php - My generated salts are both exactly the same -

-

so, i'm 'randomly' generating 2 salts use later encryption , hashing. these generated during application's install process , copied global configurations file via:

file_put_contents()

now, when these generated, can view them in 'globalparams.php' file. stored values of array, array not utilised @ in installation process.

the code generation follows:

// let's generate encryption salts:      $options = [     'cost' => 12,     'salt' => mcrypt_create_iv(32, mcrypt_dev_urandom),];      $salt = password_hash(mt_rand(), password_bcrypt, $options);     $salt = password_hash($salt, password_bcrypt, $options);      $salt2 = password_hash(mt_rand(), password_bcrypt, $options);     $salt2 = password_hash($salt2, password_bcrypt, $options);

after this, placed config file so:

// let's open our template globalparams.php , replace strings..        $editfile = file_get_contents('newglobalparams.php');        $editfile = str_replace( "database_hostname", $hostname, $editfile );       $editfile = str_replace( "database_username", $dbuser, $editfile );       $editfile = str_replace( "database_password", $dbpass, $editfile );       $editfile = str_replace( "database_name", $database, $editfile );        $editfile = str_replace( "encryption_salt", $salt, $editfile );       $editfile = str_replace( "encryption_salt2", $salt2, $editfile );        // replace original globalparams.php system set up..        file_put_contents('../_includes/globalparams.php', $editfile);

and these example outputs:

$parameters['main']['salt']   = "$2y$12$clsgeeoau5/4nez3fe8qquxwubc6al5fmcyulqtavdoiy1l7nknag"; $parameters['main']['salt2']   = "$2y$12$clsgeeoau5/4nez3fe8qquxwubc6al5fmcyulqtavdoiy1l7nknag2";

why identical, appended 2?

more code, including entire installer file, can posted if needed..

ta.

edit:

here results echoed right after generation:

$2y$12$uuzolwiobepd9adozrojkus3e/dushspaqkzzcdvne6bwvsydkba2 $2y$12$uuzolwiobepd9adozrojkuicthscvq2mpgtqlkngz.jluurfsdeq.

values dumped 'globalparams.php':

$parameters['main']['salt']   = "$2y$12$uuzolwiobepd9adozrojkus3e/dushspaqkzzcdvne6bwvsydkba2"; $parameters['main']['salt2']   = "$2y$12$uuzolwiobepd9adozrojkus3e/dushspaqkzzcdvne6bwvsydkba22";

template of 'globalparams.php':

<?php  // global configurations file  $parameters['dbc']['hostname']  = "database_hostname"; $parameters['dbc']['username']  = "database_username"; $parameters['dbc']['password']  = "database_password"; $parameters['dbc']['database']  = "database_name";  $parameters['main']['salt']   = "encryption_salt"; $parameters['main']['salt2']   = "encryption_salt2";  session_start(); // start session, ready user login with. putenv( "tz=europe/london" ); // set timezone cookies , sessions.  require_once('databasefunctions.php'); require_once('corefunctions.php');  if(file_exists('_install/')) { // ensures no malicious user can reinstall application using own data..      exit( "please delete \"install\" directory." );  }

the problem this:

$editfile = str_replace( "encryption_salt", $salt, $editfile ); $editfile = str_replace( "encryption_salt2", $salt2, $editfile );

you replacing encryption_salt in encryption_salt2 on first replacement.
second replacement nothing because pattern encryption_salt2 no longer exists.


Comments

Post a Comment

Popular posts from this blog

java - Oracle EBS .ClassNotFoundException: oracle.apps.fnd.formsClient.FormsLauncher.class ERROR -

-
i need in configuring java on machine because, when try loading forms, loader goes in circles , gives error: java.lang.classnotfoundexception: oracle.apps.fnd.formsclient.formslauncher.class @ sun.plugin2.applet.applet2classloader.findclass(unknown source) @ sun.plugin2.applet.plugin2classloader.loadclass0(unknown source) @ sun.plugin2.applet.plugin2classloader.loadclass(unknown source) @ sun.plugin2.applet.plugin2classloader.loadclass(unknown source) @ java.lang.classloader.loadclass(unknown source) @ sun.plugin2.applet.plugin2classloader.loadcode(unknown source) @ sun.plugin2.applet.plugin2manager.createapplet(unknown source) @ sun.plugin2.applet.plugin2manager$appletexecutionrunnable.run (unknown source) @ java.lang.thread.run(unknown source) i have tried re-installing firefox, older versions of java runtime environments, disabling proxy. what missing? application working on other machines. i spent around 100 hours finding s
Read more

c# - how to use buttonedit in devexpress gridcontrol -

-
Image
i trying create gridcontrol buttonedit in 1 of columns. when user clicks button edit, popups form select product. when selection done on popup, returns datarow selection main grid below. but when column loses focus, value wrote column disappear. here code creates gridcontrol's data , buttonedit's click event. private void frmsiparisnew_load(object sender, eventargs e) { dt = new datatable(); dt.columns.add("malzeme_kodu",typeof(string)); dt.columns.add("malzeme_aciklama", typeof(string)); dt.columns.add("adet", typeof(decimal)); dt.columns.add("birim", typeof(string)); dt.columns.add("fiyat", typeof(decimal)); dt.columns.add("kur", typeof(string)); dt.columns.add("tutar", typeof(decimal)); datarow dr = dt.newrow(); dt.rows.add(dr); gc.datasource = dt; } private void repositoryitembuttoneditmal
Read more

How do you convert a timestamp into a datetime in python with the correct timezone? -

-
you naively expect work: import pytz datetime import datetime def tz_datetime_from_timestamp(timestamp): """convert timestamp datetime """ tz = pytz.timezone('australia/perth') server_time = datetime.utcnow() delta = tz.utcoffset(server_time) value = datetime.utcfromtimestamp(timestamp).replace(tzinfo=tz) return value + delta print tz_datetime_from_timestamp(1416387060) and convert timestamp 1416387060 wed nov 19 16:51:00 2014 gmt+8:00. ...but not. prints: 2014-11-19 16:51:00+07:43 the timezone of australia/perth not gmt+7:43. it gmt+8:00. unequivocally stated on australian government website http://www.australia.gov.au/about-australia/our-country/time : awst equal coordinated universal time plus 8 hours (utc +8). so, heck pytz pulling 7.43 from? well, turns out pytz pulls data http://www.iana.org/time-zones time zone database, , database states: # western australia # # rule name type in on @
Read more