|
PHP - How Does Md5 Password Encryption Work?
Similar TutorialsHy 2 all, I have some questions about password security that I haven't been able to find an answer yet. Hopefully you guys know. Here it goes: 1. Is it better to hash(sha2) the password and then salt it or salt it and than hash it ? 2. I'm guessing that using a random salt is better than the same salt used for every password. 3. How can you generate a different random salt for each password ? I mean how will the login page know which random salt to mix with the hashed user inserted password and then to compare it with the password stored in the db. (an example would be great(for both: generating and authentication) 4. I saw some codes in which the salt and/or hash and/or password was split into two (ex: hash.salt1a.password.salt1b or password1a.salt.password1b or salt.hash1a.password.hash1b etc.) Is this a good idea ? Is it really more secure ? If so which would be more secure (splitting the password, the hash or the salt) ? 5. Is double hashing (ex: (sha1(md5($password))) any good ? 6. I've been reading something about password salt and pepper ?? What exactly is pepper ? Is it some sort of second salt ? If somebody could enlighten me about these questions, that would be great. Thanks in advance! I am reworking some code from a password authentication I did a long long time ago. The original code is using SHA1() function to encrypt the passwords for storage in the MySQL database. Is that still considered the way to go, or should I be using a different method for encrypting the little buggers? Thanks I'm sorry if this seems like a stupid question, but I'm having trouble with this encryption and I'm a real noob at PHP. This is for a registration form going into a mysql DB for integration with a gaming server that must use a Whirlpool Salt Hash encryption. These are the variables for my form: userPassword userName userEmail This was my original encryption script (MD5) Code: [Select] $_POST['userPassword'] = md5($_POST['userPassword']); This is the function that I am given to integrate into my website system: Code: [Select] function encryptPassword($password) { $salt = substr(hash('whirlpool', uniqid(rand(), true)), 0, 12); $hash = hash('whirlpool', $salt . $password); $saltPos = (strlen($password) >= strlen($hash) ? strlen($hash) : strlen($password)); return substr($hash, 0, $saltPos) . $salt . substr($hash, $saltPos); } I've tried inserting the variable $_POST['userPassword'] in place for $password, but it gives me errors... I'm stuck here, could someone show me how to properly integrate this? I think the problem isn't getting the password into the function but catching the returned variable Sorry for my noobishnness, -Nolam EDIT: I'm also given this for the login page to check the hash. If you could help me with this it would be greatly appreciated to. Thanks!!! Code: [Select] function checkPassword($realPass, $checkPass) { //check for old encryption (md5 or whirlpool) if (strlen($realPass) == 32 || strlen($realPass) == 128) { $hash = (strlen($realPass) == 32 ? md5($checkPass) : hash('whirlpool', $checkPass)); if ($realPass == $hash) { // change password to new encryption? return true; } else return false; } // xAuth 2 encryption $saltPos = (strlen($checkPass) >= strlen($realPass) ? strlen($realPass) : strlen($checkPass)); // extract salt $salt = substr($realPass, $saltPos, 12); $hash = hash('whirlpool', $salt . $checkPass); return substr($hash, 0, $saltPos) . $salt . substr($hash, $saltPos) == $realPass; } (Main Objective) I need this login class to encrypt the password before it sends it to the database for login verification. (Alternative Solution) Force a login with just the username and captcha no password.. This is the original working script.. <? session_start(); include "config.php"; global $c; include "data.php"; global $config; require('funciones.php'); if ($_POST['username']) { session_start(); if($_POST['code']!