Jump to content

smallc28

Members
  • Posts

    38
  • Joined

  • Last visited

Everything posted by smallc28

  1. Where can I learn more about this I'm good at programming things but not so great at security. This is just practice for me that's why it lack security but Thanks
  2. Hello PHP freak members I learn how to ecrypt my password using the blow fish method but I'm having trouble decypting the password. Is there anyone that can over see the problem that I'm having? Sample ecrypted password > $2y$09$Q5klufp7bj6iuBA3dHpz5.fLN1sLzeGKE7nuXKunLMKKvE.rZtSTW Original password > 1234 <?php error_reporting(E_ALL & ~E_NOTICE); session_start(); if(isset ($_SESSION['id'])){ header('location: profile.php'); } else { if($_POST['submit']){ include "connect_prompt/connect_query.php"; $email = mysqli_real_escape_string($db_conx,$_POST['email']); $password_one = $_POST['password_one']; ///////////////// Blow Fish /////////////////////////////////// function cryptPass($input, $rounds = 9){ $salt = ""; $saltChars = array_merge(range('A','Z'),range('a','z'),range(0,9)); for($i = 0; $i < 22; $i++){ $salt .= $saltChars[array_rand($saltChars)]; } return crypt($input, sprintf('$2y$%02d$', $rounds) . $salt); } $password_one = $_POST['password_one']; $password = $_POST['password']; $hashedPass = cryptPass($password); if(crypt($password_one, $hashedPass) == $hashedPass){ ///////////////// Blow Fish /////////////////////////////////// $sql = "SELECT id, email, password FROM customer WHERE email='$email' AND password='$password_one' LIMIT 1"; $query = mysqli_query ($db_conx, $sql); if($query){ $row = mysqli_fetch_row($query); $userID = $row[0]; $db_email = $row[1]; $db_password = $row[2]; } if($email == $db_email && $password_one == $db_password){ $_SESSION['email'] = $email; $_SESSION['id'] = $userID; header("location: profile.php"); } else { echo "Sorry, Username or Password was incorrect"; } } } } ?> <form action="login.php" method="POST"> <input type="email" name="email" id="email" placeholder=" [email protected]" /> <br/><br/> <input type="password" name="password_one" id="password_one" placeholder=" ********" /> <br/><br/> <input type="submit" name="submit" value="SIGN IN" /> </form>
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.