PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
m0u53m4t
Forum Contributor
Posts: 101 Joined: Wed Apr 19, 2006 7:47 am
Location: Wales
Post
by m0u53m4t » Sun Apr 23, 2006 7:39 am
Here is my basic login thing:
Code: Select all
<?php
$username = $_GET["username"];
$password = md5($_GET["password"]);
if ($username == 'John' && $password == '5f4dcc3b5aa765d61d8327deb882cf99') {
echo 'Correct username and password';
}
else {
echo 'Incorrect username and password';
}
?>
But I use the method 'get' on my html, and therefore you can read the password in the url bar! What would I have to change to be able to change the html to use post?
Last edited by
m0u53m4t on Sun Apr 23, 2006 9:02 am, edited 1 time in total.
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098 Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia
Post
by Chris Corbyn » Sun Apr 23, 2006 7:42 am
<form method="post" ... > ?
m0u53m4t
Forum Contributor
Posts: 101 Joined: Wed Apr 19, 2006 7:47 am
Location: Wales
Post
by m0u53m4t » Sun Apr 23, 2006 7:44 am
Yes sorry, I got that, I meant in the php. I just changed the two at the top to
Code: Select all
$username = $_POST["username"];
$password = md5($_POST["password"]);
and it worked
m0u53m4t
Forum Contributor
Posts: 101 Joined: Wed Apr 19, 2006 7:47 am
Location: Wales
Post
by m0u53m4t » Sun Apr 23, 2006 7:51 am
Is it more secure to use
Code: Select all
$password = crc32(md5($_POST["password"]));
instead of just md5 btw?
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098 Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia
Post
by Chris Corbyn » Sun Apr 23, 2006 7:53 am
m0u53m4t wrote: Is it more secure to use
Code: Select all
$password = crc32(md5($_POST["password"]));
instead of just md5 btw?
No it's less secure since once you start hashing hashes you're more likely to generate collisions.
m0u53m4t
Forum Contributor
Posts: 101 Joined: Wed Apr 19, 2006 7:47 am
Location: Wales
Post
by m0u53m4t » Sun Apr 23, 2006 8:33 am
so $password = md5(crc32(sha1($_POST["password"]))); is less secure than $password = md5($_POST["password"]); ???
timvw
DevNet Master
Posts: 4897 Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium
Post
by timvw » Sun Apr 23, 2006 9:05 am
m0u53m4t wrote: so $password = md5(crc32(sha1($_POST["password"]))); is less secure than $password = md5($_POST["password"]); ???
CRC returns a number that exists out of 32 bits. Thus one only has to try 2 ^ 32 bit combinations...
m0u53m4t
Forum Contributor
Posts: 101 Joined: Wed Apr 19, 2006 7:47 am
Location: Wales
Post
by m0u53m4t » Sun Apr 23, 2006 9:42 am
So whats the most secure hash I can use?
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Sun Apr 23, 2006 10:13 am
Portable across all PHP 4 installs? SHA256. Look in Code Snippets for a class that performs such a function.