=$_SESSION['string']){ header("Location: login.php?error=1"); } //Comprobacion del envio del nombre de usuario y password $username=uc($_POST['username']); $password=uc($_POST['password']); if ($password==NULL) { header("Location: login.php?error=2"); }else{ $query = mysql_query("SELECT username,password FROM tb_users WHERE username = '$username'") or die(mysql_error()); if(mysql_num_rows($query) == 0) { header("Location: login.php?error=3"); } else { $data = mysql_fetch_array($query); if($data['password'] != $password) { header("Location: login.php?error=4"); }else{ $query = mysql_query("SELECT username,password FROM tb_users WHERE username = '$username'") or die(mysql_error()); $row = mysql_fetch_array($query); $nicke=$row['username']; $passe=$row['password']; //90 day cookie setcookie("usNick",$nicke,time()+7776000); setcookie("usPass",$passe,time()+7776000); $lastlogdate=time(); $lastip = getRealIP(); $querybt = "UPDATE tb_users SET lastlogdate='$lastlogdate', lastiplog='$lastip' WHERE username='$nicke'"; mysql_query($querybt) or die(mysql_error()); header("Location: members.php"); // echo "Has sido logueado correctamente ".$_SESSION['s_username']." y puedes acceder al index.php."; // echo "<script>location.href='index.php';</script>"; ?> <META HTTP-EQUIV="REFRESH" CONTENT="0;URL=members.php"> <? } } } } ?> <div class="heading">Login</div><br /> <? if($_GET['error'] == 1) { print "<b>Error</b> - Wrong Captcha Code<br /><br/>"; } if($_GET['error'] == 2) { print "<b>Error</b> - Please supply a password<br /><br/>"; } if($_GET['error'] == 3) { print "<b>Error</b> - Invalid Username<br><br>"; } if($_GET['error'] == 4) { print "<b>Error</b> - Invalid Password<br /><br />"; } ?> <form action="login.php" method="post"> <table> <tr> <td class="midtext">Username:</td> <td> <input type="text" name="username" size="25" class="form" autocomplete="off"></td> </tr> <tr> <td class="midtext">Password:</td> <td> <input type="password" name="password" size="25" class="form" autocomplete="off"></td> </tr> <tr> <td class="midtext" valign="top">Security Code:</td> <td class="midtext"> <img src="image.php" onclick="this.src='image.php?newtime=' + (new Date()).getTime();">(Click to reload)<br /> <input type="text" name="code" size="17" maxlength="17" autocomplete="off" class="form"></td> </tr> <tr> <td></td> <td align="right"> <input type="submit" value="Login" name="loginsubmit" class="form"></td> </tr> </table> </form> Let me know if you need any files... hi im testing out my site and basically when users register their passwords and encrypted for security obs however when i go to test the login with the exact same password as the one used to register the system detects it as invalid when its not, I've literally copy pasted the password so that i was sure it was the same therefore the issue is within the encryption does anyone have an idea how to overcome this I've tested changed names of variables but nothing seems to help I've even got an error reporting function but no error is detected
<?php
error_reporting(E_ALL);
include_once("conninfo2.php");
if(isset($_POST['username']) && trim($_POST['username']) != ""){
$username = strip_tags($_POST['username']);
$password = $_POST['password'];
$hmac = hash_hmac('sha512', $password, file_get_contents('textfiles/key.txt'));
$stmt1 = $db->prepare("SELECT usersid, password FROM login WHERE username=:username AND activated='1' LIMIT 1");
$stmt1->bindValue(':username',$username,PDO::PARAM_STR);
try{
$stmt1->execute();
$count = $stmt1->rowCount();
if($count > 0){
while($row = $stmt1->fetch(PDO::FETCH_ASSOC)){
$uid = $row['usersid'];
$hash = $row['password'];
}
if (crypt($hmac, $hash) === $hash) {
$db->query("UPDATE login SET lastlog=now() WHERE usersid='$uid' LIMIT 1");
$_SESSION['uid'] = $uid;
$_SESSION['username'] = $username;
$_SESSION['password'] = $hash;
setcookie("usersid", $uid, strtotime( '+30 days' ), "/", "", "", TRUE);
setcookie("username", $username, strtotime( '+30 days' ), "/", "", "", TRUE);
setcookie("password", $hash, strtotime( '+30 days' ), "/", "", "", TRUE);
echo 'Valid password<br />'.$_SESSION['uid'].'<br />'.$_SESSION['username'].'<br />'.$_SESSION['password'].'
