Today i ran into the problem of not being able to operate with numbers larger than a 1024-bit signed integer, equilavant to 2^1023. I wanted to be able to add two numbers in this size range, providing a number bigger than this barrier. So i wrote a script, that made it possible to do this, by using a method analouge to how you’d add large numbers on a piece of paper: i used strings, where I added each element in each string with each other.
The code is fairly simple, and there’s plenty of comments in it, so I’ll just post it as-is.

The code

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

<?php
function add_as_string($a,$b){
	// Produce an error if either $a or $b is not a string.
	if(!is_string($a) || !is_string($b)){
		return "At least one of the provided numbers was not a string!";
	}
 
	// Finds the length of $a or $b, determined by which of $a and $b is the longest string.
	$length = strlen($a)>strlen($b)?strlen($a):strlen($b);
 
	// Zero-pads the strings if neccesary.
	$a = sprintf("%0{$length}s", $a);
	$b = sprintf("%0{$length}s", $b);
 
	// Here the actual addition takes place. Note that it does the addition "backwards".
	for($x=$length-1;$x>=0;$x--){
		$c[$x] += $a[$x]+$b[$x];
		if($c[$x] >= 10){
			$c[$x-1] += 1;
			$c[$x] -= 10;
		}
	}
	$c = array_reverse($c); // Reverse the array containing the addition numbers.
 
	// Puts all the numbers in $c into a string.
	foreach($c as $number){
		$result .= strval($number);
	}
 
	return $result;
}
 
$a = pow(2,1023); // the highest value php can give me. (corresponds to the maximum value of a 1024-bit signed integer)
$a = sprintf("%1.0f",$a); // makes $a a string.
 
// Here we let the parser give the addition a try. Note that this gives INF (meaning infinity).
echo $a+$a . "<br/>";
 
// We try to add the number via the add_as_string function.
// Note that when $a==$b, every loop of the for-loop is equal to multiplication with two. Meaning that if you run the loop twice, it's the same as 4*$a, and so fourth.
for($x=0;$x<1;$x++){
	$a = add_as_string($a,$a);
}
// We output the value of the 
echo $a . "<br/>";
 
// We try putting through two number's that are unequal in length, therefore making use of the zero-padding.
$a = add_as_string("5","50");
echo $a . "<br/>";
 
// We try putting through a number and a string, which will provide an error.
$a = add_as_string(5,$a);
echo $a . "<br/>";
?>

The above code outputs:
INF
179769313486231590772930519 … 79716304835356329624224137216
55
At least one of the provided numbers was not a string!

Notes

Be aware that the script can only be used to calculate addition of integers!
It should be fairly simple to adopt the method to substraction of numbers. My next script might be multiplication of numbers larger than 2^1023. We’ll se ;D

First of all you need to place this code in the preamble of your document:

\makeatletter
\newcounter{numapp}
\newcommand{\numberofapp}{%
    \immediate\write\@auxout%
      {\string\setcounter{numapp}{\the\c@chapter}}%
}
\AtBeginDocument{\AtEndDocument{\numberofapp}}
\makeatletter

The script simply counts the number of \chapter’s started since the environment \appendix is called. The number of appendiced will then be placed in the variable \numapp, thus accesible throughout your document using \thenumapp.

Note: The script should run at least twice, before the variable will produce the correct number of appendices.

Starting point:
Computer1:
This is a computer with Windows Vista installed, that uses MiKTeX for LaTeX package sourses and compiler, TeXnicCenter as LaTeX editor, and uses a SVN-folder to share files with the group.

Computer2:
This is a computer with Ubuntu 8.04 installed, that wants to be able to share and compile files within the SVN-folder.

The solution:
All the setup is done on Computer2, the one with Ubuntu installed, because, frankly, there isn’t much configuration available in TeXnicCenter regarding encoding and such.

