|
PHP - Validating/signing In With Password Singed Up With After Sha1 Hash/salt
Hi, I am limbo with this one. What I have makes sense to me, but I know I'm missing something or doing something wrong
I have been able to hash passwords with salt by new people registering to my site by doing this: if(!$error) { $alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcedfghijklmnopqrstuvwxyz1234567890"; $rand = str_shuffle($alpha); $salt = substr($rand,0,40); $hashed_password = sha1($salt . $_POST['password']); $query = "INSERT INTO `cysticUsers` ( `FirstName`, `LastName`, `Email`, `Password`, `salt`, `RelationshipToCF`, `State`, `Gender`, `Birthday`, `Status` )VALUES( '" . mysql_real_escape_string($_POST['firstName']) . "', '" . mysql_real_escape_string($_POST['lastName']) . "', '" . mysql_real_escape_string($_POST['email']) . "', '" . $hashed_password . "', '" . $salt . "', '" . mysql_real_escape_string($_POST['RelationToCF']) . "', '" . mysql_real_escape_string($_POST['State']) . "', '" . mysql_real_escape_string($_POST['sex']) . "', '" . mysql_real_escape_string($_POST['DateOfBirth_Year'] . "-" . $_POST['DateOfBirth_Month'] . "-" . $_POST['DateOfBirth_Day']) . "', 'pending' )"; mysql_query($query, $connection); I have been able to to update EXISTING users passwords by doing this: $query = "SELECT * FROM `cysticUsers`"; $request = mysql_query($query,$connection); while($result = mysql_fetch_array($request)) { $alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcedfghijklmnopqrstuvwxyz1234567890"; $rand = str_shuffle($alpha); $salt = substr($rand,0,40); $hashed_password = sha1($salt . $result['Password']); $user = $result['id']; $query2 = "UPDATE `cysticUsers` SET `salt` = '$salt' WHERE `id` = '$user'"; $request2 = mysql_query($query2,$connection) or die(mysql_error()); $query3 = "UPDATE `cysticUsers` SET `encrypted_passwords` = '$hashed_password' WHERE `id` = '$user'"; $request3 = mysql_query($query3,$connection) or die(mysql_error()); } Now, I want to be able to SIGN BACK IN with the existing password and I am failing miserably by doing this: $query = "SELECT `salt`,`id`,`email`,`password` FROM `cysticUsers` WHERE `Email` = '" . $email . "' AND `Password` = '" . $password . "' && `Status` = 'active' LIMIT 1"; $request = mysql_query($query,$connection) or die(mysql_error()); $email = mysql_real_escape_string($_POST['email']); $password = mysql_real_escape_string($_POST['password']); if(@mysql_num_rows($request)) { $row = mysql_fetch_assoc($request); if (sha1($row['salt'] . $_POST['password']) === $row['Password']) { $_SESSION['CLIFE']['AUTH'] = true; $_SESSION['CLIFE']['ID'] = $result['id']; // UPDATE LAST ACTIVITY FOR USER $query = "UPDATE `cysticUsers` SET `LastActivity` = '" . date("Y-m-d") . " " . date("g:i:s") . "' WHERE `id` = '" . mysql_real_escape_string($_SESSION['CLIFE']['ID']) . "' LIMIT 1"; mysql_query($query,$connection); if(!empty($_POST['return'])) { header("Location: " . $_POST['return']); }else{ header("Location: CysticLife-Dashboard.php?id=" . $_SESSION['CLIFE']['ID']); } } }else{ $_SESSION['CLIFE']['AUTH'] = false; $_SESSION['CLIFE']['ID'] = false; } } I've been scouring resources and am stuck on this. I have a deadline to meet that I am behind on. Needless to say I'm pulling my hair out and some help with this would be GREATLY appreciated. Thank you in advance! Similar TutorialsHi guys I have a script which i've been playing around with thanks to Spiderwell: http://www.phpfreaks.com/forums/index.php?action=profile;u=35078 I have sort of merged it with another 'member managment' script which is working great. Now i can't seem to correctly create a login page to pass the hashed password using (sha1). Now all i want to do is verify the username and the (hashed) password according to the database and allow the user in. The script i am using to check login works fine without a hashed password in the database. But ideally i'd like to use a hashed form of password. Can somebody show me what change i need to make in this script below in order to pass a sha1 hashed password? I'm guessing it's a really small change from the examples i've seen online, but i just cant seem to get mine to work. :| Your help would be much appreciated. Login Page PHP: Code: [Select] <form name="login" method="post" action="check_login.php3"> <p><strong>Secured Area User Log-in</strong></p> <p>Username: <input name="bioname" type="text" id="bioname"></p> <p>Password: <input name="biopass" type="password" id="biopass"></p> <p> </p> <p><input type="submit" name="Submit" value="Login"></p> </form> Check Login Processor (which is the file i that needs the sha1 added somewhere i think) Code: [Select] <?php require_once('config.php3'); // Connect to the server and select the database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db")or die("Unable to select database"); // $loginusername = false; $loginpassword = false; $err = false; // default error message is empty // The username and password sent from login.php //the isset() basically means if its there get it, otherwise dont bother if (isset($_POST['bioname'])) $loginusername=$_POST['bioname']; if (isset($_POST['biopass']))$loginpassword=$_POST['biopass']; // if either isnt filled in, tell the user, a very basic bit of validation if (!$loginusername || !$loginpassword) $err = "please complete the form"; if (!$err) //if no error continue { //The following bit of coding protects from MySQL injection attacks $loginusername = stripslashes($loginusername); $loginpassword = stripslashes($loginpassword); $loginusername = mysql_real_escape_string($loginusername); $loginpassword = mysql_real_escape_string($loginpassword); //you could add other things like check for text only blah blah $sql="SELECT * FROM $tbl WHERE bioname='$loginusername' and biopass='$loginpassword'"; $result=mysql_query($sql); // Count how many results were pulled from the table $count=mysql_num_rows($result); // If the result equals 1, continue if($count==1) { session_start(); $_SESSION['user'] = $loginusername; // store session data //please see I have used a session variable that is generic not specific, otherwise you will have to make this page different for every user //that would be a pain in the ass, you don't need to have user1 or user2, its the value stored that relevant, not what the variable name is header("Location: {$loginusername}/index.php3"); } else { $err = "Wrong Username or Password"; } }// end login if statement if ($err) // show error message if there is one { echo $err; echo "<br>Please go back in your browser and try again"; } ?> The secure page: Code: [Select] <?php session_start(); $mypath = $_SERVER["REQUEST_URI"]; //echo $mypath; // for debugging //now we have the path lets see if the username is in that path, i.e. test2 is inside /something/test2/index.php //use the built in strpos() function, which returns position of the last occurance of the string you are looking for inside another string. //http://php.net/manual/en/function.strrpos.php if(strpos($mypath,"/".