<br />'.$_COOKIE['usersid'];
/*header("location: index.php");*/
exit();
} else {
echo 'Invalid password Press back and try again<br />';
exit();
}
}
else{
echo "A user with that email address does not exist here";
$db = null;
exit();
}
}
catch(PDOException $e){
echo $e->getMessage();
$db = null;
exit();
}
}
?>
Hello Everyone, I have built a simple registration form shown below and Iam trying to get the users to have their passwords encrypted and then entered into my database. I am attempting to use md5 encryption. I have also attached the database connection script. My goal is when I check my database, I want to see the following: ( id, name, username, encrypted password ) The issue I have is that the form does not process completely. All I get this error (Error: Unknown column 'd8578edf8458ce06fbc5bb76a58c5ca4' in 'field list' ). Could some tell me or show me " What is it that needs to be corrected either in my Code or SQL insert and /or my Variables" to make this work correctly. I know that its probably a very, very simple fix... Im just stuck at this point. I really appreciate your help. thanks, mrjap1 Code: [Select] <?php error_reporting(0); if($_POST['submit']) { //Begining of full IF Statment $name = $_POST['name']; $username = $_POST['username']; $password = $_POST['password']; $confirm_password = $_POST['confirm_password']; // Encrypt Pasword $enc_password = md5($password); //$enc_password2 = md5($confirm_password); // Confirm All feild were filled out when submit button was pressed if($name && $username && $password && $confirm_password) { // Confirm that the NAME that you used is NOT greater than 30 characters if(strlen($name)>24) { echo "<h2><center>YOUR NAME IS TOO LONG!!!!</center></h2><br>"; } // Confirm that the USERNAME that you used is NOT greater than 10 characters if(strlen($username)>10) { echo "<h2><center>YOUR USERNAME IS TOO LONG!!!!</center></h2><br>"; } else { // Confirm that the PASSWORD that you used MATCH & Between 6 and 15 characters if(strlen($password)>10 || strlen($password)<6) { echo "<h2><center>YOUR PASSWORD MUST BE BETWEEN 6 and 15 CHARACTERS!!!!</center></h2><br>"; } if($password == $confirm_password) { // Database Connection required require "db_conncect.php"; // We Now connect to the Dabase and insert the Form input details //------- ### ENTERING ALL INFORMATION INTO THE DATABASE BELOW ### --------// // 1. Create a database connection $con = mysql_connect("localhost","root",""); // <-- THIS IS WHERE YOU " CAN CHANGE " THE USERNAME IS "root", PASSWORD IS "" ONLY. if (!$con) { die('Database connection failed could not connect: ' . mysql_error()); } // 2. Select a database to use $db_select = mysql_select_db("registernow_2012",$con); // <-- THE "registernow_2012" IS THE NAME OF THE DATABASE. if (!$db_select) { die('Database selection failed could not connect: ' . mysql_error()); } mysql_select_db("registernow_2012", $con); // <-- THE "registernow_2012" IS THE NAME OF THE DATABASE TO BE CONNECTED. // <-- THE `registernow_2012` IS THE NAME OF THE DATABASE TO BE CONNECTED.... `visitors` IS THE TABLE WITH ALL THE FIELDS WITHI IN THE DATABASE. $sql="INSERT INTO `registernow_2012`.`users` ( `id` , `name` , `username` , `$enc_password` , `confirm_password` ) VALUES ( NULL , '$_POST[name]', '$_POST[username]', '[$enc_password]', '$_POST[confirm_password]' )"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } // 3. Close Connection mysql_close($con); header("Location: index.php"); // <-- THIS IS WHERE YOU CAN CHANGE THE "Location: Thank you / Index page" of the THANK YOU PAGE. } else { echo "<h2><center>PASSWORDS MUST MATCH!!!!!</center></h2><br>"; } } //echo "<h2><center>WORKING!!!!</center></h2>"; } else echo "<h2><center>ALL FEILDS MUST BE COMPLETED</center></h2>"; } //Ending of full IF Statment ?> <!DOCTYPE html> <html lang='en'> <head> <title>THE FORM MY WAY NOW</title> </head> <div id='centerstage'> <form name="myform" action="workingitoutproperly.php" method="POST"> <p> <label>Name</label><br> <input type='text' name='name' value=''><br> <label>UserName</label><br> <input type='text' name='username' value=''><br> <label>Password</label><br> <input type='password' name='password' value=''><br> <label>Re-Enter Password</label><br> <input type='password' name='confirm_password' value=''><br> <br> <input type='submit' name='submit' value='REGISTER NOW!!'> </p> </form> </div> </html> I don't know if my password encrytion has been done correctly / is actually secure. I don't have anything valuable at the moment that people would care to hack, but in the future I want to be absolutely certain I am doing it right.
This is my process, I am storing it as Varchar(255), did a cost test and 9 was my result
$hash = password_hash($passsword, PASSWORD_BCRYPT, array("cost"=>9));
I was told I don't need a salt since it is included in the password_hash function
Also I noticed most of the hashes if not all start like this, why is that?
$2y$09$Thanks for any help Edited by moose-en-a-gant, 08 January 2015 - 01:51 PM.
Customer data is encrypted using OpenSSL, and then stored in mySQL varbinary column on a server.
Question: What if I encrypted that key? Then I would be the only one able to read the encrypted customer data on my server, even if that server got hacked. Obviously that would not work, because the server needs the untampered secret key in order to encrypt the data for mySQL. Although this seems insurmountable, it feels more like a logic problem....where if you think about it long enough, the answer will come. Any thoughts on this? Thank you.
