Go Back   CodingForums.com > :: Server side development > PHP
Reload this Page MD5 problem

Before you post, read our: Rules & Posting Guidelines

Reply
 
Thread Tools Rate Thread
Enjoy an ad free experience by logging in. Not a member yet? Register.
Old 10-17-2012, 02:09 PM   PM User | #1
hans_cellc
New Coder

 
Join Date: Oct 2011
Posts: 92
Thanks: 38
Thanked 0 Times in 0 Posts
hans_cellc is an unknown quantity at this point
MD5 problem
I have the following form:

Code:
<form name="form1" method="post" action="login.php">
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr align="center"><td colspan="2" style="font-size: 120%;"><strong>Member Login </strong></td></tr>
<tr><td align="right" width="100">Username:</td><td align="center" width="235"><input name="myusername" type="text" id="myusername" size="20" maxlength="6" /></td></tr>
<tr><td align="right">Password:</td><td align="center"><input name="mypassword" type="password" id="mypassword" size="20" maxlength="6" /></td></tr>
<tr><td>&nbsp</td><td align="center"><input type="submit" name="Submit" value="Log me in"></td></tr>
</table>
</form>
With the following code to check login:

Code:
<?PHP
// Inialize session
session_start();
 
// Import the connect to DB code as required as we need it and can not continue with out it.
require 'connect_db.php';

?>

<!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Logging in - 48323934 - ICT 2613</title>
<meta name="Description" content="PHP ICT2613 Exam Assignment. 48323934 - Logging in " />
<meta http-equiv="content-language" content="en-za" />
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<meta name="Author" content="S.J. Fouche, Student number: 48323934" />
<meta name="HandheldFriendly" content="True" />
<!-- Link to the external style sheet (CSS) -->
<link rel="stylesheet" type="text/css" href="my_css.css" />
<!-- Link to the external javascript file -->
<script type="text/javascript" src="my_javascript.js"></script>

</head>

<body>
<!-- Used the include feature for the header and links on all pages -->
<?PHP require "header.txt" ?>

<!-- Setup image -->
<table width="640" height="350" align="center" cellpadding="0" cellspacing="1">
<tr align="center"><td><img src="site_graphics/controls.jpg" alt="Control Background" width="600" height="300" /></td></tr>
</table>

<!-- PHP Coding -->
<?PHP
// Code below will create Code link at the center and bottom of the page
echo("<p style='position:absolute; bottom:5px; left:49%;'><a href='javascript: logincode()'>Code</a></p>")
?> 

</body>
</html>

<?PHP

<?PHP
// Inialize session
session_start();
 
// Import the connect to DB code as required as we need it and can not continue with out it.
require 'connect_db.php';

?>

<!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Logging in - 48323934 - ICT 2613</title>
<meta name="Description" content="PHP ICT2613 Exam Assignment. 48323934 - Logging in " />
<meta http-equiv="content-language" content="en-za" />
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<meta name="Author" content="S.J. Fouche, Student number: 48323934" />
<meta name="HandheldFriendly" content="True" />
<!-- Link to the external style sheet (CSS) -->
<link rel="stylesheet" type="text/css" href="my_css.css" />
<!-- Link to the external javascript file -->
<script type="text/javascript" src="my_javascript.js"></script>

</head>

<body>
<!-- Used the include feature for the header and links on all pages -->
<?PHP require "header.txt" ?>

<!-- Setup image -->
<table width="640" height="350" align="center" cellpadding="0" cellspacing="1">
<tr align="center"><td><img src="site_graphics/controls.jpg" alt="Control Background" width="600" height="300" /></td></tr>
</table>

<!-- PHP Coding -->
<?PHP
// Code below will create Code link at the center and bottom of the page
echo("<p style='position:absolute; bottom:5px; left:49%;'><a href='javascript: logincode()'>Code</a></p>")
?> 

</body>
</html>

<?PHP

// username and password sent from form 
// My username and passwords are case sensitive and are not making use of: strtolower or strtoupper
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];
echo $mypassword.'<br />';
// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
echo $mypassword.'<br />';
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
echo $mypassword.'<br />';

