Twister1004 Posted December 28, 2008 Share Posted December 28, 2008 Hello everyone! Thanks for reading =) Objective: Ok, I'm hosting a server for a game right now, and I'm trying to figure out how to get the passwords in encrypted. I've found out how they do it, but I can't figure out how to make it work. Problem: The SQL Is currently not working correctly, it acts like one value does not have a value. Error type: Error in the encryption! You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 2 Encryption type: Sha1 and concat. whole code: [code=php:0] <?php mysql_connect('localhost', 'root', 'root'); mysql_select_db('test'); if($_SERVER['REMOTE_ADDR'] != "76.7.105.94"){ echo "You are not allowed to view this page!"; } ?> <html><head></head> <body> <form method="POST" action=""> <input type="text" name="username" /> <input type="text" name="password" /> <input type=submit name=submit /> </form> <?php if(isset($_POST['submit'])){ $username = $_POST['username']; $password = $_POST['password']; echo $username . "<p></p>"; echo $password . "<br/>"; $sql = mysql_query("INSERT INTO `passwords` (`name`, `password`) VALUES (UPPER('".$username."'), SHA1(CONCAT(UPPER('".$username."') , ('".$password."')))") or die("Error in the encryption! " . mysql_error()); } ?> </body> </html> Thank you for you help, tips, hints, guiding, etc. =) Quote Link to comment https://forums.phpfreaks.com/topic/138669-little-problem-in-encrypting-passwords-php-and-sql/ Share on other sites More sharing options...
MadTechie Posted December 28, 2008 Share Posted December 28, 2008 $sql = mysql_query("INSERT INTO `passwords` (`name`, `password`) VALUES (UPPER('".$username."'), SHA1(CONCAT(UPPER('".$username."') , ('".$password."')))") or die("Error in the encryption! " . mysql_error()); should be $sql = mysql_query("INSERT INTO `passwords` (`name`, `password`) VALUES (UPPER('$username'), 'SHA1(CONCAT(UPPER('$username') , ('$password')))') ") or die("Error in the encryption! " . mysql_error()) ; But i would recommend using MD5 ie $sql = mysql_query("INSERT INTO `passwords` (`name`, `password`) VALUES (UPPER('$username'), md5('$password')")) or die("Error in the encryption! " . mysql_error()); Quote Link to comment https://forums.phpfreaks.com/topic/138669-little-problem-in-encrypting-passwords-php-and-sql/#findComment-725008 Share on other sites More sharing options...
revraz Posted December 28, 2008 Share Posted December 28, 2008 Why? SHA1 is more secure. But i would recommend using MD5 Quote Link to comment https://forums.phpfreaks.com/topic/138669-little-problem-in-encrypting-passwords-php-and-sql/#findComment-725018 Share on other sites More sharing options...
Twister1004 Posted December 28, 2008 Author Share Posted December 28, 2008 Omg, thank you! However, the password did not come out correctly. It came out as a whole different thing, however, it was encrypted, but it didn't work. It's not the same. Here, maybe this will help ya get a hint =) http://twistablepie.servegame.com/help That is the full script or the register page from someone else. I just want to be able to make a simple register out of it (without the OOP if you will =) ) Could you maybe figure it out? I can't seem to find anything that would be helpful. The username used is test and the password that is used is test. The encryption came out as 3d0d99423e31fcc67a6745ec89d70d700344bc76 . Quote Link to comment https://forums.phpfreaks.com/topic/138669-little-problem-in-encrypting-passwords-php-and-sql/#findComment-725019 Share on other sites More sharing options...
redarrow Posted December 28, 2008 Share Posted December 28, 2008 Ps. If you want the code revamped as provided, Your need to go to the freelance part of this forum, or placed in the 3rd party forum, you might get it done free. The code it self is out off date, But apart from that it is straight froward job. Even better. 1 in a million two md5 clash. example md5/sha1/md5 <?php $name="test"; // variable name $password="test"; // variable name $name=md5(sha1(md5($_POST['name']))); // encoded. $password=md5(sha1(md5($_POST['password']))); //encoded. $n=strlen($name); // length characters. $p=strlen($password); //length characters. //echoed out. echo " char $n Name: $name <br> char $p password: $password"; ?> Quote Link to comment https://forums.phpfreaks.com/topic/138669-little-problem-in-encrypting-passwords-php-and-sql/#findComment-725020 Share on other sites More sharing options...
MadTechie Posted December 29, 2008 Share Posted December 29, 2008 Humm the SHA should be 5e5cedf57e5cf4ed008bee8f095a0fc24b0f1c58 Lets try this <?php $PreHASH = strtoupper($username)."$password"; echo "TESTING:"; echo sha1($PreHASH); $sql = mysql_query("INSERT INTO `passwords` (`name`, `password`) VALUES (UPPER('$username'), SHA1('$PreHASH') ") or die("Error in the encryption! " . mysql_error()); /* $sql = mysql_query("INSERT INTO `passwords` (`name`, `password`) VALUES (UPPER('$username'), 'SHA1(CONCAT(UPPER('$username') , ('$password')))') ") or die("Error in the encryption! " . mysql_error()); */ ?> Why? SHA1 is more secure. But i would recommend using MD5 Okay.. bad recommendation But to be trueful its a only little more secure but its also a little slower, SHA and MD5 are very old and lets face it.. the someone gains access to the HASH no matter which one you pick, it won't matter lol.. ROFL @ redarrow's $password=md5(sha1(md5($_POST['password']))); //encoded. Surelly you know that will cause more collisions, encrypting a 160bit password with 128bit password is a bad idea! Quote Link to comment https://forums.phpfreaks.com/topic/138669-little-problem-in-encrypting-passwords-php-and-sql/#findComment-725075 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.