Page 1 of 1

Basic Hashing

Posted: Sun Apr 23, 2006 6:05 am
by m0u53m4t
Im reading http://uk.php.net/hash, but its not really very specific (for me anyay) If I have this code:

Code: Select all

<?php  
$username = $_GET["username"]; 
$password = $_GET["password"]; 


if ($username == 'John' && $password == 'password') {  
   echo 'Correct username and password';  

}  
else {  
  
   echo 'Incorrect username and password';  
}  
?>
But I want to hash the password first before comparing it (even though it still compares it too password, i havn't written up that bit of the script yet). I know this is probably very elimentary, but what is the basic code for it?

Posted: Sun Apr 23, 2006 6:09 am
by Oren
(using md5)

Code: Select all

<?php 
$username = $_GET["username"];
$password = md5($_GET["password"]);


if ($username == 'John' && $password == '5f4dcc3b5aa765d61d8327deb882cf99') { 
   echo 'Correct username and password'; 

} 
else { 
 
   echo 'Incorrect username and password'; 
} 
?>

Posted: Sun Apr 23, 2006 6:12 am
by m0u53m4t
Ok, but when someone logs in, they cant all just compare to the username and password there, so how can I get the php to compare it to a password in another file? and what file extention would it have?

Posted: Sun Apr 23, 2006 8:51 am
by timvw
m0u53m4t wrote:Ok, but when someone logs in, they cant all just compare to the username and password there, so how can I get the php to compare it to a password in another file?
You would have to search in the file if there is a matching username / (hashed) password combination.

http://www.php.net/file is a good starting point for file operations. (In case you go reading the lines, you might want to rtrim the lines in order that you don't compare the values with the original value + "\n").
m0u53m4t wrote:and what file extention would it have?
Name it something that makes it obvious it's a file with passwords. (And don't place it in the pubwww directory since that would allow people to browse to the file)

Posted: Sun Apr 23, 2006 8:52 am
by m0u53m4t
Ok, so here's my base php (presuming the password is w3ty8l and the file is called some.txt) :

Code: Select all

<?

$key = "w3ty8l";

//load file into $fc array

$fc=file("some.txt");

//open same file and use "w" to clear file

$f=fopen("some.txt","w");

//loop through array using foreach

foreach($fc as $line)
{
     if (!strstr($line,$key)) //look for $key in each line
           fputs($f,$line); //place $line back in file
}
fclose($f);

?>
Would that work (forgetting about usernames)?

Posted: Sun Apr 23, 2006 8:57 am
by timvw
Since when can you only read files in the current directory? First show us how you read and compare the data in your password file, then we'll give you hints how to solve eventual problems.

You read the file into an array.. Now show us how you find the user / password combo ;)

Posted: Sun Apr 23, 2006 8:58 am
by m0u53m4t
I have now. I edited my post. :roll: