords-safely"]http://stackoverflow.com/questions/1581610/how-can-i-store-my-users-passwords-safely[/URL] [URL="http://stackoverflow.com/questions/10363810/slowest-hash-function-in-php-for-password-storage"]http://stackoverflow.com/questions/10363810/slowest-hash-function-in-php-for-password-storage[/URL][/I] And just in case you don't understand the whole thing fully (I get that impression) here's a little on how basic hashing works (although the method I've given above is more complicated). User Registers - You store the users password in the database in it's hashed form. User tries to login, you hash the password they have used to login and compare it to the one in your database. • I want to know good e-books or real books, to buy, about XHTML/HTML (4.01 and 5), css, php (with mysql) and javascript. This last one, i really need to get one, the others is just to read for simple fun and to stay on the bookshelves for better enchantments. • [QUOTE=areolop;35909803]How do I clear a website's cookies ( I keep getting 301's from the server, not client)[/QUOTE] click the wrench > then search cookies > click all cookies and site data • [QUOTE=Ac!dL3ak;35906024]don't use MD5- it's been proven that it has been able to collide[/QUOTE] all hashes have collisions • What's the best framework for mobil websites? or is it better to roll your own? • [QUOTE=mac338;35904118]PHP problem; I need to get a Crypt() Function to encrypt passwords, then be able to decrypt the passwords when they are entered into plaintext. If anyone knows the answer I'd be grateful. [code]<?php$myusername=$_POST['myusername'];$mypassword=$_POST['mypassword']; // SQL connection mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); //Get Variable$username = $_POST['myusername'];$password = $_POST['mypassword'];$password2 = $_POST['mypassword2']; //db vars$user = $_POST['username'];$pass = $_POST['password'];$myusername = stripslashes($myusername);$mypassword = stripslashes($mypassword);$mypassword2 = stripslashes($mypassword2);$myusername = mysql_real_escape_string($myusername);$mypassword = mysql_real_escape_string($mypassword);$mypassword2 = mysql_real_escape_string($mypassword2); if ($_POST['myusername'] && $_POST['mypassword']) { if ($_POST['mypassword'] && $_POST['mypassword2']) { if (strlen($_POST['myusername']) >0 && strlen ($_POST['mypassword']) >0 && strlen ($_POST['mypassword2']) >0){ !- The part that i need help with -! //test crypt !- The part i need help with -!!//$hash=CRYPT('mypassword','$1$SCg6iuU5$56TTOoB/Q2Y1/k8DauasA.'); $sql = "insert into$tbl_name(username,password)values('$username', '$password')"; /*echo "$sql";*/$result = mysql_query($sql); //or die(mysql_error()); if ($result == FALSE) { //username collision echo "Username already in use"; } else { //success print "<a href='main_login.php'> Back to login </a>"; } } else { echo " You Do not meet the required Conditions!"; } } else { echo "No password Specified"; } } else { echo "Username not specified"; } ?>[/code][/QUOTE] I tend to hash the password with something like sha256, then pick a few fixed points to take a character from on the password (which only you and other developers should know) and create a salt from this, then rehash the hash including the salt. Then to decrypt and check passwords repeat the process and see if the outcome matches the hash in the database.
• [QUOTE=Trivkz;35913941]What's the best framework for mobil websites? or is it better to roll your own?[/QUOTE] I know Bootstrap resizes itself quite well for mobile devices.
• [QUOTE=BBgamer720;35916059]I know Bootstrap resizes itself quite well for mobile devices.[/QUOTE] I'm getting pretty fucking tired of all the Bootstrap'd sites nowadays though, it seems tons of new website creators think to use it without [I]any[/I] customization (or very minimal) leading to a shit design that isn't distinguishable from the thousands if not millions of others. If you're going to use Bootstrap please don't be an idiot, customize it so it doesn't look like ass like the rest of them.
• [QUOTE=swift and shift;35911077]all hashes have collisions[/QUOTE] this is what i meant [quote]However, it has since been shown that MD5 is not collision resistant; as such, MD5 is not suitable for applications like SSL certificates or digital signatures that rely on this property. In 1996, a flaw was found with the design of MD5, and while it was not a clearly fatal weakness, cryptographers began recommending the use of other algorithms, such as SHA-1—which has since been found also to be vulnerable. In 2004, more serious flaws were discovered in MD5, making further use of the algorithm for security purposes questionable—specifically, a group of researchers described how to create a pair of files that share the same MD5 checksum. Further advances were made in breaking MD5 in 2005, 2006, and 2007. In December 2008, a group of researchers used this technique to fake SSL certificate validity, and US-CERT now says that MD5 "should be considered cryptographically broken and unsuitable for further use."[/quote]
• [QUOTE=douche beat;35917029]I'm getting pretty fucking tired of all the Bootstrap'd sites nowadays though, it seems tons of new website creators think to use it without [I]any[/I] customization (or very minimal) leading to a shit design that isn't distinguishable from the thousands if not millions of others. If you're going to use Bootstrap please don't be an idiot, customize it so it doesn't look like ass like the rest of them.[/QUOTE] [url]http://lesscss.org/[/url]
• [QUOTE=BBgamer720;35917595][url]http://lesscss.org/[/url][/QUOTE] Less is not required to create websites that work at different sizes, CSS and HTML can do that already
• [QUOTE=Miljaker;35890533]And just wanted to know from profesionals here how much they would charge for a website like [URL="http://www.bijmargo.nl"]www.bijmargo.nl[/URL][/QUOTE] Not a professional or anything but how many hours you put into that? and how many of the hours were used to learn before you could apply it?, but i guess its worth about 600€ -> 775\$ but as I said it depends on the hours you worked on the project.
• How's the browser support for MathML these days? I can convert from LaTeX to MathML easily, so should I use MathML or a third-party service for rendering LaTeX to images and embedding them? Or is there a third option [editline]12th May 2012[/editline] *a third option for displaying on my website lots of mathematical stuff originally written in LaTeX editors
• [QUOTE=ThePuska;35926107]How's the browser support for MathML these days? I can convert from LaTeX to MathML easily, so should I use MathML or a third-party service for rendering LaTeX to images and embedding them? Or is there a third option [editline]12th May 2012[/editline] *a third option for displaying on my website lots of mathematical stuff originally written in LaTeX editors[/QUOTE] use mathjax, it's great I use it here: [url]http://charliesome.github.com/diffcalc[/url]
• So I'm trying to use [URL="https://github.com/tenderlove/mechanize"]Mechanize [/URL] to login to a private tracker ( nxtgn.org ) but for some reason I keep getting: [code]Net::HTTP::Persistent::Error at /test too many connection resets (due to Resource temporarily unavailable - Timeout::Error) after 0 requests on -614353908, last used 1336838339.80583 seconds ago[/code] The code I'm using is: [code] agent = Mechanize.new page = agent.get('http://nxtgn.org/login.php') form = page.form('loginbox') form.username = 'Username' form.password = 'Password' agent.submit(form) [/code] Also: Just noticed it only happens when the login details are correct.. Ideas?
• I need a better way to lay out this screen: [IMG]http://i.imgur.com/tyhdo.png[/IMG] They're permissions for a group. Ideas?
• [QUOTE=douche beat;35921117]Less is not required to create websites that work at different sizes, CSS and HTML can do that already[/QUOTE] douche beat mentioned customizing Bootstrap so it looks different to the default look - LESS is the easiest way to do that.
• [QUOTE=_Undefined;35929290]I need a better way to lay out this screen: They're permissions for a group. Ideas?[/QUOTE] Tabs?