Hello PhP Freaks forum In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing. Here is the code below. <?php if(isset($_SESSION['username'])) { $username = $_SESSION['username']; $lastname = $_SESSION['lastname']; $firstname = $_SESSION['firstname']; $email = $_SESSION['email']; echo " <h4>Options for:</h4> $username <br /> <br /> First name: $firstname <br />Last name: $lastname <br /><br /><h3>Want to change your password:</h3><br /> <form action='?do=option' method='post'> Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br /> <br /> New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br /> <br /> Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br /> <center></div><input type='submit' value='Submit'/></center></form>"; }else{ echo 'Please login to view your options!'; } $password = $_REQUEST['password']; $pass_conf = $_REQUEST['newpass']; $email = $_REQUEST['passconf']; $connect = mysql_connect("Host", "User", "Password"); if(!$connect){ die(mysql_error()); } //Selecting database $select_db = mysql_select_db("My Database", $connect); if(!$select_db){ die(mysql_error()); } //Find if entered data is correct $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); $row = mysql_fetch_array($result); $id = $row['id']; mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'") ?> And i do know that i dont have a if(Empty($newpass)){ Die(Please fill out the new password) } Or any security on the others, but the problem just seems that it resets the password into nothing Hope i can get this fixed Best Regards William Pfaffe Hi, I'm trying to add encryption to a signup for a college assignment, but find that after adding the sha1 and salt encryption the code does not work. The code worked before adding the encryption. Since adding the encryption I've also adding the corresponding fields for username and password into the sql database and double checked, and triple checked all the php, html form and MySQL tables and fields, but don't see any thing wrong. Can anybody else see any immediate problems with the code snippet below? If so, can you please let me know? session_start(); $salt = 'The sky is blue and all the trees are green'; $data = array_map('mysql_escape_string', $_POST); $password = sha1($data['password'].$salt); $query = " INSERT INTO customers ( first_name, last_name, address, mobile, email, username, password ) VALUES ( '{$data['first_name']}', '{$data['last_name']}', '{$data['address']}', '{$data['mobile']}', '{$data['email']}' '{$data['username']}', '$password' ) "; if(mysql_query($query)) { echo 'Your login details have been saved.'; } else { echo 'Your login details have not been saved.<br>'; echo 'Please try again later.'; } Thanks. Hi I have the code below when users firget their password, they fill forrgot password form and an email will be sent to them which directs them to a page where (code below) they can reset their password. When i fill the form I get the msg it says password has been changed however it wont change it in database. I have checked the code, current entries in database etc but still it wont change the password. Can u please what im doing wrong? <?php include 'global.php'; $account_reference = $_GET['code']; echo "$account_reference"; if (isset($_POST['resetpassword']) && $_POST['resetpassword']) { $email = addslashes(strip_tags($_POST['email'])); $username = addslashes(strip_tags($_POST['username'])); $password = addslashes(strip_tags($_POST['password'])); $newpasswordnomd = addslashes(strip_tags($_POST['newpassword'])); $repasswordnomd = addslashes(strip_tags($_POST['repassword'])); $code = addslashes(strip_tags($_POST['code'])); $getdata=mysql_query("SELECT * FROM users WHERE username='$username' AND email='$email' AND code='$code'"); while($row = mysql_fetch_array($getdata)) { $got_username=$row['username']; $got_email=$row['email']; $got_ref=$row['code']; $got_pass=$row['password']; } $newpassword = md5($newpasswordnomd); $repassword = md5($repasswordnomd); if($password==$got_pass) { if ($email==$got_email) { if ($username==$got_username) { if($newpassword==$repassword) { $resetpass=mysql_query("UPDATE users SET password='$repassword' WHERE email=='$email' AND username=='$username'"); echo "Your Password has been reset"; } else {echo "Your New Password and Repeat Password do not match";} } else {echo "Your Username does not match our records";} } else {echo "Your Email does not match our records";} } } ?> <form action='' method='POST' enctype='multipart/form-data'> <input type="hidden" name='code' value="<?php echo "$account_reference";?