23 thoughts on “Advanced Php Programming Part 2

  1. Hi. After this video, when I refresh my page, I get this error:

    ( ! ) Parse error: syntax error, unexpected 'if' (T_IF) in C:wampwwwtodolibslogin_users.php on line 15
    Call Stack
    # Time Memory Function Location
    1 0.0007 239680 {main}( ) ..login.php:0

    My code is exactly like yours. Why this happen? Thanks.

  2. There is an annoying noise you make with your mouth after every few seconds. Stop doing that in your video. Its annoying. Other than that , thanks for the tutorial. Helps me a lot.

  3. actually its decently written code.. just lacks some proper sanitation methods never copy someones work understand it and move on.. evolution of programming is up to you..

  4. Excellent tut. I would sanitize and trim all data that's entered into fields with Trim() and FILTER_SANITIZE functions. This protects from xss. But overall very nice…Thanks

  5. Btw: Your client is always sending the same password, over and over again. Doesn't matter if it's plaintext or not….. The ciphertext can also be used as the key with the username and ip adress.

  6. Passwords in plaintext, lol. Why do you want to store a password ?

    Generate a Random Key at server and send to client.
    Client hashes Random Key with Password and gives back to server.
    Server has Random key + Hash of Random Key + Password.

    No let client do: 10.000x SHA256(RND from server + PW) so you can't reverse engineer without using a lot of power and money. This have to be done once for everypassword that can be stored on client in cookie.

    So, it fairly fast.

  7. you should use prepared statement instead. you didnt sanitize the input from username. possibly vulnerable to blind sql.

    how it should be done:

    $stmt = $PDO->prepare("SELECT * FROM users WHERE username = :username");
    $stmt->execute(array(":username" => $username));

    if($stmt->rowCount() == 1){
    return $stmt->fetchAll(PDO::FETCH_OBJ);
    }else{
    return $tmt->rowCount();
    }

  8. Hi Aman great series so far but I'm having problems around the 27minute part where you test the code. 2 things are not happening for me. Firstly no errors are being displayed on the login_users.php page (when there are errors) and secondly the information isn't being inserted into my database but the login.php doe's refresh? Could you a take a look at my code please?

Leave a Reply

Your email address will not be published. Required fields are marked *