/* With my research on google re PHP and passwords I came accross this neat little encryption trich for passwords, I have changed my database password varchar to 32 characters
insted of 6 characters as specified to accomodate this feature as a MD5 hash generates a 32 character hash which by it self is pretty interesting as well. this is a 128 bit
encryption and therefore should only generate 16 characters but it makes use of hexa-decimal therefore the 32 characters */
$password_hash = md5($mypassword);
echo $password_hash;
	

// Table name variable
$tb_name = "tb_user";

// Set the Query within a variable
// I have sed SELECT 'id' instead of SELECT * as it speeds up the search especially if you have thousands of users
$query = "SELECT 'id' FROM $tb_name WHERE username='$myusername' AND password='$password_hash'";
$result = mysql_query($query);

// Mysql_num_row is counting table row
$count = mysql_num_rows($result);

// Create a if statement to check if results returned and if not to display an error
// I have created these messages with window.alert and window.confirm just to be snazzy
// I am able to refer back to the index.php on both conditions as there is a conditional to change the menu links if user logged in.
if($count == 1) {
	// Register $myusername and redirect to file "securepage.php"
 	// Set myusername session variable
	$_SESSION['myusername'] = $_POST['myusername'];
	$username =  $_SESSION['myusername'];
	echo "(<script type='text/javascript'>
    window.alert(\"Welcome $username you are successfully logged in.\")
    window.location.href='index.php'; 
    </script>)";
 	}
else {
	// else if incorrect ask user if they wish to register or try again
	echo "(<script type='text/javascript'>	
    if (window.confirm('Username or Password INCORRECT!                                                               Press OK to Register a new user or CANCEL to try again.')) 
		window.location.href='register.php'; 
	else
		window.location.href='index.php';
    </script>)";
 }
 
?>
	

// Table name variable
$tb_name = "tb_user";

// Set the Query within a variable
// I have sed SELECT 'id' instead of SELECT * as it speeds up the search especially if you have thousands of users
$query = "SELECT 'id' FROM $tb_name WHERE username='$myusername' AND password='$password_hash'";
$result = mysql_query($query);

// Mysql_num_row is counting table row
$count = mysql_num_rows($result);

// Create a if statement to check if results returned and if not to display an error
// I have created these messages with window.alert and window.confirm just to be snazzy
// I am able to refer back to the index.php on both conditions as there is a conditional to change the menu links if user logged in.
if($count == 1) {
	// Register $myusername and redirect to file "securepage.php"
 	// Set myusername session variable
	$_SESSION['myusername'] = $_POST['myusername'];
	$username =  $_SESSION['myusername'];
	echo "(<script type='text/javascript'>
    window.alert(\"Welcome $username you are successfully logged in.\")
    window.location.href='index.php'; 
    </script>)";
 	}
else {
	// else if incorrect ask user if they wish to register or try again
	echo "(<script type='text/javascript'>	
    if (window.confirm('Username or Password INCORRECT!                                                               Press OK to Register a new user or CANCEL to try again.')) 
		window.location.href='register.php'; 
	else
		window.location.href='index.php';
    </script>)";
 }
 
?>
I have added the echo statement to try and see what is happening but the password stays right before the md5.
when I echo the $password_hash it adds a ( at the end I cant understand why.

Am I doing something wrong?

I have tried the code seperate as follows and it does not add the (

Code:
<?PHP
if (isset($_POST['myusername']) && isset($_POST['mypassword'])) {
// username and password sent from form 
// My username and passwords are case sensitive and are not making use of: strtolower or strtoupper
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];
echo $mypassword.'<br />';
// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
echo $mypassword.'<br />';
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
echo $mypassword.'<br />';

/* With my research on google re PHP and passwords I came accross this neat little encryption trich for passwords, I have changed my database password varchar to 32 characters
insted of 6 characters as specified to accomodate this feature as a MD5 hash generates a 32 character hash which by it self is pretty interesting as well. this is a 128 bit
encryption and therefore should only generate 16 characters but it makes use of hexa-decimal therefore the 32 characters */
$password_hash = md5($mypassword);
echo $password_hash;
	}
?>