>"><p /> Email: <br/> <input type="email" name='email'><p /> Username: <br/> <input type='text' name='username'><p /> Password: <br/> <input type='text' name='password'><p /> New Password: <br/> <input type='text' name='newpassword'><p /> Repeat New Password: <br/> <input type='text' name='repassword'><p /> <input type='submit' name='resetpassword' value='Update'> Hello I have this script that I have been getting support on on other forums and I would really love some help. What this script does is reset your password to a randomly generated one, but for security it asks you a secret question that you have to answer correctly, for it to generate a random password, update that password into the database table and then email you it. Everything works, like the security question part, finding the email works, and sending the email works. But the only part that doesnt work is the updating the table with the randomly generated password. Here is the code. <?php function checkUNEmail($uname,$email) { global $mySQL; $userID = 'X'; $error = array('status'=>false,'userID'=>0); if (isset($email) && trim($email) != '') { //email was entered if ($SQL = $mySQL->prepare("SELECT `ID` FROM `users` WHERE `Email` = ? LIMIT 1")) { $SQL->bind_param('s',trim($email)); $SQL->execute(); $SQL->store_result(); $numRows = $SQL->num_rows(); $SQL->bind_result($userID); $SQL->fetch(); $SQL->close(); if ($numRows >= 1) return array('status'=>true,'userID'=>$userID); } else { return $error; } } elseif (isset($uname) && trim($uname) != '') { //username was entered if ($SQL = $mySQL->prepare("SELECT `ID` FROM users WHERE Username = ? LIMIT 1")) { $SQL->bind_param('s',trim($uname)); $SQL->execute(); $SQL->store_result(); $numRows = $SQL->num_rows(); $SQL->bind_result($userID); $SQL->fetch(); $SQL->close(); if ($numRows >= 1) return array('status'=>true,'userID'=>$userID); } else { return $error; } } else { //nothing was entered; return $error; } } function getSecurityQuestion($userID) { global $mySQL; $questions = array(); $questions[0] = "What is your mother's maiden name?"; $questions[1] = "What city were you born in?"; $questions[2] = "What is your favorite color?"; $questions[3] = "What year did you graduate from High School?"; $questions[4] = "What was the name of your first boyfriend/girlfriend?"; $questions[5] = "What is your favorite model of car?"; if ($SQL = $mySQL->prepare("SELECT `secQ` FROM `users` WHERE `ID` = ? LIMIT 1")) { $SQL->bind_param('i',$userID); $SQL->execute(); $SQL->store_result(); $SQL->bind_result($secQ); $SQL->fetch(); $SQL->close(); return $questions[$secQ]; } else { return false; } } function checkSecAnswer($userID,$answer) { global $mySQL; if ($SQL = $mySQL->prepare("SELECT `Username` FROM `users` WHERE `ID` = ? AND LOWER(`secA`) = ? LIMIT 1")) { $answer = strtolower($answer); $SQL->bind_param('is',$userID,$answer); $SQL->execute(); $SQL->store_result(); $numRows = $SQL->num_rows(); $SQL->close(); if ($numRows >= 1) { return true; } } else { return false; } } function sendPasswordEmail($userID) { global $mySQL; changePassword($userID); if ($SQL = $mySQL->prepare("SELECT `Username`,`Email`,`Password` FROM `users` WHERE `ID` = ? LIMIT 1")) { $SQL->bind_param('i',$userID); $SQL->execute(); $SQL->store_result(); $SQL->bind_result($uname,$email,$password); $SQL->fetch(); $SQL->close(); $message = "Dear $uname,\r\n"; $message .= "Here is your requested lost password for your account at our site:\r\n"; $message .= "-----------------------\r\n"; $message .= "$password\r\n"; $message .= "-----------------------\r\n"; $message .= "Our login page: <a href=\"login.php\">http://www.oursite.com/login.php</a>\r\n\r\n"; $message .= "Thanks,\r\n"; $message .= "-- Our site team"; $headers .= "From: Our Site <webmaster@oursite.com> \n"; $headers .= "To-Sender: \n"; $headers .= "X-Mailer: PHP\n"; // mailer $headers .= "Reply-To: webmaster@oursite.com\n"; // Reply address $headers .= "Return-Path: webmaster@oursite.com\n"; //Return Path for errors $headers .= "Content-Type: text/html; charset=iso-8859-1"; //Enc-type $subject = "Your Lost Password"; @mail($email,$subject,$message,$headers); return str_replace("\r\n","<br/ >",$message); } } function genRandomString() { $length = 10; $characters = '0123456789abcdefghijklmnopqrstuvwxyz'; $string = ''; for ($p = 0; $p < $length; $p++) { $string .= $characters[mt_rand(0, strlen($characters))]; } return $string; } function changePassword($userID){ global $mySQL; $password = genRandomString(); $SQL = $mySQL->prepare('UPDATE `users` SET `Password`="'.$password.'" WHERE `ID`="?" LIMIT 1'); $SQL->bind_param('s',$password); $SQL->bind_param('i',$userID); $SQL->execute(); return $password; } ?> The last 2 functions in the code are where the passwords are supposed to get changed and updated in the table, but it doesn't work... Can anyone help me out please Hi guys I have this code, where it gets clicked from an email and then compares the tmp password etc and updates the new password in md5 format. I have been trying to find the issue why it doesnt update the password but i couldn't can u help me to find out why? Please note all the db field names are correct in the code below. thanks in advance <?php include ("include/global.php"); include ("include/function.php"); $code = $_GET['code']; if (!