$_SESSION['user']."/"))//on testing it failed initially as username test is found in path /test2/ so i added the slashes to stop that. so /test/ doesnt get found in /test2/ { echo "congratulations you are the right person in the right place"; } else { session_destroy(); //kill the session, naughty person trying to come here header("Location: ../login.php3"); die();// stop page executing any further } ?> <html> <body> </body> </html> Thanks and i look forward to your replies. Hi, I'm trying to add encryption to a signup for a college assignment, but find that after adding the sha1 and salt encryption the code does not work. The code worked before adding the encryption. Since adding the encryption I've also adding the corresponding fields for username and password into the sql database and double checked, and triple checked all the php, html form and MySQL tables and fields, but don't see any thing wrong. Can anybody else see any immediate problems with the code snippet below? If so, can you please let me know? session_start(); $salt = 'The sky is blue and all the trees are green'; $data = array_map('mysql_escape_string', $_POST); $password = sha1($data['password'].$salt); $query = " INSERT INTO customers ( first_name, last_name, address, mobile, email, username, password ) VALUES ( '{$data['first_name']}', '{$data['last_name']}', '{$data['address']}', '{$data['mobile']}', '{$data['email']}' '{$data['username']}', '$password' ) "; if(mysql_query($query)) { echo 'Your login details have been saved.'; } else { echo 'Your login details have not been saved.<br>'; echo 'Please try again later.'; } Thanks. When a User changes his/her Email Address, should I generate a new Salt and Hash? (I am re-using the code I used for a Password Reset, and during that I generated a new Salt and Hash for security. I guess it can't hurt...) Thanks, Debbie Hi Guys, I wonder If I can call on this forums help once again. I am trying to add salt to my md5 password hash. However I think I am getting the syntax slightly wrong as it is not working properly. It works in the fact that when someone logs in and they have a 1 next to the member type it will direct them to the teachers page . However if no values are entered into the log in form and someone clicks log in it will still direct them to the students page when I thought it would direct them to log in failed. The code for the log in form is: Code: [Select] //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); $salt = "salt"; $EncryptedPassword=md5($password, $salt); //Create query $qry="SELECT * FROM users WHERE username='$login' AND password='$EncryptedPassword'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['id']; $_SESSION['SESS_FIRST_NAME'] = $member['FirstName']; $_SESSION['SESS_LAST_NAME'] = $member['LastName']; $_SESSION['SESS_LAST_NAME'] = $member['Member_Type']; session_write_close(); } //if the member has an id equal to 0 send them to the member page if($member['Member_Type'] == 0){ header("Location: Student-Page.php"); //if the member has an id equal to 1 send them to the admin page } elseif($member['Member_Type'] == 1){ header("Location: Teachers-Page.php"); } // regardless of the outcome, we need to exit, so it can be done once after both checks exit(); } else { //Login failed header("location: login-failed.php"); exit(); } In case you need it the code for the registration form where the password is originally salted upon creation is: Code: [Select] <?php //Start session session_start(); //Include database connection details require_once('config.php'); //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER ,DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $username = clean($_POST['username']); $FirstName = clean($_POST['FirstName']); $LastName = clean($_POST['LastName']); $Member_Type = clean($_POST['Member_Type']); $password = clean($_POST['password']); $Cpassword = clean($_POST['Cpassword']); $salt = "salt"; $EncryptedPassword = md5($password,$salt); //Check for duplicate login ID if($username != '') { $qry = "SELECT * FROM users WHERE username='$username'"; $result = mysql_query($qry); if($result) { if(mysql_num_rows($result) > 0) { } @mysql_free_result($result); } else { //die("query failed"); } } //Create INSERT query $qry = "INSERT INTO users(username, password, FirstName, LastName, Member_Type) VALUES('$username','$EncryptedPassword','$FirstName','$LastName','$Member_Type')"; $result = @mysql_query($qry); //Check whether the query was successful or not if($result) { header("location: register-success.php"); exit(); }else { die("Query Failed"); } ?> If someone could take a look and point me in the right direction. Also if there are any other mistakes let me know I would be very grateful. Thanks in advance. Edd I am reworking some code from a password authentication I did a long long time ago. The original code is using SHA1() function to encrypt the passwords for storage in the MySQL database. Is that still considered the way to go, or should I be using a different method for encrypting the little buggers? Thanks I'm still trying to figure out why I should use salt. If the bad guy knows a name and tries something like brute force shoving passwords into the log-in form until one worked how would salt help stop that? If a bad guy, God forbid, gets hold of the user names and passwords like they did phpbb(?) forums several years ago how would salt stop that? I know I may be beating this issue to death but if I have salt in the users table assigned to a user and his password now equals $stored_password = sha1($salt.$password) does this really doesn't matter? Because if the bad guy knows the user name and uses brute force or has a list of passwords from the users table that he has gotten some way. All he has to do is type in the user name and password and salt will be added automatically.
<?php
function cryptPass($input, $rounds = 9){
$salt = "";
$saltChars = array_merge(range('A','Z'), range('a','z'), range(0,9));
for($i = 0; $i < 22; $i++){
$salt .= $saltChars[array_rand($saltChars)];
}
return crypt($input, sprintf('$2y$%02d$', $rounds) . $salt);
}
echo $inputPass = "password2";
echo $pass = "password";
$hashedPass = cryptPass($pass);
echo $hashedPass;
if(crypt($inputPass, $hashedPass) == $hashedPass){
echo "<br /><h1>Password is a match = log user in</h1>";
}else{
echo "<br />Password does not match = do not log in";
}
?>
My PHP version 5.2
When I run above code I am getting the password match answer. I should have get error message.
Can anyone advise me .
Thank you.
Hi,
Recently I've been trying writing a safe password hash and I wanted to know that if I use an MD5 hash at the end, just so it will be like some short of "packed",so instead of saving a 128 string, I'll use md5 to "pack" it into 32 characters and save up to 96 characters.
I know MD5 isn't safe and all, but the question is, does it lower the security ?