First of you need to install the following packages, and their dependencies: Texlive, Kile and Okular.
apt-get install texlive kile okular
Remember, you need root access to install packages. In Ubuntu, you do that by:
sudo apt-get install texlive kile okular

Then you need to configure kile, a LaTeX editor for Linux, to use the same character encoding as TeXnicCenter:

Settings:
Choose Editor, Chose Open/Save ,Set Encoding to Western European (iso 8859-1), Set Encode auto to disabled, Set End of line to DOS/Windows

Now you should be able to open and save documents readable to both you and users of the SVN-folder.

Compiling:
You can compile your LaTeX document by pressing the LaTeX in Kile, thus producing a dvi-file. Say you want to produce a pdf-file instead, just press DVItoPDF after you’ve pressed LaTeX.

This is my fourth guide and is, like my prime generator, just some code I did for fun, while I was bored in front of my computer:)
So what are we going to do today? Well, we’re going to program a unit converter “Google-style”. What I wanted to do was to get a user to input a unit. For instance “4 pounds” and then the script would output how much this was in several other units. And because units like “pounds” can be addresses in many ways (like “lb”, “lbs”, “pound”, and so on) I wanted to make the script understand every single of them and use them as if the user had used the input “pounds”.

The code

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

// Concept unit converter
echo "You can use this script to convert from/to any of the most common units in mass, distance and speed<br/>Just enter, for instance: 13 km, and then the system will calculate how long 13 km is in other units.";
echo '<form action="test.php" method="get"><input type="text" name="q" size="15"/><input type="submit" value="submit"/></form>';
$input = strtolower($_GET['q']);
$number = floatval($input);
list( , $unit) = preg_split("/[\s,.1234567890]+/", $input);
$original_unit = $unit;
//Mass
$allowed["mass"] = array("kilogram" => "kg", "kilograms" => "kg", "kgs" => "kg", "grams" => "g", "gram" => "g", "lb" => "lbs", "pounds" => "lbs", "pound" => "lbs", "ounces" => "ounce", "stones" => "stone");
$conv["mass"] = array("kg" => 1, "lbs" => 2.204623, "g" => 1000, "stone" => 0.157473, "ounce" => 35.27);
 
// Distance
$allowed["distance"] = array("meter" => "m", "meters" => "m", "kilometer" => "km", "kilometers" => "km", "inch" => "in", "inches" => "in", "mile" => "mi", "miles" => "mi", "yard" => "yd", "yards" => "yd");
$conv["distance"] = array("m" => 1, "km" => 0.001, "in" => 39.37007874, "mi" => 0.0006213712, "yd" => 1.093613);
 
// Speed / velocity
$allowed["speed"] = array("kmh" => "km/h", "mps" => "m/s", "kms" => "km/s");
$conv["speed"] = array("km/h" => 1, "mph" => 0.6213712, "m/s" => 0.2777778, "km/s" => 0.0002777778);
 
$types = array("mass", "distance", "speed");
 
foreach($types as $type){
	if(array_key_exists($unit,$allowed[$type]) || array_key_exists($unit,$conv[$type])){
		if(array_key_exists($unit,$allowed[$type]))
			$unit = $allowed[$type][$unit];
		echo "<table><tr><td style=\"text-align:right;\">";
		echo "<b>" . number_format($number,2,"."," ") . "</b></td><td><b> " . $original_unit . "</b></td></tr>";
		$number = $number/$conv[$type][$unit];
		foreach($conv[$type] as $unit_conv => $conv_ratio){
			if($unit != $unit_conv)
				echo "<tr><td style=\"text-align:right;\">" . number_format($number*$conv_ratio,2,"."," ") . "</td> <td>$unit_conv</td></tr>";
		}
		echo "</table>";
	}
}

It is clear from the code that the array $allowed[] specifies what terms are allowed in the script and it’s a translation table to the correct unit (”the correct unit” is specified by you). The array $conv[] contains the conversion ratio. As you see from the code the conversion ratio is always relative to the first unit in $conv[].

Good luck converting:D

Important note: This script can only be used for units with a specific ratios between them. This means that it for instance cannot be used for converting Celsius to Fahrenheit and vice versa.

