I have been trying to understand password salting and hashing for a project I am working on. From the responses to a previous question I saw the php manual for password_hash as a good way to start.
However, when trying out the code on that page, I get an error that I haven't been able to resolve.
Code:
<?php
/**
* Note that the salt here is randomly generated.
* Never use a static salt or one that is not randomly generated.
*
* For the VAST majority of use-cases, let password_hash generate the salt randomly for you
*/
$options = [
'cost' => 11,
'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),
];
echo password_hash("rasmuslerdorf", PASSWORD_BCRYPT, $options)."\n";
?>
Error:
Parse error: syntax error, unexpected '[' in /home/content/##/######/html/TESTINGFOLDER/HashNSalt.php on line 8
According to the manual -
The above example will output:
$2y$11$q5MkhSBtlsJcNEVsYh64a.aCluzHnGog7TQAKVmQwO9C8xb.t89F.
Line 8 is
$options = [
Can someone here explain why I am getting this error - especially since I have copied and pasted this into my test page from the PHP Manual itself? I am still in the early stages of learning authentication/ php etc and depend on the manual, stackexchange/overflow to understand why things don't work the way they should. I am totally stumped when code I find in the manual doesn't work the way it should!
Not a security issue, just a syntax one.
The short array syntax:
$options = [ ... ];
is a PHP 5.4 feature... previously you had to say array( ... ).
You probably don't have 5.4 installed. As password_hash is a PHP 5.5 feature you'll need to update your PHP version.
Related
I'm pretty new to sequelize, though I've worked on node previously I did not use any ORM framework. At present I'm using new SQL DB(which is not supported by sequelize ) and want to connect it using node.js and sequelize( popular ORM for node.js ) by prototyping the existing dialects
The configuration is correct as I've tried it wihtout ORM.
The problem is after configuring the connection with properties the
sequelize.authenticate() doesn't throw any error but doesn't return a promise back
/**
* Test the connection by trying to authenticate
*
* #error 'Invalid credentials' if the authentication failed (even if the database did not respond at all...)
* #return {Promise}
*/
authenticate(options) {
return this.query('SELECT 1+1 AS result', _.assign({ raw: true, plain: true }, options)).return();
}
The return statement doesn't return anything. I've read this post how to create a new dialect. Though it says it is not encouraged to create a new dialect and throws an error if we try to, I think there must be a way to create because if it can be created for other SQL databases then may be there should be a way to do it. This is an open source project on github. Did anyone previously work on this any help is appreciated. Thanks in Advance
Only the 5 dialects are supported and an error will be thrown if you try and use NewSQL.
There is a lot of code in Sequelize to construct queries based on the dialect, so even if you could get past the error (such as forking the repo and changing it) the likelihood of everything working as you expect (or as is documented) is low.
I suggest posting an issue on GitHub to bring that dialect to the project.
With reference to ImpressPages - Unable to add plugin / themes ( version 4.2.7 - abt 2 years ago ) the problem still seems to be persistent ?
The relevant code from /Ip/Internal/Plugins/PluginDownloader.php is;
$fileMd5 = md5_file($archivePath);
$rsa = new \Crypt_RSA();
$rsa->loadKey($this->publicKey);
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$verified = $rsa->verify($fileMd5, base64_decode($signature));
if (!$verified) {
throw new \Ip\Exception('Plugin signature verification failed.');
}
RSA.php is available at ;
`require_once IP_PHPSECLIB_DIR . 'Crypt/RSA.php'`
Commands md5_file, base64_decode run properly ( tested via simple test scripts ).
I tried to echo values of $rsa and $verified;
echo'<pre>';var_dump($rsa);
echo'<pre>';var_dump($verified);
but got "Unknown error. Please see logs."
Tried ;
trigger_error("///////// RSA Obj Is /////////// :- ".$rsa, E_USER_WARNING );
trigger_error("///////// Verified Is /////////// :- ".$verified, E_USER_WARNING );
but got the same "Unknown error. Please see logs."
As for the Logs ( hidden under Admin-> Menu -> System -> Log ), well they showed nothing.
Next, i tried https://www.impresspages.org/docs/log - ipLog() function but it doesnt say how we can use ipLog() to see values of variables such as $rsa , $verified to troubleshoot further.
So my question to any ImpressPages guru here is;
How do we inspect the values of $rsa, $verified ?
How to get impresspages to install plugins via the admin interface ? or
is this feature broken for the past 2 years ?
An easy solution would be to try different host.
I get the following error:
Keen.delete(:iron_worker_analytics, filters: [{:property_name => 'start_time', :operator => 'eq', :property_value => '0001-01-01T00:00:00Z'}])
Keen::ConfigurationError: Keen IO Exception: Project ID must be set
However, when I set the value, I get the following:
warning: already initialized constant KEEN_PROJECT_ID
iron.io/env.rb:36: warning: previous definition of KEEN_PROJECT_ID was here
Keen works fine when I run the app and load the values from a env.rb file but from the console I cannot get past this.
I am using the ruby gem.
I figured it out. The documentation is confusing. Per the documentation:
https://github.com/keenlabs/keen-gem
The recommended way to set keys is via the environment. The keys you
can set are KEEN_PROJECT_ID, KEEN_WRITE_KEY, KEEN_READ_KEY and
KEEN_MASTER_KEY. You only need to specify the keys that correspond to
the API calls you'll be performing. If you're using foreman, add this
to your .env file:
KEEN_PROJECT_ID=aaaaaaaaaaaaaaa
KEEN_MASTER_KEY=xxxxxxxxxxxxxxx
KEEN_WRITE_KEY=yyyyyyyyyyyyyyy KEEN_READ_KEY=zzzzzzzzzzzzzzz If not,
make a script to export the variables into your shell or put it before
the command you use to start your server.
But I had to set it explicitly as Keen.project_id after doing a Keen.methods.
It's sort of confusing since from the docs, I assumed I just need to set the variables. Maybe I am misunderstanding the docs but it was confusing at least to me.
I have this PDO statement:
parent::$db->custom('UPDATE users_credits SET availabe = availabe - :reward_credits, used = used + :reward_credits WHERE user_id = :user_id', array(
'reward_credits' => $reward_credits,
'user_id' => $user_id
));
For some reasons it simply does not work. I tried the very same query on the DB manually and it works.
What's wrong with PDO and how do I achieve the very same result I would achieve normally?
Thanks for any suggestion
First of all. There is nothing wrong with PDO and never has been.
It is some your own custom code to blame.
Simple checklist to solve any PDO related problem
Make sure you can see all the PHP errors.
Configure PDO to throw exceptions in SQL errors, by calling this after connect
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
Debug your code.
We are developing using Yii. One user sees warnings trow by Yii, the other user don't.
We have the same app/config.php file.
Could this be apache related ?
Where should we look at for more diferences in order to make them see the same logs ?
index.php and .htaccess are equal on all machines (they under git btw);
The code that we had and that was returning an error that only some users were seeing and others don't is the following:
1 $(document).ready(function(){
2 if('<?php echo Yii::app()->controller->action->id?>' == 'update'){
3 if('<?php echo Yii::app()->user->id;?>' != '<?php echo $model->createUser->id; ?>'){
and the error is:
trying to access property of a non-object
(on line 3).
This error is SOLVED. It's the fact that only some developers sees this and others don't that troubles me.
Please advice