<form name="form1" method="post" action="password2.php">
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr align="center"><td colspan="2" style="font-size: 120%;"><strong>Member Login </strong></td></tr>
<tr><td align="right" width="100">Username:</td><td align="center" width="235"><input name="myusername" type="text" id="myusername" size="20" maxlength="6" /></td></tr>
<tr><td align="right">Password:</td><td align="center"><input name="mypassword" type="password" id="mypassword" size="20" maxlength="6" /></td></tr>
<tr><td>&nbsp</td><td align="center"><input type="submit" name="Submit" value="Log me in"></td></tr>
</table>
</form>
Last edited by hans_cellc; 10-17-2012 at 02:37 PM..
hans_cellc is offline   Reply With Quote
Old 10-17-2012, 05:40 PM   PM User | #2
hans_cellc
New Coder

 
Join Date: Oct 2011
Posts: 92
Thanks: 38
Thanked 0 Times in 0 Posts
hans_cellc is an unknown quantity at this point
OK don't worry got it, the () brackets around the script within PHP caused the problem.
hans_cellc is offline   Reply With Quote
Old 10-17-2012, 06:15 PM   PM User | #3
tangoforce
Senior Coder

 
tangoforce's Avatar
 
Join Date: Feb 2011
Location: Your Monitor
Posts: 3,667
Thanks: 46
Thanked 456 Times in 444 Posts
tangoforce will become famous soon enoughtangoforce will become famous soon enough
Don't be offended, this code needs to be completely re-written with error reporting turned on.

I've put my comments in your code below.

Quote:
Originally Posted by hans_cellc View Post
PHP Code:
<?PHP
// Inialize session
session_start();
 
// Import the connect to DB code as required as we need it and can not continue with out it.
require 'connect_db.php';

?>

<!DOCTYPE html PUBLIC.. etc

<?PHP //PHP opening tag

<?PHP //What the? - Another one? - This code shouldn't work.
// Inialize session
session_start(); //You shouldn't be using this twice especially after html output has begun - This just shows you have error reporting turned off.
 
// Import the connect to DB code as required as we need it and can not continue with out it.
require 'connect_db.php';

?>

<!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Logging in - 48323934 - ICT 2613</title>
<meta name="Description" content="PHP ICT2613 Exam Assignment. 48323934 - Logging in " />
<meta http-equiv="content-language" content="en-za" />
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<meta name="Author" content="S.J. Fouche, Student number: 48323934" />
<meta name="HandheldFriendly" content="True" />
<!-- Link to the external style sheet (CSS) -->
<link rel="stylesheet" type="text/css" href="my_css.css" />
<!-- Link to the external javascript file -->
<script type="text/javascript" src="my_javascript.js"></script>

</head>

<body>
<!-- Used the include feature for the header and links on all pages -->
<?PHP require "header.txt" ?>

<!-- Setup image -->
<table width="640" height="350" align="center" cellpadding="0" cellspacing="1">
<tr align="center"><td><img src="site_graphics/controls.jpg" alt="Control Background" width="600" height="300" /></td></tr>
</table>

<!-- PHP Coding -->
<?PHP
// Code below will create Code link at the center and bottom of the page
echo("<p style='position:absolute; bottom:5px; left:49%;'><a href='javascript: logincode()'>Code</a></p>")
?> 

</body>
</html>

<?PHP

// username and password sent from form 
// My username and passwords are case sensitive and are not making use of: strtolower or strtoupper
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];
echo $mypassword.'<br />';
// To protect MySQL injection
$myusername stripslashes($myusername); //Don't just use strip slashes 
$mypassword stripslashes($mypassword); //Check for magic quotes first.
I've not checked the rest as it looks like you need to learn the basics about a few things first such as keeping php and html seperate

session_start() must be used before ANY output and should only be used once (ok you can use it more than once but only when you really know what you're doing and how it will work behind the scenes etc).

At one point you have TWO <?php opening tags
__________________
Please don't be rude: Put your php code in [php][/php] tags. It is a sticky topic at the top of the forum and it HELPS us to HELP YOU!
TIP: Coding styles and $end errors :::::::::: TIP: Warning: Cannot modify header information - headers already sent :::::::::: TIP: Quotes / Parse error: syntax error, unexpected T_..
PHP Code:
//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value. 
Explanation: The IE if(isset($_POST['submit'])) bug explained.
Last edited by tangoforce; 10-17-2012 at 06:29 PM..
tangoforce is offline   Reply With Quote
Users who have thanked tangoforce for this post:
hans_cellc (10-17-2012)
Old 10-17-2012, 07:21 PM   PM User | #4
hans_cellc
New Coder

 
Join Date: Oct 2011
Posts: 92
Thanks: 38
Thanked 0 Times in 0 Posts
hans_cellc is an unknown quantity at this point
Thanks a mil, I dont know what happened I think my copy and paste got mixed up it was only in once.
How should I change the coding for the magic quotes?