When using cookies for login systems it’s very common to store the username and a hashed password. This method is nothing near ideal, since cookie theft is a very common phenomenon, whereby a potential hacker will be able to brute force your user’s password. What you want to do instead is creating a cookie containing 3 values: The username, a long random string and an expirery date. By putting the cookie information in a database as well, we can determine the cookies validity.

How to do it

NOTE: This guide presumes that you’ve already got a login system and the variables $username and $id is respectively the username and user id in your userdatabase

First you need to create a MySQL database table with the following data:

• id, int(11), unsigned, auto_increment, primary key
• user, varchar(50)
• random, varchar(64)
• expire, varchar(40)
• uid, int(11)

When you have authorized the user’s login data, you will generate the cookie information somewhat like this:

1
2
3
4
5
6
7
8

$random = hash(sha256,(uniqid(rand(), true)) . (uniqid(rand(), true)));
$expire = time() + 60*60*24*30; // current time + expirery time (here: 30 days)
$name   = "login"; // Name of the cookie
$value  = "$username\n$random\n$expire"; // Value of the cookie
$query = "INSERT INTO `cookie_user_db` (`id`,`user`,`random`,`expire`,`uid`) VALUES (NULL, '$username', '$random', '$expire', '$id_db')";
mysql_query($query);
$path   = "/"; // The cookie will work in all folders on present domain.
setcookie($name, $value, $expire, $path);

In the code above it’s presumed that the $username string has already been properly evaluated, to prevent from mysql-injection attacks. See more here.

Now we have a cookie with our wanted data, and a copy of those data in our database.

When a user, who is not logged in, comes to your site, who has a cookie, we want to determine wether the given data is valid:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

if($_COOKIE['login']){
	$info = explode('\n',$_COOKIE['login']); // Devides the cookie in it's seperable values: 1) Username, 2) A unique random number and 3) the expirery date for the cookie.
	$username = mysql_escape_string($info[0]); // mysql_escape_string is used to prevent mysql injection attacks.
	$random = mysql_escape_string($info[1]);
	$expire = mysql_escape_string($info[2]);
 
	if($username && ($username == htmlentities($username)) && $random && $expire){ // Checks if a username is present and wether the username holds special characters.
		$query = "SELECT * FROM `cookie_user_db` WHERE `user` = '$username' AND `random` = '$random' AND `expire` = '$expire'";
		$result = mysql_query($query);
		if(mysql_num_rows($result) >= 1){
			while($r=mysql_fetch_array($result)){
				$username_db= mb_strtolower($r["user"]);
				$random_db=$r["random"];
				$expire_db = $r["expire"];
				$uid_db = $r["uid"];
				}
 
			//checks wether the supplied user exists in the user database
			$result = mysql_query("SELECT * FROM `$user_db` WHERE `user` = '$username' AND `id` = '$uid_db'");
			if(mysql_num_rows($result) >= 1){
				// At the basis the user isn't allowed to login:
				$login = false;
				if (($expire_db == $expire) && $expire > time()){ // Checks wether 1) the expirery date of the database matches the one supplied in the cookie and 2) wether the expirery date is still valid.
					// Gives $login a true value
					$login = true;
				}
 
				// Checks wether $login is true
				if ($login == true) {
					// Session variable "access" is given a true value.
					$_SESSION['access'] = true;
 
					// The user is sent to the administration page.
					header("Location: admin_website.php");
					exit;
				}
				//If $login is not true, the user is sent back to the login page.
				else {
					include("login.php");
					exit;
				}
			}
		}
	}
}
// If no cookie is found, the user is sent back to the login page
include("login.php");
exit;

Here’s a micro guide on how to generate prime numbers in a given interval with PHP.

A prime number is a natural number (a positive integer) which has exactly two distinct natural number divisors (1 and the number itself).

