Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 3 123 LastLast
Results 1 to 15 of 45
  1. #1
    New Coder
    Join Date
    Jan 2010
    Posts
    25
    Thanks
    0
    Thanked 0 Times in 0 Posts

    MD5 hashing issue...I think... PHP

    Hey guys, maybe someone can help me out on this one. I have a client (contract) through my work that asked for my assistance with an internal web site. It's a php site with a mySQL database. They migrated from a Red Hat server to a Sun Solaris 10 server and cannot log into anything with their passwords. They can select the tables and what not, and the link diag page shows a successful connection to the database. My concern was that the hashses for the passwords were being generated differently between the 2 different php engines.

    Red Hat - 4.3.2

    Sun Solaris - 4.4.5

    Here's the log in form:
    ----------------------------------------------------------------------
    Code:
    <?php
        
        
        function login($Code, $Password){
            include("config.php");
            $data = 'training';
            $table = 'Agency';
    
            if($Code == NULL || $Password ==NULL)
                return "Agency Code or Password is incorrect";
                
            //connects to database
            if (!($link=mysql_pconnect($_SESSION['hostname'],$_SESSION['username'], $_SESSION['password']))) {
                error(sprintf("error connecting to host %s, by user %s", $_SESSION['hostname'], $_SESSION['username']));
                exit();
            }
            
            //select database
            if (!mysql_select_db($data, $link)){
                error(sprintf("error in executing %s database", $data));
                error(sprintf("error:%d %s", mysql_errno($link), mysql_error($link)));
                exit();
            }
        
            $query = "SELECT id, Code FROM $table WHERE ((Code = '$Code')) AND ((Password = md5('$Password')))";
            
            //stores the result of the query to the array $result
            if(!$result = mysql_query($query, $link)){
                error(sprintf("Error in executing %s stmt", $result));
                error(sprintf("error:%d %s", mysql_errno($link), mysql_error($link)));
                exit();
            }
            
            
            
            //if the user exists 
            if(mysql_num_rows($result)){
                //update last login and ip address
            
            
            $date = mktime();
            $id = mysql_result($result, 0, id);
            $ip = ip();
            $update = "UPDATE Agency SET Last_Visit = '$date', ip_address = '$ip' WHERE id = '$id'";
            
            if(!mysql_query($update, $link)){
                error(sprintf("Error in executing %s stmt", $update));
                error(sprintf("error:%d %s", mysql_errno($link), mysql_error($link)));
                exit();
            }
                $_SESSION['Code'] = mysql_result($result, 0, Code);
                $_SESSION['AgencyID'] = mysql_result($result, 0, ID);
                
                header("Location: $currentsite"); //after success it redirects
                exit;
            } else {
                return "Username or Password is incorrect";
            }
        }
        
        
    ?>
    --------------------------------------------------------------------------


    Now, someone also mentioned to me that the encoding could be different. As in the old server interpreting the characters as ASCII or ANSI...and the new server interpreting the opposite. I'm not too sure, since I really haven't had to do this stuff before with passwords. I did see in the config.inc.php file the following:

    --------------------------------------------------------------------------

    Code:
    <? php
    
    
     * MySQL settings
     */
    // Column types;
    // varchar, tinyint, text and date are listed first, based on estimated popularity
    $cfg['ColumnTypes'] = array(
       'VARCHAR',
       'TINYINT',
       'TEXT',
       'DATE',
       'SMALLINT',
       'MEDIUMINT',
       'INT',
       'BIGINT',
       'FLOAT',
       'DOUBLE',
       'DECIMAL',
       'DATETIME',
       'TIMESTAMP',
       'TIME',
       'YEAR',
       'CHAR',
       'TINYBLOB',
       'TINYTEXT',
       'BLOB',
       'MEDIUMBLOB',
       'MEDIUMTEXT',
       'LONGBLOB',
       'LONGTEXT',
       'ENUM',
       'SET'
    );
    
    // Atributes
    $cfg['AttributeTypes'] = array(
       '',
       'BINARY',
       'UNSIGNED',
       'UNSIGNED ZEROFILL'
    );
    
