[SOLVED] Warning: mktime() expects parameter 4 to be long, string given in /home/a5663365/publ

nothing07 · 06-16-2012, 12:33 PM

What are am doing wrong?? the error message is

Code:

Warning: mktime() expects parameter 4 to be long, string given in /home/a5663365/public_html/confirmation.php on line 45

in my index script i have noted this, and im also wondering how to get al the years do i need to type them all in?

Code:

<select name="day" id="day">
<option value="1">Jan</option> 
<option value="2">Feb</option> 
<option value="3">Mar</option> 
<option value="4">Apr</option> 
<option value="5">May</option> 
<option value="6">Jun</option> 
<option value="7">Jul</option> 
<option value="8">Aug</option> 
<option value="9">Sep</option> 
<option value="10">Oct</option> 
<option value="11">Nov</option> 
<option value="12">Dec</option>
</select>
<select name="month" id="month">
<option value="2">2</option> 
<option value="3">3</option> 
<option value="4">4</option> 
<option value="5">5</option> 
<option value="6">6</option> 
<option value="7">7</option> 
<option value="8">8</option> 
<option value="9">9</option> 
<option value="10">10</option> 
<option value="11">11</option> 
<option value="12">12</option> 
<option value="13">13</option> 
<option value="14">14</option> 
<option value="15">15</option> 
<option value="16">16</option> 
<option value="17">17</option> 
<option value="18">18</option> 
<option value="19">19</option> 
<option value="20">20</option> 
<option value="21">21</option> 
<option value="22">22</option> 
<option value="23">23</option> 
<option value="24">24</option> 
<option value="25">25</option> 
<option value="26">26</option> 
<option value="27">27</option> 
<option value="28">28</option> 
<option value="29">29</option> 
<option value="30">30</option> 
<option value="31">31</option>
</select>
<select name="year" id="year">
<option value="2011">2011</option>
<option value="2010">2010</option> ……………………
<option value="1905">1905</option>
</select>

in my registration script

Code:

$day = $_POST['day'];
$month = $_POST['month'];
$year = $_POST['year'];

and
$birthday = date("Y-m-d", mktime(0,0,0,$month, $day, $year));
			$insertinfocommand="INSERT INTO temp SET code='$confirm_code', firstname = '$firstname', lastname = '$lastname', email = '$email', password = '$password', sex = '$sex', birthday = '$birthday'";
			$insertinforesult=mysql_query($insertinfocommand);

and in my confirmation script where the error message in coming from

Code:

$day = str_replace(' ','',$rows['day']);
        $month = str_replace(' ','',$rows['month']);
        $year = str_replace(' ','',$rows['year']);

and
$birthday = date("Y-m-d", mktime(0,0,0,$month, $day, $year));
		$insertinfocommand="INSERT INTO users SET firstname = '$firstname', lastname = '$lastname', email = '$email', password = '$password', sex = '$sex', birthday = '$birthday'";
		$insertinforesult=mysql_query($insertinfocommand);

if i got several errors in the scripts i have, pleace let my know. i have struggled long time now with inputting birtday in my regisration.

PS
Along with this error in my database it showes 1969-12-31 in birtday, strange because i typed mars-12-2010
pleace respond, even if you have looked at the scripts and not come up with a solution, so i knoe someone have looked at it, and then try again from start

NevemTeve · 06-16-2012, 12:58 PM

Explain this part, please:

Code:

$day = $_POST['day'];
$month = $_POST['day'];

nothing07 · 06-16-2012, 01:11 PM

sorry, I have corrected that in the script i uploaded in 000webhost, but when i was writing the CODE i copied the script i had on dreamweaver and agian not the script i am using, sorry my bad. I think that was the only different in the two scripts.

Nominal Animal · 06-16-2012, 01:29 PM

First, you have day and month swapped in your HTML; i.e. your days only go from 1 to 12, but months from 1 to 31. Check what name you have in each select, and what the options in it are.

Quote:

Originally Posted by nothing07

how to get al the years do i need to type them all in?

