0

Sorry for having such a useless question on such a helpful website but I've been having trouble with this so much and I tried everything I could find but nothing worked so here I am on stack-overflow asking stupid questions. So I get an error in my php code but I can't seem to understand what is the problem. Here is the code:

<?php
session_start();
$username = $_POST['user'];
$password = $_POST['pass'];
function fnEncrypt($sValue, $sSecretKey)
{
    return rtrim(
        base64_encode(
            mcrypt_encrypt(
                MCRYPT_RIJNDAEL_256,
                $sSecretKey, $sValue, 
                MCRYPT_MODE_ECB, 
                mcrypt_create_iv(
                    mcrypt_get_iv_size(
                        MCRYPT_RIJNDAEL_256, 
                        MCRYPT_MODE_ECB
                    ), 
                    MCRYPT_RAND)
                )
            ), "\0"
        );
}
function fnDecrypt($sValue, $sSecretKey)
{
    return rtrim(
        mcrypt_decrypt(
            MCRYPT_RIJNDAEL_256, 
            $sSecretKey, 
            base64_decode($sValue), 
            MCRYPT_MODE_ECB,
            mcrypt_create_iv(
                mcrypt_get_iv_size(
                    MCRYPT_RIJNDAEL_256,
                    MCRYPT_MODE_ECB
                ), 
                MCRYPT_RAND
            )
        ), "\0"
    );
}

$con = mysqli_connect("localhost", "root", "youcantknowthis", "Iprefernottotellthedbname");
$sql = "select * from Users where Username like '$username' and Password like '$password'";
$result = mysqli_query($con, $sql);
$chrow = mysqli_fetch_assoc($result);
if($chrow['Username'] == $username)
{   
    $mrand = pseudo_random_bytes(30);
    $_SESSION['token'] = fnEncrypt($mrand, "G3%*&IIQ|\/<HlOp:@hiuyLd$*%%!¬\"\"'gR@@:f.jr&");
    $_SESSION['user'] = fnEncrypt($username, fnEncrypt($password, $mrand));
    $_SESSION['password'] = fnEncrypt($password, "DJs%73&%38fKDj5&£$8djJ^:LJHG{@l''k}@::@\"fdshj%\"\"\\\\:GFkkdH:gf~?.'*&^%$$$5fhd");
    echo '<script>parent.location = "http://localhost/BadenBad/";</script>';    
}
else
{
    echo "Login incorrect";
}
?>

So this is basically a php server-side script for logging in. As you may have guessed from the code it is nested in an iframe though it isn't put directly into the iframe. Rather the other html website nested in the iframe (the one that calls the php script). As an explanation of what exact problem do I encounter, well I don't exactly know but when I remove the lines starting from $_SESSION['something']=... everything works fine (except no login process happens ofcourse). Just as a hint for what kind of error to search for I know for fair and square that It is not a problem with the following: 1. PHP Database Access 2. Sessions (they work okay) But I very strongly suspect it is a problem with the functions (fnEncrypt and fnDecrypt). Anyway sorry for the stupid question and long post and please scan the code and try to find some mistakes. Im sorry you can't test the code as there are numerous other files required to test this one script. Thank you in advance!. (Small edit) When I run the script it sort of crashes and never reaches the stage when it calls echo and redirects.

Samuel Allan
  • 392
  • 2
  • 20
  • What doesn't work? You claim you do not know the error, however you should still be able to describe what happens when the script is run (blank screen, repetitive text, server error, infinite loop, etc). – noahnu Feb 25 '14 at 14:12
  • well it just sort of crashes and never reaches the stage when it is redirected to the main page. – Samuel Allan Feb 25 '14 at 14:16
  • 1
    Put the code found here http://stackoverflow.com/a/6575502/1336653 at the top of your PHP script. Edit your question and list any PHP errors you receive. As a side note, a crash is still not descriptive enough. Receiving a text error w/o the script completing may be considered a crash, while a blank response is also considered a crash. All information is helpful when debugging a problem. – noahnu Feb 25 '14 at 14:21
  • Well, how far does it get through the PHP code? What is the last statement you know worked? Is there some reason you're shoving a ` – Phil Perry Feb 25 '14 at 14:22
  • How did I not notice that?!?!?! – Samuel Allan Feb 25 '14 at 14:25
  • Fatal error: Call to undefined function pseudo_random_bytes() in /var/www/html/BadenBad/PHP/log.php on line 51 – Samuel Allan Feb 25 '14 at 14:26
  • what is the proper name of this function? – Samuel Allan Feb 25 '14 at 14:26
  • Ok so I used the marvellous suggestion on comment no.3 and I solved the "first part" of the problem now I have this error about the fnEncrypt function : `Fatal error: Call to undefined function mcrypt_encrypt() in /var/www/html/BadenBad/PHP/log.php on line 12` The problem is on the other page fnEncrypt works perfectly and it is exactly the same function ideally copied a few times. Please help me out I am really stuck here. Great thanks to whoever wrote the 3rd comment I will use this technique later too. – Samuel Allan Feb 25 '14 at 14:42

0 Answers0