Also, would be happy for feedbacks about my password hash
function hash_($input,$key) {
$op=hash("whirlpool",hash("sha512",$key) . "$" . $input . "$" . hash("sha512",$key));Hi,
I am trying to get this script to execute as an administrator of an online system. If a user has forgotten their password, I enter their username and enter a new password which they can update later. I am not sure why this is not updating the password for the username entered?
<?php
// Initialize the session
session_start();
// Check if the user is logged in, if not then redirect to login page
if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){
header("location: login.php");
exit;
}
// Include config file
require_once "config.php";
// Define variables and initialize with empty values
$new_password = $confirm_password = "";
$new_password_err = $confirm_password_err = "";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Validate new password
if(empty(trim($_POST["new_password"]))){
$new_password_err = "Please enter the new password.";
} elseif(strlen(trim($_POST["new_password"])) < 6){
$new_password_err = "Password must have atleast 6 characters.";
} else{
$new_password = trim($_POST["new_password"]);
}
// Validate confirm password
if(empty(trim($_POST["confirm_password"]))){
$confirm_password_err = "Please confirm the password.";
} else{
$confirm_password = trim($_POST["confirm_password"]);
if(empty($new_password_err) && ($new_password != $confirm_password)){
$confirm_password_err = "Password did not match.";
}
}
// Check input errors before updating the database
if(empty($new_password_err) && empty($confirm_password_err)){
// Prepare an update statement
$sql = "UPDATE User_Accounts_ SET password = ? WHERE username = ?";
if($stmt = mysqli_prepare($link, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ss", $param_password, $username);
// Set parameters
$param_password = password_hash($new_password, PASSWORD_DEFAULT);
$username = $_POST['username'];
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Password updated successfully. Destroy the session, and redirect to login page
session_destroy();
header("location: login.php");
exit();
} else{
echo "Oops! Something went wrong. Please try again later.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Close connection
mysqli_close($link);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Reset Password</title>
<style type="text/css">
body{ font: 14px sans-serif; }
.wrapper{ width: 350px; padding: 20px; }
</style>
</head>
<body>
<div class="wrapper">
<h2>Reset Password</h2>
<p>Please fill out this form to reset your password.</p>
<p><strong>Username</strong>
<input type="text" name="username" class="form-control">
</p>
<p> </p>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="form-group <?php echo (!empty($new_password_err)) ? 'has-error' : ''; ?>">
<label>New Password</label>
<input type="password" name="new_password" class="form-control" value="<?php echo $new_password; ?>">
<span class="help-block"><?php echo $new_password_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($confirm_password_err)) ? 'has-error' : ''; ?>">
<label>Confirm Password</label>
<input type="password" name="confirm_password" class="form-control">
<span class="help-block"><?php echo $confirm_password_err; ?></span>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Submit">
<a class="btn btn-link" href="welcome.php">Cancel</a>
</div>
</form>
</div>
</body>
</html>
I have a login system Username and Password.
My password is encrypted with bcrypt, if it okay to store that bcrypt in a session as $_SESSION["hash"]
To verify that the user is who they say they are?
Or do i only need to do
$_SESSION["username"]
Alright, I have created a hash password checker and here is my code: include("include.php"); // include the mySQL info! $users = mysql_query(" SELECT * FROM User "); // Select all from the users table in the database! while($row = mysql_fetch_array($users)) // While it fetches the users do the following... { if (hash("sha256", $password) == $row["Password"]) echo "Congratulations! The Hash matches the password entered into the database!"; } elseif (hash("sha256", $password) != $row["Password"]) { echo "Your Hash failed to match the password entered!"; } Now for some reason this displays a totally blank page. When I turn error display on I get the error "Unexpected T_ELSEIF" on this line elseif (hash("sha256", $password) != $row["Password"]) Any help is appreciated... Ok so now i have almost finished my registration page but i have this odd problem.. I could explain it but i'll show you a picture instead so you understand better.. This is before and after pictures when i click sign up. As you can see, when you click sign up, all the form fields and the sign up button (wich isn't even in this file and uses a different css doc) change. Also there is a big invisible layer ontop of the page after you have clicked sign up so you cant use anything as you can see in picture 5. Any ideas what the problem can be? Here is my code aswell: HTML form: Code: [Select] <?php session_start(); if(isset($_POST['register'])) { include_once('classes/class.register.php'); $register = new Register(); if($register->process()) echo "Successfully Signed Up!"; else $register->show_errors(); } $token = $_SESSION['token'] = md5(uniqid(mt_rand(),true)); ?> <!doctype html> <html> <head> <link rel="stylesheet" type="text/css" href="css/main.css"> <link rel="stylesheet" type="text/css" href="css/register.css"> <script type="text/javascript" src="js/passwordmeter.js"></script> </head> <body> <script src="jquery.js"></script> <div class="center"> <!-- PHP --> <?php require("html/menu.inc"); ?> <?php require("html/layout.inc"); ?> <?php require("html/login.inc"); ?> <!-- PHP --> <div class="register"> <header>Sign Up Now!</header> <form method="POST" action="<?php echo $_SERVER['PHP_SELF'];?>"> <ul> <li> <label for="username">* Username: </label><br /> <input name="username" class="rusernamefield" type="text" value="<?php echo $username; ?>"></input> </li> <li> <label for="first_name">* First Name: </label><br /> <input name="first_name" class="rfirstnamefield" type="text" value="<?php echo $first_name; ?>"></input> </li> <li> <label for="last_name">Last Name: </label><br /> <input name="last_name" class="rlastnamefield" type="text" value="<?php echo $last_name; ?>"></input> </li> <li> <label for="password">* Password: </label><br /> <input type="password" name="password" class="rpasswordfield" onkeyup='password_strength(this.value)'></input> </li> <div id="password_strength_border"> <div id="password_strength" class="strength0"></div> </div> <li> <label for="email">* Email Address: </label><br /> <input name="email" class="remail" type="email" placeholder="email@address.com" value="<?php echo $email; ?