How about

Code:

<select name="year" id="year">
<option value="" selected="selected">Select year</option><?PHP
   $curryear = getdate(); $curryear = $curryear["year"];
   for ($year = $curryear; $year >= $curryear - 125; $year--)
       printf("<option value=\"%d\">%d</option>\n", $year, $year)
?></select>

Note that I put the years in reverse order, latest years first. Easier for users that way, I think.

Quote:

Originally Posted by nothing07

Code:

$day = $_POST['day'];
$month = $_POST['month'];
$year = $_POST['year'];

This will fail, because POST data is always strings. (So are GET, REQUEST, and COOKIES, too.)

Try

Code:

$day = @intval(@$_POST['day']);
$month = @intval(@$_POST['month']);
$year = @intval(@$_POST['year']);

instead. The @ suppresses all warnings. This also sanitizes your inputs -- there are all kinds of asshats trying to break our scripts, so best be careful. All you need to do, is to check that the values are sane. I'd use a test similar to

Code:

if ($day < 1 || $day > 31 || $month < 1 || $month > 12 || $year < 1) {
    @include('some-error-page-instead.inc');
    exit(0);
}
$time = mktime(0, 0, 0, $month, $day, $year);
if ($time === FALSE || $time == -1) {
    @include('some-error-page-instead.inc');
    exit(0);
}

to verify the values are sane. (Note that mktime() adjusts the values, so if you specify Feb 31, you just get a valid date in March.)

Quote:

Originally Posted by nothing07

Code:

$insertinfocommand="INSERT INTO temp SET code='$confirm_code', firstname = '$firstname', lastname = '$lastname', email = '$email', password = '$password', sex = '$sex', birthday = '$birthday'";

ARE YOU INSANE? Have you never heard of Bobby Tables?

Seriously, do not do that. Ever. That is pure evil. If you did that to my passwords, I'd .. well, I for sure would not be a friend.

First, you should always escape your queries properly. It is not difficult:

Code:

$insertinfocommand = sprintf("INSERT INTO temp SET code = '%s', firstname = '%s', lastname = '%s', email = '%s', password = '%s', sex = '%s', birthday = '%s'",
    mysql_real_escape_string($code),
    mysql_real_escape_string($firstname),
    mysql_real_escape_string($lastname),
    mysql_real_escape_string($email),
    mysql_real_escape_string($pass),
    mysql_real_escape_string($sex), 
    mysql_real_escape_string($birthday));

Second, instead of storing passwords in plain text, just generate a random salt, and store the hash of the salt and the password (in plain text in $password):

Code:

$salt1 = sprintf("%06x%06x", mt_rand(0,16777215), mt_rand(0,16777215));
$salt2 = sprintf("%06x%06x", mt_rand(0,16777215), mt_rand(0,16777215));
$pass = $salt1 . ":" . $salt2 . ":" . sha1($salt1 . $password . $salt2);

Note that I'm using dual-salted passwords. I consider it the best technique, although many consider it overkill. I like it because it prevents both prefix and postfix attacks (prepending or appending garbage to the password to make it match).

To compare a plain text password $password to a stored salted hash $pass later on, you just do

Code:

@list($salt1, $salt2, $hash) = @explode(":", $pass);
if (strcmp($hash, sha1($salt1 . $password . $salt2)) === 0) {
    /* $password is correct */
} else {
    /* $password is incorrect */
}

This way, when somebody eventually steals your password database, your users are not screwed. Any attacker must do a lot of trial-and-error computation ("cracking") to find out any of the passwords. Since they are salted, each password hash must be cracked separately; there is no way to work them over in a batch.

Doc CPU · 06-16-2012, 02:01 PM

Hi there,

Quote:

Originally Posted by Nominal Animal

Quote:

Originally Posted by nothing07

Code:

$day = $_POST['day'];
$month = $_POST['month'];
$year = $_POST['year'];

This will fail, because POST data is always strings. (So are GET, REQUEST, and COOKIES, too.)

not only will this fail, it's also completely pointless to just copy the variable values. Instead, you might just as well use the original variables.
But you're right - it makes a lot more sense to check, sanitize and convert the input as required and then store the result in a different variable.

[X] Doc CPU