ballouta Posted May 5, 2009 Share Posted May 5, 2009 Hello, I have a table called 'admin' stores two usernames and passwords. The user name is clear where the password is a long string smthg like this: s094fhdg2984032 The login form is like nay login code, it is posted the a file called 'session.php' this file code is: <?php include("database.php"); $uname=addslashes($_POST['username']); $password=addslashes($_POST['password']); if($uname=='' && $password==''){ $msg="Please enter your username and password"; header("Location: ../index.php?msg=$msg"); exit; } $sqlStat="SELECT * FROM admin"; $sqlRes=mysql_query($sqlStat); while($row=mysql_fetch_array($sqlRes)){ $un=stripslashes($row['username']); $pd=stripslashes($row['password']); $hpd=md5($password); if($uname==$un && $hpd==$pd){ $id=stripslashes($row['id']); $time=time(); setcookie("arabbev_001",$id,0,'/'); $sqlStat1="INSERT INTO session VALUES('','$id','$time')"; $sqlRes1=mysql_query($sqlStat1); header("Location: ../main.php"); exit; } } $msg="Invalid username or password"; header("Location: ../index.php?msg=$msg"); exit; ?> if the login was sucesfull, it should go to main.php which begins with: <?php include("common/database.php"); require('common/check_session_main.php'); ?> I don't know what is the username to login, so i inserted in the admin table: username: ballouta password: pass123 but it didn't work!! May you explain please what does session.php make and how it works? How i can login? Many thanks Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted May 5, 2009 Share Posted May 5, 2009 Just a question - why are you adding slashes and stripping them? Also adding pass123 directly into the DB isn't going to work. Why? It's not hashed. Quote Link to comment Share on other sites More sharing options...
gnawz Posted May 5, 2009 Share Posted May 5, 2009 session.php checks the session. Its a session handler to either return the last page visited or check if one is logged in order to determine the rights to give or other. Check if the database details, esp password are encrypted and perhaps need decryption Quote Link to comment Share on other sites More sharing options...
ballouta Posted May 5, 2009 Author Share Posted May 5, 2009 thanks where is the encryption code? and how do I reverse it so i know what was my old password? or at least add a new username and password? Thank you Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted May 5, 2009 Share Posted May 5, 2009 What do you mean where's the encryption code? You used md5 in the code so I assume you use that. Quote Link to comment Share on other sites More sharing options...
ballouta Posted May 5, 2009 Author Share Posted May 5, 2009 yes this is what i was looking for md5. how i can decrypt the password is there a function? thanks Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted May 5, 2009 Share Posted May 5, 2009 You don't. If you could, people would be hacking too easily. You can and are recommended to encrypt the password before storing it into the DB. Quote Link to comment Share on other sites More sharing options...
revraz Posted May 5, 2009 Share Posted May 5, 2009 MD5 is not an encryption, it's a hash. Quote Link to comment Share on other sites More sharing options...
gnawz Posted May 5, 2009 Share Posted May 5, 2009 Remove the md5 hashing first from your script (registration page and access management page) so you can be able to access the system with data you enter directly in the MySQl db Then when you are done, return that hashing so u can register a new account. otherwise, the hashing can be removed from any page where it is being used-not advisable though Quote Link to comment Share on other sites More sharing options...
ballouta Posted May 5, 2009 Author Share Posted May 5, 2009 thank you gnawz I will remove it and try to login If i use the md5 function to encrypt a new password, for example pass123, am i able to store the hased value in the DB and login using pass123? Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted May 5, 2009 Share Posted May 5, 2009 thank you gnawz I will remove it and try to login If i use the md5 function to encrypt a new password, for example pass123, am i able to store the hased value in the DB and login using pass123? Read revraz's post. md5 hashes a string. The difference between hashing and encryption is that in encryption, you can decrypt it, but once something is hashed, it can't be reverted. And yes. If you md5 your pass123 and store that in your DB, you should be able to log in provided that you put back the md5() function gnawz told you to take out. Quote Link to comment Share on other sites More sharing options...
gnawz Posted May 5, 2009 Share Posted May 5, 2009 md5 is a hash, please note as Ken2k7 has explained. What I think is that since this fellow says they are new to PHP, then maybe its the typing but they understand Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.