>"></input> </li> <li> <label for="confemail">* Confirm Email Address: </label><br /> <input name="confemail" class="rconfirmemail" type="email" placeholder="email@address.com" value="<?php echo $confemail; ?>"></input> </li> <li> <label for="gender">* Gender: </label><br /> <select name="gender"> <option selected="selected" disabled="disabled">Choose</option> <option value="Man">Man</option> <option value="Woman">Woman</option> </select> </li> <li> <label for="birth_month">* Birth Day: </label><br /> <select name="birth_month"> <option disabled="disabled" selected="selected">Month</option> <option value="01">January</option> <option value="02">February</option> <option value="03">March</option> <option value="04">April</option> <option value="05">May</option> <option value="06">June</option> <option value="07">July</option> <option value="08">August</option> <option value="09">September</option> <option value="10">October</option> <option value="11">November</option> <option value="12">December</option> </select> <select name="birth_day"> <option disabled="disabled" selected="selected">Day</option> <option value="01">1</option> <option value="02">2</option> <option value="03">3</option> <option value="04">4</option> <option value="05">5</option> <option value="06">6</option> <option value="07">7</option> <option value="08">8</option> <option value="09">9</option> <option value="10">10</option> <option value="11">11</option> <option value="12">12</option> <option value="13">13</option> <option value="14">14</option> <option value="15">15</option> <option value="16">16</option> <option value="17">17</option> <option value="18">18</option> <option value="19">19</option> <option value="20">20</option> <option value="21">21</option> <option value="22">22</option> <option value="23">23</option> <option value="24">24</option> <option value="25">25</option> <option value="26">26</option> <option value="27">27</option> <option value="28">28</option> <option value="29">29</option> <option value="30">30</option> <option value="31">31</option> </select> <select name="birth_year"> <option disabled="disabled" selected="selected">Year</option> <option value="2011">2011</option> <option value="2010">2010</option> <option value="2009">2009</option> <option value="2008">2008</option> <option value="2007">2007</option> <option value="2006">2006</option> <option value="2005">2005</option> <option value="2004">2004</option> <option value="2003">2003</option> <option value="2002">2002</option> <option value="2001">2001</option> <option value="2000">2000</option> <option value="1999">1999</option> <option value="1998">1998</option> <option value="1997">1997</option> <option value="1996">1996</option> <option value="1995">1995</option> <option value="1994">1994</option> <option value="1993">1993</option> <option value="1992">1992</option> <option value="1991">1991</option> <option value="1990">1990</option> <option value="1989">1989</option> <option value="1988">1988</option> <option value="1987">1987</option> <option value="1986">1986</option> <option value="1985">1985</option> <option value="1984">1984</option> <option value="1983">1983</option> <option value="1982">1982</option> <option value="1981">1981</option> <option value="1980">1980</option> <option value="1979">1979</option> <option value="1978">1978</option> <option value="1977">1977</option> <option value="1976">1976</option> <option value="1975">1975</option> <option value="1974">1974</option> <option value="1973">1973</option> <option value="1972">1972</option> <option value="1971">1971</option> <option value="1970">1970</option> <option value="1969">1969</option> <option value="1968">1968</option> <option value="1967">1967</option> <option value="1966">1966</option> <option value="1965">1965</option> <option value="1964">1964</option> <option value="1963">1963</option> <option value="1962">1962</option> <option value="1961">1961</option> <option value="1960">1960</option> <option value="1959">1959</option> <option value="1958">1958</option> <option value="1957">1957</option> <option value="1956">1956</option> <option value="1955">1955</option> <option value="1954">1954</option> <option value="1953">1953</option> <option value="1952">1952</option> <option value="1951">1951</option> <option value="1950">1950</option> <option value="1949">1949</option> <option value="1948">1948</option> <option value="1947">1947</option> <option value="1946">1946</option> <option value="1945">1945</option> <option value="1944">1944</option> <option value="1943">1943</option> <option value="1942">1942</option> <option value="1941">1941</option> <option value="1940">1940</option> <option value="1939">1939</option> <option value="1938">1938</option> <option value="1937">1937</option> <option value="1936">1936</option> <option value="1935">1935</option> <option value="1934">1934</option> <option value="1933">1933</option> <option value="1932">1932</option> <option value="1931">1931</option> <option value="1930">1930</option> <option value="1929">1929</option> <option value="1928">1928</option> <option value="1927">1927</option> <option value="1926">1926</option> <option value="1925">1925</option> <option value="1924">1924</option> <option value="1923">1923</option> <option value="1922">1922</option> <option value="1921">1921</option> <option value="1920">1920</option> <option value="1919">1919</option> <option value="1918">1918</option> <option value="1917">1917</option> <option value="1916">1916</option> <option value="1915">1915</option> <option value="1914">1914</option> <option value="1913">1913</option> <option value="1912">1912</option> <option value="1911">1911</option> <option value="1910">1910</option> <option value="1909">1909</option> <option value="1908">1908</option> <option value="1907">1907</option> <option value="1906">1906</option> <option value="1905">1905</option> <option value="1904">1904</option> <option value="1903">1903</option> <option value="1902">1902</option> <option value="1901">1901</option> <option value="1900">1900</option> </select> </li> <li> <label for="iagree" class="iagreetext">* I Agree to the <a href="#">Privacy Policy</a> and <a href="#">Terms of Use</a></label> <input name="iagree" type="checkbox" class="iagreebox"></input> </li> <input name="register" class="registerbutton" type="submit" value="Sign Up"></input> <p class="fieldsmarked">Fields marked with an (*) is required</p> <input type="hidden" name="token" value="<?php echo $token;?>"/> </ul> </form> </div> </div> </body> </html> PHP code to validate and process form: <?php if ($_SERVER['REQUEST_METHOD'] == "POST") { $username = isset($_POST['username'])?$_POST['username']:''; $first_name = isset($_POST['first_name'])?$_POST['first_name']:''; $last_name = isset($_POST['last_name'])?$_POST['last_name']:''; $email = isset($_POST['email'])?