Below my code:

config.php
Code:
<?PHP

// Inialize session
ob_start();
session_start();

// Create a function to shorten code on other pages to check if SESSION isset
function loggedin() {
	if (isset($_SESSION['myusername'])) {
		return true;
		}
	else {
		return false;
		}
}
		
?>
connect_db.php
Code:
<?PHP
// I am setting all my variables to make it easier to change code at a later stage by just cganging the variables
$mysql_host = "localhost";
$mysql_user = "root";
$mysql_passw = "";
$mysql_db = "games";

// Using a f statement with the not inside that if the DB does not exist or could not connect
// it will die with an error message as per the variable, I used the @ sign to silence the normal error message
if (!@mysql_connect($mysql_host, $mysql_user, $mysql_passw) OR !@mysql_select_db($mysql_db)) {
	// If no such database found pop up error
	echo ("<script type='text/javascript'>	
    window.alert('Could not connect to Database');
	window.location.href = 'index.php'; 
    </script>");
	}

?>
header.txt
Code:
<h1 style="font-size: 400%; font-family: Forte, Verdana, Arial, Helvetica, sans-serif; color: #000000; margin-top: -7px;" align="center">CONSOLE GAMES FOR SALE</h1>
<h1 style="font-size: 300%; font-family: Forte, Verdana, Arial, Helvetica, sans-serif; color: #FF0000; margin-top: -20px;" align="center">PS2 - PS3 - Wii - X-BOX</h1><br />

<!-- Links -->
<table width="100%" style = "margin-top: -25px;">
<tr align="center"><td ><h3 style = "margin-top: -5px; margin-bottom: 1px;"><a href="http://127.0.0.1/exam/index.php" name="top">Home Page</a> | <a href="http://127.0.0.1/exam/insert.php">Insert</a> | 
<a href="http://127.0.0.1/exam/list.php">List</a> | <a href="http://127.0.0.1/exam/source_code.php">Source Codes</a> | <a href="http://127.0.0.1/exam/register.php">Register</a> | 
<a href="#" onclick="showDiv()">Login</a></h3></td></tr></table>

<h2 style="color: yellow; font-family: Verdana, Arial, Helvetica, sans-serif;" align="center">Members Only</h2>

<!-- Insert a horizontal line (ruler) -->
<hr /><br />
header_secure.txt
Code:
<h1 style="font-size: 400%; font-family: Forte, Verdana, Arial, Helvetica, sans-serif; color: #000000; margin-top: -7px;" align="center">CONSOLE GAMES FOR SALE</h1>
<h1 style="font-size: 300%; font-family: Forte, Verdana, Arial, Helvetica, sans-serif; color: #FF0000; margin-top: -20px;" align="center">PS2 - PS3 - Wii - X-BOX</h1><br />

<!-- Links -->
<table width="100%" style = "margin-top: -25px;">
<tr align="center"><td ><h3 style = "margin-top: -5px; margin-bottom: 1px;"><a href="http://127.0.0.1/exam/index.php" name="top">Home Page</a> | 
<a href="http://127.0.0.1/exam/insert.php">Insert</a> | <a href="http://127.0.0.1/exam/list.php">List</a>| 
<a href="http://127.0.0.1/exam/source_code.php">Source Codes</a> | Welcome: <strong><?php echo $_SESSION['myusername']; ?></strong> | <a href="logout.php">Logout</a></h3></td></tr></table>

<h2 style="color: yellow; font-family: Verdana, Arial, Helvetica, sans-serif;" align="center">Members Zone</h2>

<!-- Insert a horizontal line (ruler) -->
<hr /><br />
login.php
Code:
<?PHP
require "config.php";
 
// Import the connect to DB code as required as we need it and can not continue with out it.
require "connect_db.php";

?>

<!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Logging in - 48323934 - ICT 2613</title>
<meta name="Description" content="PHP ICT2613 Exam Assignment. 48323934 - Logging in " />
<meta http-equiv="content-language" content="en-za" />
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<meta name="Author" content="S.J. Fouche, Student number: 48323934" />
<meta name="HandheldFriendly" content="True" />
<!-- Link to the external style sheet (CSS) -->
<link rel="stylesheet" type="text/css" href="my_css.css" />
<!-- Link to the external javascript file -->
<script type="text/javascript" src="my_javascript.js"></script>