    // Available functions
    if ($cfg['ShowFunctionFields']) {
        $cfg['Functions'] = array(
           'ASCII',
           'CHAR',
           'SOUNDEX',
           'LCASE',
           'UCASE',
           'NOW',
           'PASSWORD',
           'MD5',
           'ENCRYPT',
           'RAND',
           'LAST_INSERT_ID',
           'COUNT',
           'AVG',
           'SUM',
           'CURDATE',
           'CURTIME',
           'FROM_DAYS',
           'FROM_UNIXTIME',
           'PERIOD_ADD',
           'PERIOD_DIFF',
           'TO_DAYS',
           'UNIX_TIMESTAMP',
           'USER',
           'WEEKDAY',
           'CONCAT'
        );
        
        // Which column types will be mapped to which Group?
        $cfg['RestrictColumnTypes'] = array(
           'VARCHAR'      => 'FUNC_CHAR',
           'TINYINT'      => 'FUNC_NUMBER',
           'TEXT'         => 'FUNC_CHAR',
           'DATE'         => 'FUNC_DATE',
           'SMALLINT'     => 'FUNC_NUMBER',
           'MEDIUMINT'    => 'FUNC_NUMBER',
           'INT'          => 'FUNC_NUMBER',
           'BIGINT'       => 'FUNC_NUMBER',
           'FLOAT'        => 'FUNC_NUMBER',
           'DOUBLE'       => 'FUNC_NUMBER',
           'DECIMAL'      => 'FUNC_NUMBER',
           'DATETIME'     => 'FUNC_DATE',
           'TIMESTAMP'    => 'FUNC_DATE',
           'TIME'         => 'FUNC_DATE',
           'YEAR'         => 'FUNC_DATE',
           'CHAR'         => 'FUNC_CHAR',
           'TINYBLOB'     => 'FUNC_CHAR',
           'TINYTEXT'     => 'FUNC_CHAR',
           'BLOB'         => 'FUNC_CHAR',
           'MEDIUMBLOB'   => 'FUNC_CHAR',
           'MEDIUMTEXT'   => 'FUNC_CHAR',
           'LONGBLOB'     => 'FUNC_CHAR',
           'LONGTEXT'     => 'FUNC_CHAR',
           'ENUM'         => '',
           'SET'          => ''
        );
    
        // Map above defined groups to any function
        $cfg['RestrictFunctions'] = array(
            'FUNC_CHAR'   => array(
                'ASCII',
                'CHAR',
                'SOUNDEX',
                'LCASE',
                'UCASE',
                'PASSWORD',
                'MD5',
                'ENCRYPT',
                'LAST_INSERT_ID',
                'USER',
                'CONCAT'
            ),
    
            'FUNC_DATE'   => array(
                'NOW',
                'CURDATE',
                'CURTIME',
                'FROM_DAYS',
                'FROM_UNIXTIME',
                'PERIOD_ADD',
                'PERIOD_DIFF',
                'TO_DAYS',
                'UNIX_TIMESTAMP',
                'WEEKDAY'
            ),
    
            'FUNC_NUMBER' => array(
                'ASCII',
                'CHAR',
                'MD5',
                'ENCRYPT',
                'RAND',
                'LAST_INSERT_ID',
                'COUNT',
                'AVG',
                'SUM'
            )
        );
        
    } // end if
    
    
    /**
     * Unset magic_quotes_runtime - do not change!
     */
    set_magic_quotes_runtime(0);
    
    /**
     * File Revision - do not change either!
     */
    $cfg['FileRevision'] = '$Revision: 1.182 $';
    ?>
    ***I didn't post the entire config.inc.php code, I've tried to do some searching online but haven't been successful in getting in the right direction. If anyone could point me in the right direction it would be greatly appreciated. I can post more info if need be. Thanks.

  • #2
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Remove the space here: <? php
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #3
    New Coder
    Join Date
    Jan 2010
    Posts
    25
    Thanks
    0
    Thanked 0 Times in 0 Posts
    o lol it is, i just put that there to post the code.... its not actually "there" in my document...its correct in the doc...

