fresher_06

Now I am successfully able to generate the crypted string .. now I want that generated string to be compared with user given input -- <?php /*This script is used to verify whether the crypt string generated from generatecryptpassword.php script matches with the new crypt string of the user input password Ideally $hash value will come from db , but we have taken it directly from the generatecryptpassword.php script . Also note that we need to escape the $ as \$ before comparing*/ $user_input= 'test123'; $hash = '$6$rounds=50000$86f50a6ac3d0839a$6oapcEjXqL5FsAS6Uj6LUeUxHhW3dH1/krfFwQYCOzg8qAHlPSu/Cvtq4p5XSzmi8yQ1g9F3/syAEhlVXKbQS1'; $newhash= str_replace('$','\$',$hash); echo $newhash . "\n"; /* To verify the hash: */ //$newhash="\$6\$rounds=50000\$86f50a6ac3d0839a\$6oapcEjXqL5FsAS6Uj6LUeUxHhW3dH1/krfFwQYCOzg8qAHlPSu/Cvtq4p5XSzmi8yQ1g9F3/syAEhlVXKbQS1"; echo crypt($user_input, $newhash) . "\n"; //optional if(crypt($user_input, $newhash) == $newhash) { echo "Password is correct!"; } else { echo "Password is invalid"; } ?> The problem over here is that when I am manually changing '$' to '\$' then things are working perfectly , but when I doing it through str_replace fn , it doesnt works and the final hash het generated a new one as below --- ##php ./comparecryptedpassword.php \$6\$rounds=50000\$86f50a6ac3d0839a\$6oapcEjXqL5FsAS6Uj6LUeUxHhW3dH1/krfFwQYCOzg8qAHlPSu/Cvtq4p5XSzmi8yQ1g9F3/syAEhlVXKbQS1 \$0lXFe./5bns <<-- this should be the original crypted string . but its some other value Password is invalid any pointers ..

i have written the below quick php script to show the quick usage of CRYPT Function -- <?php function cryptpassword($input) { $salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)); //$hash = crypt($input, "\$5\$rounds=50000\${$salt}\$"); // <<<--- AM I SUPPOSE TO USE THIS $hash = crypt($input, '$5$rounds=50000${$salt}$'); // <<<--- OR AM I SUPPOSE TO USE THIS return $hash; } $cryptedpassword = cryptpassword('test123');//pass the password which you want to encrypt echo $cryptedpassword; ?> It returns s below -- $5$rounds=50000${$wnklXJLpO.n6UXPwNPcZmLjSRZP0vOgbqTn3.rIplM4 what "$5$rounds=50000" is doing in the output , if yes then do we need to store the whole above generated string in db or just without the "$5$rounds=50000" part. Am i doing something wrong here ?

@requinix .. Now I am displaying same error message ""bad email and/or password" message in both cases , but i wanted to check if my script is vulnerable for sql injection or not as I have read somewhere that I should not allow negative numbers to enter. Thanks

I have the below basic PHP login script which I am using on my main website for the customers to log in ..Please let me know the potential threats in this script and any kind of loophole,which you feel ..any kind of suggestion will be highly appreciable .. Here is the script -- http://pastebin.com/TtbBmKvJ