The Code

What we want to do is to create a function that takes a minimum and a maximum value of primes values we want to find. Then we try to divide the number by every number bigger than 1 and smaller than itself and determine if it has a remainder on any of the calculation. If it has on every caltulation we’ve got a prime, if not, we don’t.
I’ve made the script to only use odd numbers, because 2 is the only non-odd prime.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

<?php
function prime_generator($from,$to,$return=false){
	if(!($from%2))
		$from++;
	if($from <= 2){
		$from = 3;
		if($return)
			$primes .= "2, ";
		else
			echo "2, ";
	}
 
	for($x=$from; $x <= $to; $x+=2){
		$prime=true;
		for($y=$x-1;$y>1;$y--){
			if(!($x%$y)){
				$prime=false;
				}
		}
		if($prime){
			if($return)
				$primes .= $x . ", ";
			else
				echo $x . ", ";
		}
	}
	if($return)
		return $primes;
}
$primes = prime_generator(0,100, true);
echo $primes;
?>

You can use the function either with or without the $return parameter set. If it’s set to true it will return all primes in the given interval, if not, it gives the output right away.

One of the most widely used password hashing methods is MD5 (using md5("password")). Although, It’s been discovered that MD5-sum hashing is insecure because of the fairly simple method of finding collisions (as described by Wang et al. in 2004) and recently discovery that MD5-sum hashing brings insecurity to https sites (as described by Sotirov et al. in 2007).
This MD5 insecurity made me want to create a password hashing system that uses a modern hash algorithm and a modern way of thinking. So I sat down and began to read about internet security and I came up with 3 significant improvements compared to the md5("password") method:

1. SHA-256 hashing, instead of MD5.
2. Adding a random ’salt’ to the password.
3. Adding a fixed ’salt’ to the password

Salts

A salt is a string that is appended to the password to make the more difficult to brute force the hash. Adding a salt also makes the use of rainbow tables impossible.
When appending a random salt to the password we ensure that two equal passwords is completely different in the database, whereby a potential hacker can’t brute force more than one user at a time – he has to brute force every password by itself.
When adding a fixed salt we add a significantly long string to the password, making the hash even more difficult and time demanding to brute force because:

• It’s highly unlikely that a hacker grants access to both the database (containing the hash) and the php-file (containing the fixed salt)
• Even if a hacker finds out fixed salt string; it will take more computer power to brute force and thereby more time.

So how do we do this is practice? First of all we have to ensure to store the random hash, so we’re able to compare a user input password with the hashed one in the database. This can be done like this (this example will be a simplified version of the final outcome):

1
2
3
4
5

<?php
$RandomSalt = substr((sha1(uniqid(rand(),true))), 0, 12);
$hash = hash(sha256, $RandomSalt . $plain_text_password);
$final_hash = $RandomSalt . $hash;
?>

substr cut the string from the second parameter to the third parameter; in this case it takes characters 0 to 12 in our generated string.
We generate the random string by taking the SHA-1 hash of a 23 character long unique ID created from the build-in PHP-function uniqid with the second parameter set to true to give us more entropy.
In the last step we append the random salt to the final hash value. This way we can retrieve it for comparison.

Now we want to append a fixed salt to the password hash as well:

1
2
3
4
5
6

<?php
define('FIXED_SALT', '@ywaE~H*JSA}7w2I||t%E%ywb}<]Y-I=');
 
$hash = hash(sha256, $RandomSalt . $plain_text_password . FIXED_SALT);
$final_hash = $RandomSalt . $hash;
?>

The fixed salt in this example is 32 characters long but could be any length, although the longer the salt is, the more time demanding it will be to brute force the hash.

I’ve created a function to randomly create a fixed salt with variable length. In the example below will output a 32 character long random string:

1
2
3
4
5
6
7
8
9
10
11
12

function generateRandSalt($salt_length){
	$string = "define('FIXED_SALT', '";
	for($x=0;$x<$salt_length;$x++){
		$rnd_nr = rand(33,126);
		while($rnd_nr == 34 || $rnd_nr == 39)
			$rnd_nr = rand(33,126);
		$string .= htmlentities(chr($rnd_nr)) ;
	}
	$string .= "');";
	return $string;
}
echo generateRandSalt(32) . "<br/>";

Hash functions

This example uses the hash function SHA-256, which creates a 64 character long hash string. If you want to save space in your database you can use the SHA-1 hash function instead. You should always use a known hashing system instead of trying to make your own, trying to fool a potential hacker. “Security through obscurity” is a widely used term in this industry – and is widely advised against. The term covers the type of security that is based upon making something weird or obscure. This might seem like a good protection, but if you’re not a mathematical genius it’s often easy to analyse how you created your security, and then it’s normally already broken.