$_POST['email']:''; $confemail = isset($_POST['confemail'])?$_POST['confemail']:''; $gender = isset($_POST['gender'])?$_POST['gender']:''; $birth_month = isset($_POST['birth_month'])?$_POST['birth_month']:''; $birth_day = isset($_POST['birth_day'])?$_POST['birth_day']:''; $birth_year = isset($_POST['birth_year'])?$_POST['birth_year']:''; } $username = htmlspecialchars($username, ENT_QUOTES); $first_name = htmlspecialchars($first_name, ENT_QUOTES); $last_name = htmlspecialchars($last_name, ENT_QUOTES); $email = htmlspecialchars($email, ENT_QUOTES); $confemail = htmlspecialchars($confemail, ENT_QUOTES); $gender = htmlspecialchars($gender, ENT_QUOTES); $birth_month = htmlspecialchars($birth_month, ENT_QUOTES); $birth_day = htmlspecialchars($birth_day, ENT_QUOTES); $birth_year = htmlspecialchars($birth_year, ENT_QUOTES); class Register { private $username; private $first_name; private $last_name; private $password; private $passmd5; private $email; private $confemail; private $gender; private $birth_month; private $birth_day; private $birth_year; private $iagree; private $errors; private $token; public function __construct() { $this->errors = array(); $this->username = $this->filter($_POST['username']); $this->first_name = $this->filter($_POST['first_name']); $this->last_name = $this->filter($_POST['last_name']); $this->password = $this->filter($_POST['password']); $this->email = $this->filter($_POST['email']); $this->confemail = $this->filter($_POST['confemail']); $this->gender = $this->filter($_POST['gender']); $this->birth_month = $this->filter($_POST['birth_month']); $this->birth_day = $this->filter($_POST['birth_day']); $this->birth_year = $this->filter($_POST['birth_year']); $this->iagree = $this->filter($_POST['iagree']); $this->token = $_POST['token']; $this->passmd5 = md5($this->password); } public function process() { if($this->valid_token() && $this->valid_data()) $this->register(); return count($this->errors)? 0 : 1; } public function filter($var) { return preg_replace('/[^a-zA-Z0-9@.]/','',$var); } public function register() { mysql_connect("localhost","root","") or die(mysql_error()); mysql_select_db("membership") or die (mysql_error()); $sql = "INSERT INTO users(username,password,first_name,last_name,email,gender,birth_month,birth_day,birth_year) VALUES ('{$this->username}','{$this->passmd5}','{$this->first_name}','{$this->last_name}','{$this->email}','{$this->gender}','{$this->birth_month}','{$this->birth_day}','{$this->birth_year}')"; mysql_query($sql) or die(mysql_error()); if(mysql_affected_rows()< 1) $this->errors[] = "Could Not Process Form"; } public function user_exists() { mysql_connect("localhost","root","") or die(mysql_error()); mysql_select_db("membership") or die (mysql_error()); $data = mysql_query("SELECT username FROM users WHERE username = '{$this->username}'"); return mysql_num_rows($data) > 0 ? 1 : 0; } public function show_errors() { foreach($this->errors as $key=>$value) echo "<div class=errormessages> $value </div> <br />"; } public function valid_data() { if ($this->user_exists()){ $this->errors[] = 'The username is already taken, choose another one!'; } if (empty($this->username)){ $this->errors[] = 'You must enter a username!'; } if (empty($this->first_name)){ $this->errors[] = 'You must enter your first name'; } if (empty($this->password)){ $this->errors[] = 'You must enter a password!'; } elseif (strlen($this->password) < 6){ $this->errors[] = 'Your password must be longer than 6 characters!'; } if (empty($this->email)){ $this->errors[] = 'You must enter an email address!'; } elseif (!preg_match('/^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.[a-zA-Z]{2,4}$/',$this->email)){ $this->errors[] = 'You must enter a valid email address!'; } elseif ($this->email != $this->confemail){ $this->errors[] = 'The email addresses you entered did not match!'; } if (empty($this->gender)){ $this->errors[] = 'Choose your gender!'; } if (empty($this->birth_month)){ $this->errors[] = 'Select which month you were born!'; } if (empty($this->birth_day)){ $this->errors[] = 'Select which day you were born!'; } if (empty($this->birth_year)){ $this->errors[] = 'Select which year you were born!'; } if (empty($this->iagree)){ $this->errors[] = 'You must agree to the <a href="#">Privacy Policy</a> and <a href="#">Terms of Use</a> to sign up!'; } return count($this->errors)? 0 : 1; } public function valid_token() { if(!isset($_SESSION['token']) || $this->token != $_SESSION['token']) $this->errors[] = "Invalid Submission"; return count($this->errors)? 0 : 1; } } ?> Is this okay to do for dealing with passwords before running an insert query into a database? $password = sha1(mysqli_real_escape_string($dbc, $_POST['password'])); Is there anything wrong in doing this? I currently have 100,000+ users all with their passwords hashed in md5(). I want to secure it a bit by simply hashing all of their existing hashes to sha1() and then check their password matches the sha1(md5()). Is there any reason why I shouldn't do this? I have the following array which builds a concatenation of the items in tree-like form. $arrayT = array(); $arrayT[0] = "a"; $arrayT[1] = "b"; $arrayT[2] = "c"; $arrayT[3] = "d"; $arrayT[4] = "e"; $arrayT[5] = "f"; $arrayT[6] = "g"; $arrayT[7] = "h"; $arrayT = buildTree($arrayT); print_r($arrayT); function buildTree($array) { $arrayTree = $array; $start = 0; $end = count($arrayTree); $i = 0; while ($start != $end - 1) { if ($i % 2 == 1) { $arrayTree[count($arrayTree) - 1].=$arrayTree[$start + $i]; } else $arrayTree[] .= $arrayTree[$start + $i]; $i++; if (($start + $i) == $end) { $i = 0; $start = $end; $end = count($arrayTree); } } return $arrayTree; } Example output is Quote Array ( => a [1] => b [2] => c [3] => d [4] => e [5] => f [6] => g [7] => h [8] => ab [9] => cd [10] => ef [11] => gh [12] => abcd [13] => efgh [14] => abcdefgh ) I would like the values to be hashed using sha1. e.g value at [8] ab would be the hash of a and [1] b, value [12]abcd would be the hash of the values at [8]ab and [9]cd. I modified it myself in the next code snippet but I still don't feel it's doing what it's meant function buildTree($array) { $arrayTree = $array; $start = 0; $end = count($arrayTree); $i = 0; while ($start != $end - 1) { if ($i % 2 == 1) { $arrayTree[count($arrayTree) - 1].=$arrayTree[$start + $i]; sha1($arrayTree[count($arrayTree)-1].=$arrayTree[$start + $i]); } else $arrayTree[] .= sha1($arrayTree[$start + $i]); $i++; if (($start + $i) == $end) { $i = 0; $start = $end; $end = count($arrayTree); } } return $arrayTree; } $val1 = sha1($arrayT[0]); $val2 = sha1($arrayT[1]); $val3 = sha1($val1.$val2); $val4 = sha1("ab"); echo "VAL1 ".$val1; echo "<br/>"; echo "VAL2 ".$val2; echo "<br/>"; echo "VAL3 ".$val3; echo "<br/>"; echo "VAL4 ".