</head>

<body>
<!-- Used the include feature for the header and links on all pages -->
<?PHP require "header.txt" ?>

<!-- Setup image -->
<table width="640" height="350" align="center" cellpadding="0" cellspacing="1">
<tr align="center"><td><img src="site_graphics/controls.jpg" alt="Control Background" width="600" height="300" /></td></tr>
</table>

<!-- PHP Coding -->
<?PHP
// Code below will create Code link at the center and bottom of the page
echo("<p style='position:absolute; bottom:5px; left:49%;'><a href='javascript: logincode()'>Code</a></p>")
?> 

</body>
</html>

<?PHP

// username and password sent from form 
// My username and passwords are case sensitive and are not making use of: strtolower or strtoupper
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];
// echo $mypassword.'<br />';	This was my test code
// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
// echo $mypassword.'<br />';	This was my test code
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
// echo $mypassword.'<br />';	This was my test code

/* With my research on google re PHP and passwords I came accross this neat little encryption trich for passwords, I have changed my database password varchar to 32 characters
insted of 6 characters as specified to accomodate this feature as a MD5 hash generates a 32 character hash which by it self is pretty interesting as well. this is a 128 bit
encryption and therefore should only generate 16 characters but it makes use of hexa-decimal therefore the 32 characters */
$password_hash = md5($mypassword);
// echo $password_hash;			This was my test code
	

// Table name variable
$tb_name = "tb_user";

// Set the Query within a variable
// I have sed SELECT 'id' instead of SELECT * as it speeds up the search especially if you have thousands of users
$query = "SELECT 'id' FROM $tb_name WHERE username='$myusername' AND password='$password_hash'";
$result = mysql_query($query);

// Mysql_num_row is counting table row
$count = mysql_num_rows($result);

// Create a if statement to check if results returned and if not to display an error
// I have created these messages with window.alert and window.confirm just to be snazzy
// I am able to refer back to the index.php on both conditions as there is a conditional to change the menu links if user logged in.
if($count == 1) {
	// Register $myusername and redirect to file "securepage.php"
 	// Set myusername session variable
	$_SESSION['myusername'] = $_POST['myusername'];
	$username =  $_SESSION['myusername'];
	echo ("<script type='text/javascript'>
    window.alert(\"Welcome $username you are successfully logged in.\")
    window.location.href='index.php'; 
    </script>");
 	}
else {
	// else if incorrect ask user if they wish to register or try again
	echo ("<script type='text/javascript'>	
    if (window.confirm('Username or Password INCORRECT!                                                               Press OK to Register a new user or CANCEL to try again.')) 
		window.location.href='register.php'; 
	else
		window.location.href='index.php';
    </script>");
 }
 
?>
hans_cellc is offline   Reply With Quote
Old 10-17-2012, 07:46 PM   PM User | #5
tangoforce
Senior Coder

 
tangoforce's Avatar
 
Join Date: Feb 2011
Location: Your Monitor
Posts: 3,667
Thanks: 46
Thanked 456 Times in 444 Posts
tangoforce will become famous soon enoughtangoforce will become famous soon enough
This is my way of doing it - I only check for gpc magix quotes

PHP Code:
if (get_magic_quotes_gpc())
   {
   foreach($_POST as $Key => $Value)
      {
      $_POST[$Key] = (is_string($Value)) ? stripslashes($Value) : $Value;
      }
   } 
__________________
Please don't be rude: Put your php code in [php][/php] tags. It is a sticky topic at the top of the forum and it HELPS us to HELP YOU!
TIP: Coding styles and $end errors :::::::::: TIP: Warning: Cannot modify header information - headers already sent :::::::::: TIP: Quotes / Parse error: syntax error, unexpected T_..
PHP Code:
//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value. 
Explanation: The IE if(isset($_POST['submit'])) bug explained.
tangoforce is offline   Reply With Quote
Users who have thanked tangoforce for this post:
hans_cellc (10-17-2012)
Reply

Bookmarks

Jump To Top of Thread


« Previous Thread | Next Thread »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 02:52 AM.
Advertisement
Log in to turn off these ads.