Code: Select all
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0.1 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
<TITLE>User Login</TITLE>
<SCRIPT type="text/javascript" src="md5.js">
function password()
{
hashedpassword ="";
if(document.getElementById('password').value =="")
{
alert("Please enter your password.");
document.write('<?UserLogin();?>');
}
else
{
hashedpassword = hex_md5(document.getElementById('password').value);
hasheedpassword = hashedpassword+'<? echo $_SESSION['challange']?>';
}
if(hashedpassword ==<? echo $_SESSION['password']?>)
{
window.location('http://localhost/MainMenu.php');
}
else
{
alert("Your username or password was incorrect please try again.");
document.write('<?UserLogin();?>');
}
}
</SCRIPT>
</HEAD>
<BODY>
<?
session_start();
include 'maintfunctions.php';
if($_POST['username']=="")
{
?>
<SCRIPT LANGUAGE ="javascript" TYPE ="text/javascript">
alert("Sorry the Username is incorrect please try again.");
document.write('<? UserLogin(); ?>');
</SCRIPT>
<?
}
else
{
$username = $_POST['username'];
$link = odbc_connect("ImmagetechQuiz","Trainee","tra1ning");
$passwordquery = "SELECT Password FROM tblStudents WHERE Username ='$username'";
$presult = odbc_exec($link,$passwordquery);
if(odbc_fetch_row($presult))
{
$_SESSION['password'] = md5(odbc_result($presult,"Password")+$_SESSION['challange']);
}
else
{
?>
<SCRIPT LANGUAGE = "javascript" TYPE ="text/javascript">
alert("Username does not exist in Database please try again.");
document.write('<?UserLogin();?>');
</SCRIPT>
<?
}
}
?>
</BODY>
</HTML>to answer the above questions I'm doing a random number generation that can go anywhere from 1 to 10000 as a challange value of sorts thats then sent to be hashed along with the actual password then compared to the one on the server who does the hash in the same manner. I see what your saying about storing the number in a database so its not used again I had not thought of that previously I guess I thought the chances of getting the same seed out of 10000 possible numbers was so low it wouldnt realistically matter. As far as SSL is conserned how is that commonly enabled and isnt that something that you have to pay so much for validation certificates to have functioning?