$val4; Anyone any ideas? Thankyou. Hi, So basically this is error: Code: [Select] if (strcmp($extuser,$username) == 0 && strcmp($extpass,$password) == 0) extpass is a value it reads from the database. That value is sha1-hashed. Password is plain and is sent via a form. So what happens is the following: extuser and username equals 0, as they match. extpass and password matches IF i put the sha1 hashed password as the password. So no problems in that, it's supposed to work that way. If we change the code a bit, so that the user shouldn't post an unknown password: Code: [Select] if (strcmp($extuser,$username) == 0 && strcmp($extpass,sha1($password)) == 0) Right, so we take the submitted password and sha1 it. Then check if that new string matches the database and whops, login failed. Okay.. by doing some debugging by printing the actual values i conclude this: The sha1($password) equals 139a8cf8be8..... while in my database all the letters are CaSe. This is most likely the error.. Any ideas for a fix? Hello all, I looked everytwhere to find the answer to my question bug so far, no luck. I hope someone here can help me with this issue. Oke, my problem is as following. I'm creating a string with a foreach loop that I then will has after the loop. The problem is, is that that string is addad to a variable. When I sha1 hash that variable with the sha1 function from within PHP I get a different hash as when I just echo the string and manually hash that. The point is, is that the manually hashed string is then correct, and the automitically hash string isn't. This is the code I'm using, can someone tell me where to look at to solve this problem? if (is_array($this->getFormData())){ foreach ($this->getFormData() as $name => $value) { $string .= $name."=".$value.$shamethod; } } $hashstring = sha1($string, false); echo '<br /><br />'.$hashstring.'<br /><br />'; echo $string; Thanks for your time. Dok Php Lovers,
When you register on my site, you supposed to get an account activation link emailed to confirm your email and account opening. Activation Link contains activation code. Code, I wanted all numbers like so: 193736262829292 And not alphanumerical like so: djkqh3kl3lwnj3j22b Someone did this line for me 1.5yrs back and only just came to my attention it is generating alphanumeric chars as I was checking the column where it would save the code to see if the column type is correct or not. Type was varchar all this time. If the code becomes only numerical then can switch column (account_activation_code) type to "INT".
$account_activation_code = sha1( (string) mt_rand(0,99999999)); //Type Casted the INT to STRING on the 11st parameter of sha1 as it needs to be a string.
Another programmer did that line 1.5yrs back. Lost contact with him. Tell me, why sha1 needs to be TypeCasted to "STRING" ? As far as I remember 1.5yrs back it had to be converted to STRING. Else, was giving error. I mean, we dealing with INT here "mt_rand(0,99999999)" so why php force us to TypeCast to STRING here ? Absurd! Right ? Context:
<?php
//Required PHP Files.
include 'configurations_site.php'; //Required on all webpages of the site. Must include here too. Else, conn.php data would not be found. conn.php residing in site_configurations.php.
include 'header_site.php';
//Step 1: Before registering user Account, check if User is already registered or not. Else, check if User is registering through invitation or not.
//Check if User is already logged-in or not. Get the login_check() custom FUNCTION to check.
if (login_check() === TRUE)
{
die("You are already logged-in! No need to register again!");
}
//Check if the Url contains a Sponsor Username or not. If not, then barr the registration.
if (isset($_GET['sponsor_username']) && !empty($_GET['sponsor_username']))
{
$sponsor_username = $_GET["sponsor_username"];
}
else
{
die("Signups only through invitations only!<br>
Therefore, you need to be invited by a registered member who knows you personally!");
}
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
//Step 2: Check User submitted details.
//Check if User made all the required inputs or not.
if (isset($_POST["fb_tos_agreement_reply"]) ||
isset($_POST["username"]) &&
isset($_POST["password"]) &&
isset($_POST["password_confirmation"]) &&
isset($_POST["fb_tos"]) &&
isset($_POST["primary_domain"]) &&
isset($_POST["primary_domain_confirmation"]) &&
isset($_POST["primary_website_email"]) &&
isset($_POST["primary_website_email_confirmation"]) &&
isset($_POST["age_range"])) {
//Step 3: Check User details for matches against database. If no matches then validate inputs to register User Account.
//Create Variables based on user inputs.
$fb_tos_agreement_reply = trim($_POST["fb_tos_agreement_reply"]);
$username = filter_var(trim($_POST["username"],FILTER_SANITIZE_STRING));
$password = $_POST["password"];
$password_confirmation = $_POST["password_confirmation"];
$primary_website_domain = filter_var(trim($_POST["primary_website_domain"],FILTER_SANITIZE_DOMAIN));
$primary_website_domain_confirmation = filter_var(trim($_POST["primary_website_domain_confirmation"],FILTER_SANITIZE_DOMAIN));
$primary_website_email = filter_var(trim($_POST["primary_website_email"],FILTER_SANITIZE_EMAIL));
$primary_website_email_confirmation = filter_var(trim($_POST["primary_website_email_confirmation"],FILTER_SANITIZE_EMAIL));
$primary_website_email_extracted_domain = substr(strrchr($primary_website_email,"@"),1);
$age_range = filter_var(trim($_POST["age_range"],FILTER_SANITIZE_STRING));
$account_activation_code = sha1( (string) mt_rand(0,99999999)); //Type Casted the INT to STRING on the 11st parameter of sha1 as it needs to be a string.
$account_activation_link = sprintf("http://www.%s/%s/activate_account.php?website_email=%s@account_activation_code=%s",
$site_domain,$social_network_name,urlencode("$primary_website_email"),urlencode($account_activation_code));
$account_activation_status = 0; //1 = active; 0 = inactive.
$hashed_password = password_hash($password,PASSWORD_DEFAULT); //Encrypt the password.
if (strlen($fb_tos_agreement_reply) < 1 || $fb_tos_agreement_reply != "Yes") {
echo "You must agree to our <a href='tos.html'>Terms & Conditions</a>!";
//Check if inputted Username is valid or not.
} elseif (!filter_var($username,FILTER_VALIDATE_STRING)) {
echo "You entered an Invalid Username!";
//Check if inputted Username is between the required 8 to 30 characters long or not.
} elseif (strlen($username) < 8 || strlen($username) > 30) {
echo "Username has to be between 8 to 30 characters long!";
//Check if Password is between 8 to 30 characters long or not.
} elseif (strlen($password) < 8 || strlen($password) > 30) {
echo "Password must be between 8 to 30 characters long!";
//Check if both inputted Passwords match or not.
} elseif ($password != $password_confirmation) {
echo "Your entered 2 Passwords don't match!";
//Check if both inputted Domains match or not.