$code){ Header("Location: forgotpassword.php"); } else { if (isset($_POST['reset']) && $_POST['reset']) { $myemail=$row['email']; $mycurrentpass=$row['currentpass']; $mynewpass=$row['newpassword']; $myrepass=$row['repassword']; // $getcurrentinfo=mysql_query("SELECT email,password FROM users WHERE email='$myemail'"); while($row = mysql_fetch_array($getcurrentinfo)) { $currentemail=$row['email']; $currentpass=$row['password']; } // $newpassword = md5($mynewpass); $repeatpassword = md5($myrepass); if($myemail==$currentemail&& $currentpass==$mycurrentpass) { if($newpassword==$repeatpassword) { $updatepass=mysql_query("UPDATE users SET password='$newpassword' WHERE email='$myemail'"); } else {echo "Information provided are not correct, please try again with correct information";} } else {echo "Information provided are not correct, please try again with correct information";} } } ?> <html> <head> <script type="text/javascript" src="/js/jquery.js"></script> <script type="text/javascript" src="/js/jquery.validate.js"></script> <script type="text/javascript" src="/js/jquery.pstrength-min.1.2.js"></script> <script type="text/javascript"> $(function() { $('.password').pstrength(); }); $(document).ready(function(){ $("#form").validate({ rules: { email: { required: true, email: true } } }); }); </script> </head> <body> <fieldset> <form action='' method='POST' id='form'> <p>Enter Your Email: </p> <p> <input type='text' name='email' class="required"></td> <p>Enter Your Temporary Password: </p> <p> <input type='text' name='currentpass' class="required"></td> <p>Enter Your New Password: </p> <p> <input type='text' name='newpassword' class="password"></td> <p>Repeat Your New Password: </p> <p> <input type='text' name='repassword' class="required"></td> </table> </p> <p> <input type='submit' name='reset' value='Submit' id='form'> </form> </fieldset> </body> </html> <?php
require_once('upper.php'); require_once('database.php'); echo $error_msg=''; if(isset($_POST['submit'])) { $LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId'])); $Password1=mysqli_real_escape_string($dbc,trim($_POST['Password1'])); $Password2=mysqli_real_escape_string($dbc,trim($_POST['Password2'])); $Name=mysqli_real_escape_string($dbc,trim($_POST['Name'])); $Age=mysqli_real_escape_string($dbc,trim($_POST['Age'])); $BloodGroup=mysqli_real_escape_string($dbc,trim($_POST['BloodGroup'])); if(!isset($_POST['Sex'])) { echo 'Please enter Sex<br>'; } else{ $Sex= mysqli_real_escape_string($dbc,trim($_POST['Sex'])); } $Qualification=mysqli_real_escape_string($dbc,trim($_POST['Qualification'])); $ContactNumber=mysqli_real_escape_string($dbc,trim($_POST['ContactNumber'])); $Email=mysqli_real_escape_string($dbc,trim($_POST['Email'])); $Address=mysqli_real_escape_string($dbc,trim($_POST['Address'])); $AboutYourself=mysqli_real_escape_string($dbc,trim($_POST['AboutYourself'])); //$countCheck=count($_POST['checkbox']); //echo $countCheck; //$checkbox=$_POST['checkbox']; //$countCheck=count($checkbox); if(empty($LoginId)){echo 'Please enter Login Id';} elseif(empty($Password1)){echo 'Please enter Password';} elseif(empty($Password2)){echo 'Please confirm Password';} elseif($Password1!==$Password2){echo 'Password didn\'t match';} elseif(empty($Name)){echo 'Please enter Name';} elseif(empty($Age)){echo 'Please enter Age';} elseif(!isset($_POST['Sex'])){} elseif(empty($Qualification)){echo 'Please enter Qualification';} elseif(empty($ContactNumber)){echo 'Please enter Contact Number';} elseif(empty($Email)){echo 'Please enter Email';} elseif(empty($Address)){echo 'Please enter Address';} elseif(empty($AboutYourself)){echo 'Please enter About Yourself';} elseif(!isset($_POST['checkbox'])){ echo 'You have to register at least one activity.';} elseif(!isset($_POST['TermsAndConditions'])){ echo 'You have to agree all Terms and Conditions of Elite Brigade.';} else { require_once('database.php'); $query="select * from registration where LoginId='$LoginId'"; $result=mysqli_query($dbc,$query); if(mysqli_num_rows($result)==0) { $checkbox=$_POST['checkbox']; $countCheck=count($_POST['checkbox']); $reg_id=' '; for($i=0;$i<$countCheck;$i++) { $reg_id=$reg_id.$checkbox[$i].','; $query="insert into activity_participation (LoginId,Title,Date) values ('$LoginId','$checkbox[$i]',CURDATE())"; $result=mysqli_query($dbc,$query) or die("Not Connected"); } $query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,ContactNumber,Email,Address,AboutYourself,Activity)values ('$LoginId'[B],SHA('$Password1'),[/B]'$Name','$Age','$BloodGroup','$Sex','$Qualification','$ContactNumber','$Email','$Address','$AboutYourself',',$reg_id')"; $result=mysqli_query($dbc,$query) or die("Not Connect"); echo ' Dear '.$Name.'.<br>Your request has been mailed to admin.<br>Your account is waiting for approval<br>'; $from= 'Elite Brigade'; $to='ankitp@rsquareonline.com'; $subject='New User Registration'; $message="Dear admin,\n\nA new user request for registration. Please check it out.\n\nRegards\nMicro"; mail($to,$subject,$message,'From:'.$from); //header('Location: index.php'); // header('Location: Registration.php'); } else { echo 'Dear '.