How can i login in?
Moderator: General Moderators
Re: How can i login in?
Why do you have to decrypt it? It's not too safe..
And to be honest, i think md5 is just fine, you dont have to go to sha crypting, well, atleast i think that with your current skills, you are not coding anything that needs stronger protection than md5 gives.
I dont think hashes can even be decrypted, not sure about that tho..
And to be honest, i think md5 is just fine, you dont have to go to sha crypting, well, atleast i think that with your current skills, you are not coding anything that needs stronger protection than md5 gives.
I dont think hashes can even be decrypted, not sure about that tho..
Re: How can i login in?
sir what's wrong with my code? I tried md5(), still can't get it done
kindly check it please:
checklogin.php
here is the code for update.php
kindly check it please:
checklogin.php
Code: Select all
<?php
//start session
session_start();
//include mysql_connection.php to connect to the database
require_once("mysql_connection.php");
// Define $myusername and $mypassword
$myusername=$_POST['username'];
$mypassword=$_POST['password'];
// To protect MySQL injection
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
// encrypt password
$encrypted_mypassword=md5($mypassword);
$sql="SELECT id, firstName, lastName FROM $tbl_name WHERE loginName='$myusername' and passWord='$encrypted_mypassword'";
$result=mysql_query($sql);
echo $sql;
//code to check for errors
/*
if (!$result) {
echo "Could not successfully run query ($sql) from DB: " . mysql_error();
exit;
}
*/
$count=mysql_num_rows($result);
if ($count==1) {
$data = mysql_fetch_assoc($result);
$_SESSION['user'] = array('id' => $data['id'], 'realName'=>$data['firstName'] . ' ' . $data['lastName']);
header("location:main.php");
exit();
}
else {
$error = "<b>ERROR</b>: Invalid Username / Password";
}
mysql_close();
?>Code: Select all
<?php
//start session
session_start();
//include mysql_connection.php to connect to the database
require_once("mysql_connection.php");
if(!isset($_SESSION['user'])){
header("location:index.php");
}
else{
// Define $myusername and $mypassword
$newLoginName=$_POST['newLoginName'];
$newFirstName=$_POST['newFirstName'];
$newLastName=$_POST['newLastName'];
$newEmailAdd=$_POST['newEmailAdd'];
//form processing
$mypassword = $_POST['newPassWord'];
$mypassword = mysql_real_escape_string($newPassWord);
// encrypt password
$encrypted_mypassword=md5($mypassword);
// update data in mysql database
$sql="UPDATE $tbl_name SET loginName = '$newLoginName', passWord = '$encrypted_mypassword', firstName = '$newFirstName', lastName='$newLastName', emailAdd='$newEmailAdd'";
$result=mysql_query($sql);
//echo $sql;
}
// if successfully updated.
if($result){
$updateSuccess = "<b>SUCCESS</b>: Your account has been updated.";
$sql="SELECT * FROM $tbl_name";
$result = mysql_query($sql);
$row=mysql_fetch_array($result);
$dusername=$row['loginName'];
$dpassword=$row['passWord'];
$dfirstName=$row['firstName'];
$dlastName=$row['lastName'];
$demailAdd=$row['emailAdd'];
}
else {
$updateError = "<b>ERROR</b>: Invalid Username / Password";
}
?>Re: How can i login in?
The hashing mechanism you use in storing passwords isn't that critical. The reason being that (hopefully) the end user never has access to the hash value stored in the database, so they don't have a basis for breaking the code.
There is a lot of hype blowing around about md5 and sha being 'broken', and for some uses this is true. But this in not one of them. A person hunting for a collision needs to know the end hash, and without it they need to try to brute force your authentication system by banging away with random passwords. That is easily overcome by making a 5 failed attempt lockout for 15 - 30 minutes.
Regardless, you're going to want to compare the hashed password in your database with the hashed password your user submitted (hence the reason why a random salt wont work - you will not be able to replicate it).
Just to clarify for you, once you hash that password, it cannot be un-hashed. It becomes a hash representation of the password. The only way to get the original password back would be to hash combinations of characters until you find a combination that makes the same hash value.
So you hash your password and store it into the database, and then on logon, you'll need to hash the user supplied password using the same method you used when you hashed it the first time, and use that as the password value when you pull from the database.
Hope that helps
There is a lot of hype blowing around about md5 and sha being 'broken', and for some uses this is true. But this in not one of them. A person hunting for a collision needs to know the end hash, and without it they need to try to brute force your authentication system by banging away with random passwords. That is easily overcome by making a 5 failed attempt lockout for 15 - 30 minutes.