} elseif ($primary_website_domain != $primary_website_domain_confirmation) {
echo "Your entered 2 Primary Website Domains don't match!";
//Check if inputted Domain is valid or not.
} elseif (!filter_var($primary_website_domain,FILTER_VALIDATE_DOMAIN)) {
echo "You entered an Invalid Domain Name!";
//Check if both Email Inputs match or not.
} elseif ($primary_website_email != $primary_website_email_confirmation) {
echo "Your 2 Email inputs don't match!";
//Check if inputted Email is valid or not.
} elseif (!filter_var($primary_website_email,FILTER_VALIDATE_EMAIL)) {
echo "You entered an Invalid Email Address!";
//Check if inputted Domain and Email Domain match or not.
} elseif ($primary_website_email_extracted_domain != $primary_website_domain) {
echo "Your Email Address must belong to your Domain Name: \"$primary_website_domain\"!";
}
else
{
//Select Username and Email to check against Mysql DB if they are already regsitered or not.
$stmt = mysqli_prepare($conn,"SELECT username,primary_domain,primary_website_email FROM users WHERE username = ? OR primary_domain = ? OR primary_website_email = ?");
mysqli_stmt_bind_param($stmt,'sss',$username,$primary_website_domain,$primary_website_email);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
//Check if inputted Username is already registered or not.
if ($row['username'] == $username) {
echo "That Username is already registered!";
//Check if inputted Domain is already registered or not.
} elseif ($row['primary_domain'] == $primary_website_domain) {
echo "That Domain Name is already registered!";
//Check if inputted Email is already registered or not.
} elseif ($row['primary_website_email'] == $primary_website_email) {
echo "That Email Address is already registered!";
}
else
{
//Insert the User's inputs into Mysql database using Php's Sql Injection Prevention Method "Prepared Statements".
$stmt = mysqli_prepare($conn,"INSERT INTO users(account_activation_code,account_activation_status,id_video_verification_status,sponsor_username,recruits_number,username,password,primary_domain,primary_website_email,age_range,registering_country,registering_ip,registering_browser,registering_os,registering_isp) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)");
mysqli_stmt_bind_param($stmt,'siisissssssssss',$account_activation_code,$account_activation_status,$id_video_verification_status,$sponsor_username,$recruits_number,$username,$hashed_password,$primary_website_domain,$primary_website_email,$age_range,$registering_country,$registering_ip,$registering_browser,$registering_os,$registering_isp);
mysqli_stmt_execute($stmt);
//Check if User's registration data was successfully submitted or not.
if (!$stmt)
{
echo "Sorry! Our system is currently experiencing a problem registering your account! You may try registering some other time!";
exit();
}
else
{
//Email the Account Activation Link for the User to click it to confirm their email and activate their new account.
$to = "$primary_website_email";
$subject = "Your ".$site_name." Account Activation Details";
$body = nl2br("
===============================\r\n
".$site_name." \r\n
===============================\r\n
From: ".$site_admin_email."\r\n
To: ".$primary_website_email."\r\n
Subject: Your ".$subject."\r\n
Message: ".$username."\r\n
You need to click on this following <a href=".$account_activation_link.">link</a> to activate your account.\r\n
");
$headers = "From: ".$site_admin_email."\r\n";
if (!mail($to,$subject,$body,$headers))
{
echo "Sorry! We have failed to email you your Account Activation details. Please contact the website administrator!";
exit();
}
else
{
echo "<h3 style='text-align:center'>Thank you for your registration!<br /> Check your email $website_email for details on how to activate your account which you just registered.<h3>";
exit();
}
}
}
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title><?php echo "$social_network_name";?> Signup Page</title>
</head>
<body>
<div class ="container">
<?php
//Error Messages.
if (isset($_SESSION['error']) && !empty($_SESSION['error'])) {
echo '<p style="color:red;">'.$_SESSION['error'].'</p>';
}
?>
<?php
//Session Messages.
if (isset($_SESSION['message']) && !empty($_SESSION['message'])) {
echo '<p style="color:red;">'.$_SESSION['error'].'</p>';
}
?>
<?php
//Clear Registration Session.
function clear_registration_session()
{
//Clear the User Form inputs, Session Messages and Session Errors so they can no longer be used.
unset($_SESSION['message']);
unset($_SESSION['error']);
unset($_POST);
exit();
}
?>
<h2><p align="center"><?php echo "$site_name Member Sign Up Form";?></p></h2>
<form name "registration_form" method = "post" action="" enctype = "multipart/form-data">
<div class="form-group">
<p align="left"><label>Username:</label>
<input type="text" placeholder="Enter a unique Username" name="username" required [A-Za-z0-9] autocorrect=off value="<?php if(isset($_POST['username'])) { echo htmlentities($_POST['username']); }?>">
</p>
</div>
<div class="form-group">
<p align="left"><label>Password:</label>
<input type="password" placeholder="Enter a new Password" name="password" required [A-Za-z0-9] autocorrect=off>
</p>
</div>
<div class="form-group">
<p align="left"><label>Repeat Password:</label>
<input type="password" placeholder="Repeat Password" name="password_confirmation" required [A-Za-z0-9] autocorrect=off>
</p>
</div>
<div class="form-group">
<p align="left"><label>Primary Domain:</label>
<input type="text" placeholder="Enter your Primary Domain" name="primary_website_domain" required [A-Za-z0-9] autocorrect=off value="<?php if(isset($_POST['primary_website_domain'])) { echo htmlentities($_POST['primary_website_domain']); }?>">
</p>
</div>
<div class="form-group">
<p align="left"><label>Repeat Primary Domain:</label>
<input type="text" placeholder="Repeat Primary Domain" name="primary_website_domain_confirmation" required [A-Za-z0-9] autocorrect=off value="<?php if(isset($_POST['primary_website_domain_confirmation'])) { echo htmlentities($_POST['primary_website_domain_confirmation']); }?>">
</p>
</div>