$Name. ', <br> An account already exist with login-id<b> '.$LoginId.'</b> <br>Please try another login-id'; }} } ?> <html> <head> <script src="jquery-latest.js"></script> <script type="text/javascript" src="jquery-validate.js"></script> <style type="text/css"> * { font-family: Verdana; } label.error { color: white; padding-left: .5em; } p { clear: both; } .submit { margin-left: 12em; } em { font-weight: bold; padding-right: 1em; vertical-align: top; } </style> <script> $(document).ready(function(){ $("#commentForm").validate(); }); </script> </head> <body> <?php echo $error_msg; ?> <form action='<?php echo $_SERVER['PHP_SELF'];?>' id="commentForm" method='post'> <div class="registration_and_activity"> <table border="0" width="380"> <tr><td colspan="2"> <h3>New User?</h3></td></tr> <tr><td width="120"> <em>*</em>Enter Login id</td><td width="150"><input type='text' name='LoginId' minlength="4" value='<?php if(!empty($LoginId))echo $LoginId;?>' /></td></tr> <tr><td> <em>*</em>Enter Password</td> <td><head> <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div> <SCRIPT language=Javascript> function capLock(e){ kc = e.keyCode?e.keyCode:e.which; sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false); if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk)) document.getElementById('divMayus').style.visibility = 'visible'; else document.getElementById('divMayus').style.visibility = 'hidden'; } </SCRIPT> </HEAD> <input onkeypress='return capLock(event)' type='password' name='Password1' value='<?php if(!empty($Password1))echo $Password1;?>' /></td></tr> <tr><td> <em>*</em>Confirm Password</td><td><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>' /></td></tr> <tr><td width="120"> <em>*</em>Enter Name</td> <td><input type='text' name='Name' value='<?php if(!empty($Name))echo $Name;?>' /></td></tr> <tr><td> <em>*</em>Enter Age</td><HEAD> <SCRIPT language=Javascript> function isNumberKey(evt) { var charCode = (evt.which) ? evt.which : event.keyCode if (charCode > 31 && (charCode < 48 || charCode > 57)) return false; return true; } </SCRIPT> </HEAD> <td><INPUT onkeypress='return isNumberKey(event)' type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'/></td></tr> <tr><td> <em>*</em>Enter Blood</td><td><input type='text' name='BloodGroup' value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>' /></td></tr> <tr><td> <em>*</em>Enter Sex</td><td><input type='radio' name='Sex' style='width:16px; border:0;' 'value='Male' />Male <input type='radio' name='Sex' style='width:16px; border:0;' 'value='Female' />Female</td></tr> <tr><td> <em>*</em>Enter Qualification</td><td><input type='text' name='Qualification' value='<?php if(!empty($Qualification))echo $Qualification;?>' /></td></tr> <tr><td> <em>*</em>Contact Number </td><td><input onkeypress='return isNumberKey(event)'type='text' name='ContactNumber' value='<?php if(!empty($ContactNumber))echo $ContactNumber;?>' /></td></tr> <tr><td> <em>*</em>Enter Email</td><td><input type='text' name='Email'class="email" value='<?php if(!empty($Email))echo $Email;?>' /></td></tr> <tr><td> <em>*</em>Enter Address</td><td><input type='text' name='Address' value='<?php if(!empty($Address))echo $Address;?>' /></td></tr> <tr ><td > <em>*</em>About Yourself </td></tr> <tr><td colspan="2"><textarea rows='10' cols='40' name='AboutYourself' /><?php if(!empty($Address))echo $Address;?></textarea></td></tr> <tr><td> <?php echo" <tr><td colspan='2'><em>*</em><b>Select fields for which you want to register</b></td></tr>"; require_once('database.php'); $query="select * from activity"; $result=mysqli_query($dbc,$query); while($row=mysqli_fetch_array($result)){ $Title=$row['Title']; $ActivityId=$row['ActivityId']; echo "<tr><td>$Title</td>"; echo "<td><input type='checkbox' name='checkbox[]' value='$Title' style='width:14px; text-align:right;'/></td></tr>";//value=$ActivityId tells ActivityId variable extracts with name="checkbox" echo "<br/>"; } echo "<td><em>*</em><input type='checkbox' name='TermsAndConditions' style='width:14px; text-align:right;'/></td><td> I agree all <a href='TermsAndConditions.php'>Terms and conditions </a>of Elite Brigade</td></tr>"; echo "<tr><td colspan='2' align='center'><input type='submit' value='Register' name='submit' style='background:url(./images/button_img2.png) no-repeat 10px 0px; width:100px; padding:3px 0 10px 0; color:#FEFBC4; border:0;'/></td></tr><br>"; echo " </td></tr></table> </div> </form> </body> </html>"; require_once('lower.php'); ?> Hi Friends .... I encrypt user password by SHA('$Password') method but now i want to add "Forget Password Module" for which I need to decrypt it first before tell my user but I don't Know how to decrypt it. Please help me........ This topic has been moved to Application Design. http://www.phpfreaks.com/forums/index.php?topic=353345.0 Hi Guys
I am fairly new to php, I am trying to build a registration form but I am struggling with encrypting the password (I will also be salting the password at a later stage to make it more secure).
