Basic Hashing

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
m0u53m4t
Forum Contributor
Posts: 101
Joined: Wed Apr 19, 2006 7:47 am
Location: Wales

Basic Hashing

Post by m0u53m4t »

Im reading http://uk.php.net/hash, but its not really very specific (for me anyay) If I have this code:

Code: Select all

<?php  
$username = $_GET["username"]; 
$password = $_GET["password"]; 


if ($username == 'John' && $password == 'password') {  
   echo 'Correct username and password';  

}  
else {  
  
   echo 'Incorrect username and password';  
}  
?>
But I want to hash the password first before comparing it (even though it still compares it too password, i havn't written up that bit of the script yet). I know this is probably very elimentary, but what is the basic code for it?
User avatar
Oren
DevNet Resident
Posts: 1640
Joined: Fri Apr 07, 2006 5:13 am
Location: Israel

Post by Oren »

(using md5)

Code: Select all

<?php 
$username = $_GET["username"];
$password = md5($_GET["password"]);


if ($username == 'John' && $password == '5f4dcc3b5aa765d61d8327deb882cf99') { 
   echo 'Correct username and password'; 

} 
else { 
 
   echo 'Incorrect username and password'; 
} 
?>
User avatar
m0u53m4t
Forum Contributor
Posts: 101
Joined: Wed Apr 19, 2006 7:47 am
Location: Wales

Post by m0u53m4t »

Ok, but when someone logs in, they cant all just compare to the username and password there, so how can I get the php to compare it to a password in another file? and what file extention would it have?
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

m0u53m4t wrote:Ok, but when someone logs in, they cant all just compare to the username and password there, so how can I get the php to compare it to a password in another file?
You would have to search in the file if there is a matching username / (hashed) password combination.

http://www.php.net/file is a good starting point for file operations. (In case you go reading the lines, you might want to rtrim the lines in order that you don't compare the values with the original value + "\n").
m0u53m4t wrote:and what file extention would it have?
Name it something that makes it obvious it's a file with passwords. (And don't place it in the pubwww directory since that would allow people to browse to the file)
User avatar
m0u53m4t
Forum Contributor
Posts: 101
Joined: Wed Apr 19, 2006 7:47 am
Location: Wales

Post by m0u53m4t »

Ok, so here's my base php (presuming the password is w3ty8l and the file is called some.txt) :

Code: Select all

<?

$key = "w3ty8l";

//load file into $fc array

$fc=file("some.txt");

//open same file and use "w" to clear file

$f=fopen("some.txt","w");

//loop through array using foreach

foreach($fc as $line)
{
     if (!strstr($line,$key)) //look for $key in each line
           fputs($f,$line); //place $line back in file
}
fclose($f);

?>
Would that work (forgetting about usernames)?
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Since when can you only read files in the current directory? First show us how you read and compare the data in your password file, then we'll give you hints how to solve eventual problems.

You read the file into an array.. Now show us how you find the user / password combo ;)
Last edited by timvw on Sun Apr 23, 2006 8:59 am, edited 1 time in total.
User avatar
m0u53m4t
Forum Contributor
Posts: 101
Joined: Wed Apr 19, 2006 7:47 am
Location: Wales

Post by m0u53m4t »

I have now. I edited my post. :roll:
Post Reply