<div class="form-group">
<p align="left"><label>Primary Website Email:</label>
<input type="text" placeholder="Primary Website Email" name="primary_website_email" required [A-Za-z0-9] autocorrect=off value="<?php if(isset($_POST['primary_website_email'])) { echo htmlentities($_POST['primary_website_email']); }?>">
</p>
</div>
<div class="form-group">
<p align="left"><label>Repeat Primary Website Email:</label>
<input type="text" placeholder="Repeat Website Email" name="primary_website_email_confirmation" required [A-Za-z0-9] autocorrect=off value="<?php if(isset($_POST['primary_website_email_confirmation'])) { echo htmlentities($_POST['primary_website_email_confirmation']); }?>">
</p>
</div>
<div class="form-group">
<p align="left"><label>Age Range:</label>
<input type="radio" name="age_range" value="18-20" <?php if(isset($_POST['age_range'])) { echo 'checked'; }?> required>18-20
<input type="radio" name="age_range" value="21-25" <?php if(isset($_POST['age_range'])) { echo 'checked'; }?> required>21-25
<input type="radio" name="age_range" value="26-30" <?php if(isset($_POST['age_range'])) { echo 'checked'; }?> required>26-30
<input type="radio" name="age_range" value="31-35" <?php if(isset($_POST['age_range'])) { echo 'checked'; }?> required>31-35
<input type="radio" name="age_range" value="36-40" <?php if(isset($_POST['age_range'])) { echo 'checked'; }?> required>36-40
<input type="radio" name="age_range" value="41-45" <?php if(isset($_POST['age_range'])) { echo 'checked'; }?> required>41-45
<input type="radio" name="age_range" value="46-50" <?php if(isset($_POST['age_range'])) { echo 'checked'; }?> required>46-50
<input type="radio" name="age_range" value="51-55" <?php if(isset($_POST['age_range'])) { echo 'checked'; }?> required>51-55
<input type="radio" name="age_range" value="56-60" <?php if(isset($_POST['age_range'])) { echo 'checked'; }?> required>56-60
<input type="radio" name="age_range" value="61-65" <?php if(isset($_POST['age_range'])) { echo 'checked'; }?> required>61-65
<input type="radio" name="age_range" value="66-70" <?php if(isset($_POST['age_range'])) { echo 'checked'; }?> required>66-70
<input type="radio" name="age_range" value="71-75" <?php if(isset($_POST['age_range'])) { echo 'checked'; }?> required>71-75
</p>
</div>
<div class="form-group">
<p align="left"><label>Agree To Our Terms & Conditions ? :</label>
<input type="radio" name="fb_tos_agreement_reply" value="Yes" <?php if(isset($_POST['fb_tos_agreement_reply'])) { echo 'checked'; }?> required>Yes
<input type="radio" name="fb_tos_agreement_reply" value="No" <?php if(isset($_POST['fb_tos_agreement_reply'])) { echo 'checked'; }?> required>No
</p>
</div>
<p align="left"><input type="submit" class="btn btn-default" name="submit" value="Submit"></p>
<p align="left"><input type="reset" class="btn btn-default" name="reset" value="Reset"></p>
<p align="left"><font color="red" size="3"><b>Already have an account ?</b><a href="login.php">Login here!</a></font></p>
</form>
</div>
</body>
</html>
I am still experimenting with SANITIZATION and so ignore the SANITIZATION lines.
I have an application that uses the PHP LDAP library to connect to the Windows Active Directory:
$ds = ldap_connect($ini['ad_server']) or die("Could not connect");
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); I am wondering if anyone knows if this upcoming patch "2020 LDAP channel binding and LDAP signing" coming from Microsoft will break any PHP applications that are using this ldap library. Thanks in advance,
M Hi everyone I'm new around here but thought it's about time I joined a good PHP forum! I'll introduce myself properly on the right section, but for now, I'll my post my coding problem on here. I wonder if any has any knowledge or can help. I'm setting up a connection from my web server to a potential data supplier web server, which involves a load of encryption. One of the stages is generating a SHA1 hash of an encrypted string. Now I've got some old example code, however the "mhash" function used in this old code appears to obsolete. Thus is doesn't work. I've tried using the available "sha1" and "hash" functions but cannot replicate the hashed output they provide. Here's the original code: Code: [Select] $encrypted_string = "B0436CBFBC5CAAFB7339AF4A1DF845974D53B9D369146E2E4F1451929D9EBE254363E983F4F94517EB9585FDB112E7B1CCE11A33C5BBA23F8D5DE9D3415BA526489AC796A36FBA76D4293C8DFB673708CED10C9732EEC472D9E43D2626AA104121666E79DD8F2FF6BAC0143BD62E0EE826AF6459779C162613508D48BFE2FC8DD558A1834D7205F96EA8D446E9B371E78E990A3995B1052DCBA9CA0AF99CC77ED2A8B55B2B882BA29D4BB4B07FA91AB4D2F10FBB93732B077335A7E6D96FE813AEDC3711A85CD0C13AE22B28C14FCCE3AF4C1F5D2C0F7697DEC7487CCFC0ED4E77B1B65F39BAD5236E3D3C69D33FC484"; $hashBinaryValue = mhash(MHASH_SHA1, $encrypted_string); $hashValue = bin2hex($hashBinaryValue); echo 'hashValue='.$hashValue.'<br>'; The example hashed output should be: Code: [Select] 31f6d26b18d3c04895cdc2cc05cbd9ad003f2d3e I cannot seem to replicate this output using the available functions? I've tried the following: Code: [Select] $hashBinaryValue = hash('sha1', $encrypted_string); $hashValue = bin2hex($hashBinaryValue); And also: Code: [Select] $hashBinaryValue = sha1($encrypted_string); $hashValue = bin2hex($hashBinaryValue); Both generate: Code: [Select] 37333736363862393037313732326265346438396433633236383936363430376434613665363231 I've found a webpage that can generate the SHA1 hash, but do not know what language they've done it in. http://www.fileformat.info/tool/hash.htm?hex=B0436CBFBC5CAAFB7339AF4A1DF845974D53B9D369146E2E4F1451929D9EBE254363E983F4F94517EB9585FDB112E7B1CCE11A33C5BBA23F8D5DE9D3415BA526489AC796A36FBA76D4293C8DFB673708CED10C9732EEC472D9E43D2626AA104121666E79DD8F2FF6BAC0143BD62E0EE826AF6459779C162613508D48BFE2FC8DD558A1834D7205F96EA8D446E9B371E78E990A3995B1052DCBA9CA0AF99CC77ED2A8B55B2B882BA29D4BB4B07FA91AB4D2F10FBB93732B077335A7E6D96FE813AEDC3711A85CD0C13AE22B28C14FCCE3AF4C1F5D2C0F7697DEC7487CCFC0ED4E77B1B65F39BAD5236E3D3C69D33FC484 Any help or input would be greatly appreciated =) |
|||||||