The below line of code encrypts the password but saves the values as the values states in the code e.g password saves as 'pass'
$q = "INSERT INTO users (first_name,last_name,email,pass,registration_date) VALUES ('first_name','last_name','email', SHA1('pass'), NOW())";
The below code saves all the values that the user inputs xcept the password which is blank and the message 'Undefined index: SHA1('pass')' is returned
$q = "INSERT INTO users (first_name,last_name,email,pass,registration_date) VALUES ('".$_POST["first_name"]."','".$_POST["last_name"]."','".$_POST["email"]."','".$_POST["SHA1('pass')"]."', NOW())";
I am hoping someone may be able to help me as I have no idea how to fix this. Thank you in advance
I seen the sticky but that didn't have my answer and no place I go is really answering my core question. This just doesn't make sense in my brain, how is using md5 safe. What if someone got say an encrypted pass. The code md5 uses is available to anyone, no? So if they got a hold of it how is it not as easily cracked as it is encrypted. Someone please explain this to me lol, it's like a thorn in my brain. Hi guys, i'm new to this forum, and a junior php guy.
i need to encrypt a google address like this:
https://redirector.g...=web&cver=html5
i use picasa for my client to store car video etc to show and i want embed in iframe with a jwplayer that i'm customizing.
i see some sample that transform a address like this https://redirector.g...=web&cver=html5 in something like this --> http:\/\/r20---googlevideo.com\/picasa\/redirect.php?encrypt=0f10fd0fd0f90c30b80b80fb0ee0ed0f20fb0ee0ec0fd0f80fb0b70f00f80f80f00f50ee0ff0f20ed0ee0f80b70ec0f80f60b80ff0f20ed0ee0f80f90f50ea1020eb0ea0ec0f40c80f20ed0c60bc0bc0bc0be0c00bb0c00c00c10ed0bf0ed0ee0b90bb0bb0af0f20fd0ea0f00c60bb0bb0af0fc0f80fe0fb0ec0ee0c60f90f20ec0ea0fc0ea0af0ec0f60f80c60fc0ee0f70fc0f20fd0f20ff0ee0e80ec0f80f70fd0ee0f70fd0ae0bc0cd1020ee0fc0af0f20f90c60b90b70b90b70b90b70b90af0f20...etc etc...
i see that there is a redirect.php?encrypt=....... how i can do that?
Thanks in advance 'cause frankly speaking i don't know also what i must search on google.
Hi Guys,
First off, not sure if this is the correct area to post. My question is a little bit mixed, including SQL and PHP.
I'm building a basic private messaging system, and planned to use PHP, SQL for the storage, and a little bit of JS on the client. I'm a little confused when it comes to encryption though. My understanding with user password encryption is that the password is stored in the database as a hash, and then a user sent password is compared to the original hash for verification. I've implemented this successfully using password_verify() and password_hash() functions, and I'm pretty sure it's working fine.
However, my big question is in regards to the storage of message data. As far as I can tell, this system won't work, it's really only suitable for password verification because the hash can't really be reverted to the original data, it can only be compared? How should I go about encrypting message data? Is it possible? If I open up a SQL database containing private message data on a server, I don't want to be able to read the contents.
Any help would be greatly appreciated!
Dear All respective friend, I'm asking for help. during I know how to code in php. I alway use md5() but I had some problem with abit. can anyone introduce me with persona code encryption without using md5()? Your ideal are very important to me especially small example code. Looking forward from you soon. Kindly Regards, Steve. |
|||||||