Programming Help

Web Development



What's Here?

  • Members: 136,097
  • Replies: 478,402
  • Topics: 74,498
  • Snippets: 2,565
  • Tutorials: 675
  • Total Online: 1,642
  • Members: 116
  • Guests: 1,526

Welcome to Dream.In.Code
Getting PHP Help is Easy!

Join 136,097 PHP Programmers for FREE! Get instant access to thousands of PHP experts, tutorials, code snippets, and more! There are 1,642 people online right now. Registration is fast and FREE... Join Now!




salted md5 code

 
 Reply to this topicStart new topic

salted md5 code
anarki
14 Oct, 2007 - 10:38 PM
Post #1

New D.I.C Head
*

Joined: 14 Oct, 2007
Posts: 2


My Contributions
i have a php code for login..i want to encrypt the user name and password so that it can not be seen in clear text by means of any tool..can u give me the proper salted md5 code which will help in encryption..the code is given below.


CODE
<?
include '../cms/connect.php';
session_start();
session_register("loginflag");
session_register("username_session");

//Added addslashes
/*$sql="select * from loginmaster where user_login='".addslashes($txt_uname)."' and user_pass='".addslashes($txt_pass)."'
and user_status='Y'";
*/
// member login using password encription

$sql="select * from loginmaster where user_login='".addslashes($txt_uname)."' and encr_pass='".md5($txt_pass)."'
and user_status='Y'";


$rs_sql=mysql_query($sql);

if(mysql_num_rows($rs_sql)>0)
{
    $rs=mysql_fetch_array($rs_sql);
    $loginflag='Y';
    $username_session=$rs["user_login"];

                   unset($_POST[txt_uname]);
      unset($_POST[txt_pass]);
      $_POST[txt_uname]=md5('a ');
      $_POST[txt_pass]=md5('b ');

    echo "<script>window.location.href='../index.php'</script>";
} else {
    $loginflag='N';
    echo "<script>alert('Invalid Username or Password, Please try again.')</script>";
    echo "<script>window.location.href='../index.php'</script>";
}

thanks..

[mod edit] Use Code tags! mad.gif
User is offlineProfile CardPM
+Quote Post

spullen
RE: Salted Md5 Code
15 Oct, 2007 - 07:45 AM
Post #2

D.I.C Regular
Group Icon

Joined: 22 Mar, 2007
Posts: 330



Thanked: 1 times
Dream Kudos: 50
My Contributions
I just md5 the passwords when they go into the database, and then make a method called authenticate that looks like this:
CODE

public function authenticate($username, $password){
        $authenticated = false;
        $this->openDB();
        
        $md5_password = md5($password);
        
        $query = "SELECT * FROM users WHERE username = '".$username."' LIMIT 1";
        
        if(!$result = $this->db->query($query)){
            die("Error: ".$this->db->error);
        }
        
        $row = $result->fetch_assoc();
        
        if($row['md5_password'] == $md5_password){
            $authenticated = true;
        }
        
        $this->closeDB();
        return $authenticated;
    }

Which just takes in the password that the person is using to log in and the username and then md5's the password and checks it against the md5'ed password in the database.
User is offlineProfile CardPM
+Quote Post

snoj
RE: Salted Md5 Code
15 Oct, 2007 - 09:52 AM
Post #3

$Null
Group Icon

Joined: 31 Mar, 2003
Posts: 3,304



Thanked: 6 times
Dream Kudos: 700
My Contributions
Authenticating isn't the problem spullen (though thank you for your efforts).

Salting is putting some extra data with the password before it's hashed, that way a password's hash will look different and (hopefully) help prevent a dictionary attack.

Hashing is one way, once a string is hashed, it you shouldn't be able to know what the original string was, in other words it's a one way street.
User is offlineProfile CardPM
+Quote Post

Fast ReplyReply to this topicStart new topic
Time is now: 12/1/08 08:40PM
Invision Power Board v2.1.7 © 2008  IPS, Inc.
Licensed to: MediaGroup1

Live PHP Help!

PHP Tutorials

Reference Sheets

PHP Snippets

DIC Chatroom

Bye Bye Ads

Monthly Drawing

Thumb Drive

Top Contributors

Top 10 Kudos This Month