md5 help..

[flashguy82]

Hey,

I need some help knowing how to use md5 for my login/sign up page, PHP isn't my thing so any help would be appreciated. Here's my code, i just need to know where and how to use the md5 encryption (although any other comments on security would be v helpfull to ;o) ), need anything else just ask. Thanks for any help in advance.


<?php
// *** Redirect if username exists
$MM_flag="MM_insert";
if (isset($_POST[$MM_flag])) {
  $MM_dupKeyRedirect="userexists.php";
  $loginUsername = $_POST['Username'];
  $LoginRS__query = "SELECT Username FROM users WHERE Username='" . $loginUsername . "'";
  mysql_select_db($database_fitnessdatabase, $fitnessdatabase);
  $LoginRS=mysql_query($LoginRS__query, $fitnessdatabase) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);

  //if there is a row in the database, the username was found - can not add the requested username
  if($loginFoundUser){
    $MM_qsChar = "?";
    //append the username to the redirect page
    if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
    $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername;
    header ("Location: $MM_dupKeyRedirect");
    exit;
  }
}

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;   
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO users (Username, Password, FirstName, LastName, EmailAddress, `Admin`, Allowed, UserTypeID) VALUES (%s, %s, %s, %s, %s, %s, %s, %s)",
                      GetSQLValueString($_POST['Username'], "text"),
                      GetSQLValueString($_POST['Password'], "text"),
                      GetSQLValueString($_POST['FirstName'], "text"),
                      GetSQLValueString($_POST['LastName'], "text"),
                      GetSQLValueString($_POST['EmailAddress'], "text"),
                      GetSQLValueString(isset($_POST['Admin']) ? "true" : "", "defined","1","0"),
                      GetSQLValueString(isset($_POST['Allowed']) ? "true" : "", "defined","1","0"),
                      GetSQLValueString($_POST['UserTypeID'], "int"));

  mysql_select_db($database_fitnessdatabase, $fitnessdatabase);
  $Result1 = mysql_query($insertSQL, $fitnessdatabase) or die(mysql_error());
}
$currentPage = $_SERVER["PHP_SELF"];
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['Username'])) {
  $loginUsername=$_POST['Username'];
  $password=$_POST['Password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "postreview.php";
  $MM_redirectLoginFailed = "loginfailed.php";
  $MM_redirecttoReferrer = true;
  mysql_select_db($database_fitnessdatabase, $fitnessdatabase);
 
  $LoginRS__query=sprintf("SELECT Username, Password, UserID FROM users WHERE Username='%s' AND Password='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
 
  $LoginRS = mysql_query($LoginRS__query, $fitnessdatabase) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
    $loginStrGroup = "";
   
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;      
    $_SESSION['MM_UserID'] = mysql_result($LoginRS,0,'UserID');
    if (isset($_SESSION['PrevUrl']) && true) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

[shocker-z]

basicaly all you need to do is change both

$_POST['Password'];

to

md5($_POST['Password']);

and then that means you insert an md5'd password in and also check if the users password as md5 is equal to the md5 password in the database.

Regards
Liam

[hackerkts]

You use md5() when you storing the user's password, and in the login script you need to put encrypt it with md5 function when user typed their password.

Example of how you use it,
[code]
<?php echo md5("Hello"); ?>
[/code]

[brown2005]

should you always use md5() to encrypt passwords?

[corbin]

Its my personal favorite... Theres some other methods but md5 is the most common...

[brown2005]

cool

[radalin]

And also do not trust the user as it will enter always the RIGHT data!
Right the moment your code is open to the sql injection instead of believing that the user will enter right datas verify that they don't. Instead of:
[code]

$loginUsername = $_POST['Username'];

[/code]

use

[code]

$loginUsername = mysql_real_escape_string($_POST['Username']);

[/code]

(I do not exactly remember the function's name but it's something like that.)

[redarrow]

http://phpsec.org/articles/2005/password-hashing.html

read up on this please as salt is the best way

[flashguy82]

Cool, this is really usefull thanks for all the help  :D

[brown2005]

so you are saying dont use md5() but use salt

[redarrow]

use them both together read the link.

[brown2005]

o yeah i see it now so use

<?php

define('SALT_LENGTH', 9);

function generateHash($plainText, $salt = null)
{
    if ($salt === null)
    {
        $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
    }
    else
    {
        $salt = substr($salt, 0, SALT_LENGTH);
    }

    return $salt . sha1($salt . $plainText);
}

?>

[brown2005]

wasnt looking properly