[WEBSITE]A minecraft styled blog written in PHP/HTML

[CTMiner]

That was about usernames, not passwords. I agree with SHA 256/512, definitely a good choice to use.

 

[Zjarek_S]

I wasn't talking about using just one SHA pass, but this specific ready function (made specifically for password storage), with about 100 000 passes of SHA256. There's small difference between using md5 and SHA256 once, they are fast hashes and can be bruteforced in no time (GPU are fast in these kind of computations). Not using the salt also opens it to rainbow tables.

 

[Rob]

Some browsers don't have JS enabled, and you can also use inspect element to get around JS disabling the submit button. Again, preference. Both work, just in different ways.

Well you wouldn't reley on the js to stop people submitting invaild letters.. like a said it would be a useablilty thing.

 

[iceage32]

Well guys about hashes.It is impossible to make a totally secure system.As I dont store too sensitive data about user I will use SHA512

What you suggest for client side validation? Jquery on simple javascript

EDIT: Plase leave ideas for wha tto implement.I will not work on it till next year but in January there will be a huge release...I hope

 

[Doctor06]

can you guys help me with this? i was trying to install the website. im using Wamp with Mysql and Phpmyadmin
i created a database and defined it in the config.php file but still im getting a bunch of errors. will someone please help me?
This is my website

 

[Hydra]

Well guys about hashes.It is impossible to make a totally secure system.As I dont store too sensitive data about user I will use SHA512

If you don't want to investigate this stuff use bcrypt. And if you do want to investigate this stuff you'll find out that bcrypt is the way to go anyway. Both MD5 and SHA are completely deprecated for hashing passwords. They're too easy to brute-force. Bcrypt is developed with this in mind and is also future-proof.

Secondly. Your software is WIDE OPEN to SQL injection. This is a severe issue and NO ONE should install your software on their server unless they would like to see their databases dropped. Look into PDO and make sure you don't use the old deprecated mysql functions like you do.

 

[Hydra]

Some reading material:
http://codahale.com/how-to-safely-store-a-password/
http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php

 

[MCFTW]

I don't think there is any reasonable reason to restrict characters in password, just use normal method of interaction with database (for example PDO) and don't execute person input ever. It is a pain for users of password managing programs to change rules of password generation. Also don't use md5 for password storage, use crypt() function with CRYPT_SHA256/512 or CRYPT_BLOWFISH with appropriate number of rounds and use openssl for salt in case database gets leaked (due to for example SQL injection).

Hey guys,
So this is a repost of my last thread because someone abused the admin and published not allowed content so now I am happy for the warning
But for those who didn't seen my last thread(Think a lot didn't).This is a blog like CMS thingy written by me in PHP/HTML.More simply a website.I will update this as often as I can but I'm just a student ,I have schools so I can't do this all the time.I spent a whole weekend on the v0.2 but finally is done

Download:
http://adf.ly/FkI6N

How to install:
more themes

I cant get this to work.
I have installed here : http://176.31.10.37/~mcftwcom/test/

Aswell as here on another host: http://mcftw.com/test/

On the install.php page it says: Warning: Cannot modify header information - headers already sent by (output started at /home/hackinbl/public_html/test/install/index.php:9) in /home/hackinbl/public_html/test/install/index.php on line 36


I can not get past this message. What do i do,

Things i did
Uploaded files
Edited the config file to my database i created and still nothing. Please help i really like this