Jump to content

Password Encryption Help? (Noob)

Nolam

By Nolam
in PHP Coding Help

 Share

Recommended Posts

Nolam Newbie

Nolam

Posted
Posted

I'm sorry if this seems like a stupid question, but I'm having trouble with this encryption and I'm a real noob at PHP.

 

This is for a registration form going into a mysql DB for integration with a gaming server that must use a Whirlpool Salt Hash encryption.

 

These are the variables for my form:

 

userPassword

userName

userEmail

 

This was my original encryption script (MD5)

$_POST['userPassword'] = md5($_POST['userPassword']);

 

This is the function that I am given to integrate into my website system:

function encryptPassword($password) {
$salt = substr(hash('whirlpool', uniqid(rand(), true)), 0, 12);
$hash = hash('whirlpool', $salt . $password);
$saltPos = (strlen($password) >= strlen($hash) ? strlen($hash) : strlen($password));
return substr($hash, 0, $saltPos) . $salt . substr($hash, $saltPos);
}

 

I've tried inserting the variable $_POST['userPassword'] in place for $password, but it gives me errors...

 

I'm stuck here, could someone show me how to properly integrate this? I think the problem isn't getting the password into the function but catching the returned variable :(

 

Sorry for my noobishnness,

-Nolam

 

 

EDIT:

 

I'm also given this for the login page to check the hash. If you could help me with this it would be greatly appreciated to. Thanks!!!

 

function checkPassword($realPass, $checkPass) {
//check for old encryption (md5 or whirlpool)
if (strlen($realPass) == 32 || strlen($realPass) == 128) {
	$hash = (strlen($realPass) == 32 ? md5($checkPass) : hash('whirlpool', $checkPass));
	if ($realPass == $hash) {
		// change password to new encryption?
		return true;
	} else
		return false;
}

// xAuth 2 encryption
$saltPos = (strlen($checkPass) >= strlen($realPass) ? strlen($realPass) : strlen($checkPass));

// extract salt
$salt = substr($realPass, $saltPos, 12);

$hash = hash('whirlpool', $salt . $checkPass);
return substr($hash, 0, $saltPos) . $salt . substr($hash, $saltPos) == $realPass;
}

Link to comment
https://forums.phpfreaks.com/topic/249215-password-encryption-help-noob/
Share on other sites
freelance84 Advanced Member

freelance84

Posted
Posted

So what happens with (NB if you encode your php code in [ php] [ /php] tags, it is easier to read)

$password = 'someString';

function encryptPassword($password) {
$salt = substr(hash('whirlpool', uniqid(rand(), true)), 0, 12);
$hash = hash('whirlpool', $salt . $password);
$saltPos = (strlen($password) >= strlen($hash) ? strlen($hash) : strlen($password));
return substr($hash, 0, $saltPos) . $salt . substr($hash, $saltPos);
}

$saltedPassword = encryptPassword($password);

The function should return a value into the variable nameds 'saltedpassword'

 

 

 

Nolam Newbie

Nolam

Posted
  • Author
Posted

So what happens with (NB if you encode your php code in [ php] [ /php] tags, it is easier to read)

$password = 'someString';

function encryptPassword($password) {
$salt = substr(hash('whirlpool', uniqid(rand(), true)), 0, 12);
$hash = hash('whirlpool', $salt . $password);
$saltPos = (strlen($password) >= strlen($hash) ? strlen($hash) : strlen($password));
return substr($hash, 0, $saltPos) . $salt . substr($hash, $saltPos);
}

$saltedPassword = encryptPassword($password);

The function should return a value into the variable nameds 'saltedpassword'

 

Oh sorry, I couldn't find a php button on the post besides the manual one.

 

So should I then set

 

$_POST['userPassword'] = $password

Above the function, and then

$_POST['userPassword'] = $saltedPassword

below?

 

 

Oh and sorry Pikachu, it wasn't that I actually got errors output, but in Dreamweaver when I was writing it, it would say "You have a syntax error on line __, please correct the issue before your code will work", so my guess was that it was formatting.

freelance84 Advanced Member

freelance84

Posted
Posted

 

I would have a read through this tutorial first http://www.phpfreaks.com/tutorial/php-security

 

Then it sounds like you need a crash course in the basics of php, i found this book pretty good : http://www.amazon.co.uk/Learning-MySQL-JavaScript-Step---Step/dp/0596157134/ref=sr_1_1?ie=UTF8&qid=1318776880&sr=8-1 )

 

 

But essentially, the password you are getting from the $_POST goes through the function and comes out the other end altered. It is then this altered password that you are trying to match against the value stored in you db.

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.