  • #4
    New Coder
    Join Date
    Jan 2010
    Posts
    25
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I've never posted code before in the forum, so i wasnt sure if it needed to have an opening/closing tag in there

  • #5
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    I'm assuming you had a backup of the db structure in order to port it over to the new server. Do you have your schema available? I'm thinking the number of characters allotted for the password in the db isn't enough to hold the entire md5 hash.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #6
    New Coder
    Join Date
    Jan 2010
    Posts
    25
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by _Aerospace_Eng_ View Post
    I'm assuming you had a backup of the db structure in order to port it over to the new server. Do you have your schema available? I'm thinking the number of characters allotted for the password in the db isn't enough to hold the entire md5 hash.

    well, heres my problem...everything was already moved over, the old prod box is still being used... red hat box, and the dev box is the one that the problem is on. They are insisting that I try to figure it out, which is putting a lot of stress on me since I'm technically not a developer (i do web dev as a hobby and work knows now b/c of my big mouth). I'm also not a dba and have only worked with mysql through cpanel as far as creating a db and giving it users and letting my app do the rest, so i'd say im somewhat of a rookie...I have configured MS SQL servers but not down to doing queries and such... The solaris box the site is on now, I only have ssh access to and cant run an x session b/c theres no video...yea go figure I'd get stuck with it. I poked around an fixed a few syntax errors which i was hoping was the issue since the php engines were different revs, but no dice.... so this is where im left at...

  • #7
    New Coder
    Join Date
    Jan 2010
    Posts
    25
    Thanks
    0
    Thanked 0 Times in 0 Posts
    http://imgur.com/mslFz

    screenshot of the mysql cli....is this what i need to be looking at?

  • #8
    New Coder
    Join Date
    Jan 2010
    Posts
    25
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I also did describe AgencyPasswords;

    shows details, the MD5 varchar is (40)

  • #9
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    40 should be fine. MD5 is only 32, if I recall correctly.

    You should be looking at what the system logs are telling you before anything else. Also, what versions of MySQL are running on each? Enable error_reporting and see what gets logged from PHP.

  • #10
    New Coder
    Join Date
    Jan 2010
    Posts
    25
    Thanks
    0
    Thanked 0 Times in 0 Posts
    this is showing in the access_log

    [29/Jan/2010:23:14:56 -0500] "POST /index.php HTTP/1.1" 200 5827

  • #11
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    But did you enable error reporting and check the error log?
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #12
    Regular Coder
    Join Date
    Oct 2004
    Posts
    168
    Thanks
    0
    Thanked 5 Times in 5 Posts
    Just a thought, as mentioned MD5 hashes comprise 32 hexadecimal digits, SHA hashes have 40. Are you sure the passwords are not hashed with SHA?

  • #13
    bdl
    bdl is offline
    Regular Coder
    Join Date
    Apr 2007
    Location
    Camarillo, CA US
    Posts
    590
    Thanks
    4
    Thanked 83 Times in 82 Posts
    My concern was that the hashses for the passwords were being generated differently between the 2 different php engines.
    MD5 is MD5 is MD5.... it's a portable hashing algo, so you can use it in PHP, MySQL, JavaScript, etc ad nauseum. Same with SHA1. Otherwise, any other hashing algorithms, whatever the source, must output the same string, or what good would a hash be? So if there is a custom built SHA256 hash method in an installation of MySQL for example, any number of SHA256 methods whether they are a PHP "built-in" or a script that produces this hash must all output the same hash value.


    Add to that, the dev team us using MySQL's MD5 implementation, NOT PHP's:
    PHP Code:
    $query "SELECT id, Code FROM $table WHERE ((Code = '$Code')) AND ((Password = md5('$Password')))"
    That is an unescaped function call in the string, i.e. it is inside the SQL statement, thus it is using MySQL's MD5.



    PHP Code:
    if (!($link=mysql_pconnect($_SESSION['hostname'],$_SESSION['username'], $_SESSION['password']))) { 
    UGGHHHHH. Are they really doing this?? They have bigger problems than MD5.

    I'd really like to see the code that is calling this 'login' function. Is the password passed into the function plaintext, i.e. not hashed? I'm curious if the hash is doubled up at some point, which I've seen.

    The db should be using CHAR(32), not VARCHAR(40), if it's truly MD5.

    Puffin the Erb has a really insightful comment, that at some point in time they may have switched to SHA1 because the field length is 40.