Approximate lifetime left for some known hashing algorithms:
MD5 is completely dead.
SHA-1 is expected to die within 1-3 years.
SHA-256 is expected to have a lifetime of more than 20 years.

The code

The final code is presented below. It’s advised that you change the random salt length and you don’t use the same fixed salt as in the example below.
Remember: the longer you make the random salt, the more space your hash will take up in your database, since the random salt is appended to the hash.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

<?php
define('SALT_LENGTH', 24);
 
define('FIXED_SALT', 'q*x<D:_I7c:IG~O]B5Tv&}-V|DOM(~@z');
 
function generateHash($plainText, $salt = null){ // The salt variable is set to NULL if no parameter is set.
	if ($salt === null){ // triple equal signs means "defined as" and is used instead of the comparison (double equal signs) for the instance that the given salt is either zero (0) or an empty string ("").
		// Generates a random string with the defined salt length.
		// Two random functions are used to increase the number of possible outcomes.
		$salt = substr(hash(sha256,(uniqid(rand(), true)) . (uniqid(rand(), true))), 0, SALT_LENGTH);
	}
	else{ // Uses the supplied string. If the string is too long, it will be shortened to the defined salt length.
		$salt = substr($salt, 0, SALT_LENGTH);
	}
	// The hash is produced in a matter, so the random salt is appended to the password and the static salt is appended. The final hash is produced by using the SHA-256 algorithm.
	$hash = hash(sha256,$salt . $plainText . SECURE_SALT);
	return $salt . $hash; // Returns the hashed string with the random salt appended to it
}
 
$hash = generateHash("test"); // Calls the generateHash function and stores it in the $hash variable.
$deHash = generateHash("test",$hash); // hashes again using the same random hash as in $hash.
echo $hash . "<br/>" . $deHash;
?>

To generate a password you call the function like this:

generateHash($plain_text_password);

To compare an input password with the one in the database use:

if(generateHash($input_password,$database_password) == $database_password){
	// input password is correct
}
else{
	// input password is incorrect.
}

NOTE: No matter which way you hash your passwords it will always be possible to brute force the hash. The measures described in this guide are merely to give a potential hacker a great disadvantage in his brute force attempt. Even with a cluster of 1000 computers it would probably take a month to brute force a single hash.
Furthermore it’s strongly advised to demand a certain password strength from the user. This way it’s much more difficult for a potential hacker to guess the password on the login form. Also, it’s advised that you only allow a certain login attempts from the same computer in a specified timeframe. For instance 5 login attempt per hour.

The source file is available for download: Click here to download the code

Further Improvements

To make the hash even more time demanding to brute force, you could loop the hashing several times. This practice improves the code in two ways:

1. A potential hacker doesn’t know how many times the hash function loops.
2. If the hacker finds out how many times the hash loops, he still need to hash several times for each brute force attempt.

I’ve written an example:

1
2
3
4
5
6
7
8
9
10
11
12
13

function generateHash($plainText, $salt = null){
	if ($salt === null){
		$salt = substr(hash(sha256,(uniqid(rand(), true)) . (uniqid(rand(), true))), 0, SALT_LENGTH);
	}
	else{
		$salt = substr($salt, 0, SALT_LENGTH);
	}
	$hash = hash(sha256,$salt . $plainText . SECURE_SALT);
	for($x=0;$x < 4500;$x++){
		$hash = hash(sha256,$salt . $hash . SECURE_SALT);
	}
	return $salt . $hash;
}

NOTE: this solution can be very server power demanding, for which reason it shouldn’t be used, at least not with 4500 loops, if your site has many login attempts during short timeframes.