[CLOSED] CoinLenders - page 17. | Bitcointalksearch.org

ranlo

legendary

Activity: 1974

Merit: 1007

Quote from: 🏰 TradeFortress 🏰 on July 12, 2013, 03:18:11 AM

Quote from: ranlo on July 12, 2013, 03:13:52 AM

Little off-topic but shouldn't it be

if($password1 != $password2) { //stuff here}

??

Still a newbie at PHP but I learn as I go, :p.

Nah. PHP is a weakly typed language.

According to PHP:

NULL == false
false == 0

So what's the problem?

echo '000000' == '000'; -- 1 (true)

Which means that if someone types the password 00000000 and 000, == (!=) would say they are equal, but === (!==) would not.

That's immensely helpful actually. So basically what you're saying is that !== means "even if they are equal in value, they have to be a perfect match," right? So that would also mean that if you did 5+9 != 6+3 it would be different than 5+9 !== 6+3?

gweedo

legendary

Activity: 1498

Merit: 1000

Quote from: 🏰 TradeFortress 🏰 on July 12, 2013, 02:59:12 AM

The truth is that I do hash passwords with a salt on CoinLenders.

Quote

Don't use coinlenders he doesn't hash with a strong algo with a salt!

That's false, I do.

For those who don't know, gweedo has a long history with me.

So prove you do open source the code and don't delete my post from your other thread, it looks bad Wink

Also what history are you talking about? Apparently you want history with me... I call out bad practices and this one of them.

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Quote from: gweedo on July 12, 2013, 03:15:54 AM

Well this starting to look like pirateat40. If your doing nothing wrong then you should certainly be able to keep your cool and prove me wrong, one function doesn't do that sorry.

What do you think a function showing I am hashing passwords prove with salting?

Anyway, he's just here because he wants to spread FUD about me - but there's tools to defend about that, because spreading FUD is untrustworthy.

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Quote from: ranlo on July 12, 2013, 03:13:52 AM

Little off-topic but shouldn't it be

if($password1 != $password2) { //stuff here}

??

Still a newbie at PHP but I learn as I go, :p.

Nah. PHP is a weakly typed language.

According to PHP:

NULL == false
false == 0

So what's the problem?

echo '000000' == '000'; -- 1 (true)

Which means that if someone types the password 00000000 and 000, == (!=) would say they are equal, but === (!==) would not.

gweedo

legendary

Activity: 1498

Merit: 1000

Quote from: 🏰 TradeFortress 🏰 on July 12, 2013, 02:56:30 AM

Quote from: gweedo on July 12, 2013, 02:49:52 AM

Don't use coinlenders he doesn't hash with a strong algo with a salt!

I do actually. I don't on Coinchat.

Spread FUD (because I can prove I DO hash passwords with a salt) for any of my business or services again and you will get a permanent red trust rating.

How is this FUD? It is the truth, and your threatening me? WoW great PR over here.

ranlo

legendary

Activity: 1974

Merit: 1007

Quote from: 🏰 TradeFortress 🏰 on July 12, 2013, 03:07:22 AM

You can't say you didn't do this to yourself. Enjoy your red text!

Snippet from CoinLenders source:

Code:

function userRegister($username, $email, $legalname, $password1, $password2){
	global $mysqli;
	global $passwordSalt;

	$username = $mysqli->real_escape_string($username);
	$email = $mysqli->real_escape_string($email);
	$legalname = $mysqli->real_escape_string($legalname);
	
	if($password1 !== $password2){
		return "passmismatch";
	}
	if(strlen($password1) < 8){
		return "passshort";
	}
	$password = hash("SHA256", $passwordSalt . $password1);

[..]

As you can clearly see, passwords are hashed and salted.

Little off-topic but shouldn't it be

if($password1 != $password2) { //stuff here}

??

Still a newbie at PHP but I learn as I go, :p.

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Quote

LMAO one function is all you post, no no, you have to post the entire source, plus if you really want to prove it, post the entire database as well.

Yeah I ran out of more polite things I can say, you can fuck off.

gweedo

legendary

Activity: 1498

Merit: 1000

Don't use coinlenders he doesn't hash with a strong algo with a salt!

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

You can't say you didn't do this to yourself. Enjoy your red text!

Snippet from CoinLenders source:

Code:

function userRegister($username, $email, $legalname, $password1, $password2){
global $mysqli;
global $passwordSalt;

$username = $mysqli->real_escape_string($username);
$email = $mysqli->real_escape_string($email);
$legalname = $mysqli->real_escape_string($legalname);

if($password1 !== $password2){
return "passmismatch";
}
if(strlen($password1) < 8){
return "passshort";
}
$password = hash("SHA256", $passwordSalt . $password1);

[..]

As you can clearly see, passwords are hashed and salted.

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

The truth is that I do hash passwords with a salt on CoinLenders.

Quote

Don't use coinlenders he doesn't hash with a strong algo with a salt!

That's false, I do.

For those who don't know, gweedo has a long history with me. Back when he was pissed at me stealing his programming customers Cheesy

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Quote from: gweedo on July 12, 2013, 02:49:52 AM

Don't use coinlenders he doesn't hash with a strong algo with a salt!

I do actually. I don't on Coinchat.

Spread FUD (because I can prove I DO hash passwords with a salt) for any of my business or services again and you will get a permanent red trust rating.

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

My personal details (name, address, dox for AML/CTF) etc are known by people or businesses who have a need to know them. Security isn't all electronic, physical security is important too.

ninjaboon

legendary

Activity: 2114

Merit: 1002

Good Q.
Who knows TradeFortress' real name?
I know he's from Australia.

jabetizo

full member

Activity: 125

Merit: 101

I see that I have to provide my legal name when signing up. Is it possible to avoid that and sign up pseudonymously if I only want to deposit and earn interest, not take a loan? Is the real world identity of TradeFortress known?

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