Regardless, you're going to want to compare the hashed password in your database with the hashed password your user submitted (hence the reason why a random salt wont work - you will not be able to replicate it).
Just to clarify for you, once you hash that password, it cannot be un-hashed. It becomes a hash representation of the password. The only way to get the original password back would be to hash combinations of characters until you find a combination that makes the same hash value.
So you hash your password and store it into the database, and then on logon, you'll need to hash the user supplied password using the same method you used when you hashed it the first time, and use that as the password value when you pull from the database.
Hope that helps
Re: How can i login in?
The password you have in the database has been stored as an md5 hash I assume? It's not plain text in there?
Re: How can i login in?
Hello sir Stryks. Thank God your here. I know sir. But I can't get it to work. I've check my database tables and it's value. the password field is hashed. But when i tried to login, and provide the correct username and password that i have set in update.php it won't let me in.
Hope you understand. Did you check the code above? I have posted the checklogin.php and update.php. Is there anything wrong with it?
Hope you understand. Did you check the code above? I have posted the checklogin.php and update.php. Is there anything wrong with it?
Re: How can i login in?
Seems fine to me, except:
You have 2 mistakes here,
1. update.php page
2. You're still missing WHERE from your UPDATE query.. Please read some tutorials to get it clear..
Code: Select all
//form processing
$mypassword = $_POST['newPassWord'];
$mypassword = mysql_real_escape_string($newPassWord);
// encrypt password
$encrypted_mypassword=md5($mypassword);
// update data in mysql database
$sql="UPDATE $tbl_name SET loginName = '$newLoginName', passWord = '$encrypted_mypassword', firstName = $newFirstName', lastName='$newLastName', emailAdd='$newEmailAdd'";
$result=mysql_query($sql);
//echo $sql;
1. update.php page
Code: Select all
$mypassword = $_POST['newPassWord'];
$mypassword = mysql_real_escape_string($newPassWord); // I cant find $newPassWord variable on this pageRe: How can i login in?
Oh and one more thing im not sure of, maybe someone could lighten it up:
Is this even possible:
and if it is, should it be in different order?
I hope someone can answer this ;P
Is this even possible:
Code: Select all
$password = 'pass';
$password = mysql_real_escape_string($password);
$password = md($password);
Code: Select all
$password = 'pass';
$password = md($password);
$password = mysql_real_escape_string($password);
Re: How can i login in?
thanks desmi. Finally i got i working. The only problem there is the $mypassword = mysql_real_escape_string($newPassWord); I'm so sorry. I forgot to change $newPassWord to $mypassword.
wait up sir desmi. Ahmmmm. Where should i use WHERE? do i still have to use it? it still updates my password without WHERE.
Thanks a lot sir. thanks a lot. I'm so thankful. Thank you very much.
wait up sir desmi. Ahmmmm. Where should i use WHERE? do i still have to use it? it still updates my password without WHERE.
Thanks a lot sir. thanks a lot. I'm so thankful. Thank you very much.
Re: How can i login in?
desmi has pretty much covered everything I think.
To help you with the query aspect, what you will be wanting to update is records WHERE the id is the same as the user id that is stored in the session.
Now you just need to look up the correct mySQL format for UPDATE queries.
To help you with the query aspect, what you will be wanting to update is records WHERE the id is the same as the user id that is stored in the session.
Now you just need to look up the correct mySQL format for UPDATE queries.
Re: How can i login in?
Also, try adding a second user with a different password. You'll see why the where clause is important. 
Re: How can i login in?
There is only one user for this system sir. Thanks for a lot for the help and info.
Re: How can i login in?
It sounds like you don't know how sha1() works. It's not encryption. It's hashing. You can't decrypt it. That's impossible. You need to compare the user's password when they log in with the hash stored in the database, so you'll need to get the password, hash it, and then compare that in your sql, eg:zplits wrote:i know how $pass = sha1($_POST['password']); works and i know how to put it in the database. My problem is how can i decrypt it. what code shall i use?
Code: Select all
$password_hash = sha1($_POST['password']);
$sql = "SELECT * FROM `users` WHERE `username`='$username' AND `password`='$password_hash'";Re: How can i login in?
yes onion2k. I'm sorry for what i have said. My fault. I know sha1 and md5 aren't encryption. They're hashes.
I'm sorry for that.
I'm sorry for that.