    EDIT: To add to the "could be SHA1" theory, perform a LENGTH() on all of the `Password` field data. If the data is returned as 32 characters, you most likely have an MD5 hash. Otherwise, if it's 40, I'd guess SHA1. Anything other than those two values and who knows what happened.
    Code:
    SELECT
     `Code`
     , LENGTH(`Password`) AS pass_data_length
    FROM `yourtable`
    GROUP BY pass_data_length
    LIMIT 100;
    You can remove the LIMIT clause of course; I just added that in case you have 10000 records and you don't want it to parse through them all.
    Last edited by bdl; 01-30-2010 at 06:44 PM.

  • #14
    New Coder
    Join Date
    Jan 2010
    Posts
    25
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Here's the index page with the form that calls the login.php
    Code:
    <?php session_start();
    if (isset($_POST['Code'])){
    	include_once("login.php");
    	$Error = login($_POST['Code'], $_POST['Password']);
    }
    
    
    
    if(isset($_SESSION['AgencyID'])){
    	header("Location: http://".$_SERVER['SERVER_NAME'].dirname($_SERVER['PHP_SELF'])."/welcome.php"); //after success it redirects
    	exit;
    }
    	
    	
    ?>
    <html>
    <head>
    <title>Log In</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <link href="style.css" rel="stylesheet" type="text/css">
    </head>
    <body leftmargin="0" topmargin="0" onLoad="MM_preloadImages('Images/Header_r2_c1_f2.gif','Images/Header_r2_c2_f2.gif','Images/Header_r2_c2_f4.gif','Images/Header_r2_c2_f3.gif','Images/Header_r2_c3_f2.gif','Images/Header_r2_c3_f4.gif','Images/Header_r2_c3_f3.gif','Images/Header_r2_c4_f2.gif','Images/Header_r2_c4_f4.gif','Images/Header_r2_c4_f3.gif')">
    <table width="100%" border="0" cellpadding="0" cellspacing="0">
    <tr>
      <td background="Images/head_fill.gif"><?php require_once('Header.html'); ?></td>
      <td background="Images/head_fill.gif" class="LeftBar">&nbsp;</td>
    </tr></table>
    <table width="90%" height="350" border="0" cellpadding="0" cellspacing="0">
      <tr valign="top">
        <td width="125" bgcolor="AFB2AA"><img src="Images/left_empty.gif" width="125" height="20"></td>
        <td width="1" bgcolor="#666666"><img src="Images/spacer.gif" width="1" height="1"></td>
        <td width="1" class="main"> 
          <p>&nbsp;</p></td>
        <td class="main"><p><br>
          </p>
          <p>&nbsp;</p>
          <p>
            <?php 
    			
    			if(isset($Error))
    				echo '<p align="center"><font color="red">'.$Error.'</font></p>';
    			
    			?>
          </p>
          <table width="200" border="0" align="center" cellspacing="0" cellpadding="0" class="main_noindent">
            <tr> 
              <td> <form name="form1" method="post" action="index.php">
                  <p class="main">&nbsp;Agency Code:<br>
                    <input name="Code" type="text" id="Code" value="<?php echo $_POST['$Code'];?>" size="4" maxlength="4">
                    <br>
                    Password:<br>
                    <input type="password" name="Password">
                  </p>
                  <p align="center" class="main"> 
                    <input name="imageField" type="image" src="Images/login_button.gif" width="55" height="22" border="0">
                  </p>
                </form></td>
            </tr>
          </table></td>
      </tr>
    </table>
    <table width="100%" height="20" border="0" cellpadding="0" cellspacing="0" background="Images/bottom_bar.gif">
      <tr> 
        <td>&nbsp;</td>
      </tr>
    </table>
    </body>
    </html>
    btw..thanks for all of your help guys... 32 char hash....

    I also just ssh'ed into the old production server that is working, described the table and it shows (40) as well...
    Last edited by MDwebdev85; 01-30-2010 at 10:09 PM.

  • #15
    New Coder
    Join Date
    Jan 2010
    Posts
    25
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by bdl View Post
    I'd really like to see the code that is calling this 'login' function. Is the password passed into the function plaintext, i.e. not hashed? I'm curious if the hash is doubled up at some point, which I've seen.
    I just got en email from my contact person that I'm working with. He says he added a user into the db, along with a hash of a password. When viewed in the table, the hash is twice the length of the others...


  •  
    Page 1 of 3 123 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •