[SOLVED] MD5 Problem

[maxudaskin]

http://www.virtualzoom.net/include/login2.php

 

use 1234 as the Username (test is the pass)

 

Why does it add the second set of encrypted data to it?

 

<?php
function confirmUser($username, $password){

   global $con;
   if(!get_magic_quotes_gpc()) {
$username = addslashes($username);
   }
$dbserver = "";
$dbname = "";
$dbuser = "";
$dbpass = "";
$con = mysql_connect($dbserver, $dbuser, $dbpass) or trigger_error(mysql_error(),E_USER_ERROR);
mysql_select_db($dbname,$con);
   $q = "select * from users where pid = '$username'";
   $result = mysql_query($q,$con);
   $row = mysql_fetch_array($result);
   echo "Password (DB)";
   echo "<br>";
   echo $row["pass"];
   echo "<br>";
   echo "Password (Form)";
   echo "<br>";
   echo $password;
   echo "<br>";
   echo "Un-Encrypted Form Password";
   echo "<br>";
   echo $_POST['pass'];
   echo "<br>";
   if(!$result || (mysql_numrows($result) < 1)){
      return 1; 
   }

   $password = stripslashes($password);

   if($password == $row["pass"]){
      return 0; 
   }
   else{
      return 2; 
   }
}

function checkLogin(){
   if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
      $_SESSION['username'] = $_COOKIE['cookname'];
      $_SESSION['password'] = $_COOKIE['cookpass'];
   }
   if(isset($_SESSION['username']) && isset($_SESSION['password'])){
      if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
         unset($_SESSION['username']);
         unset($_SESSION['password']);
         return false;
      }
      return true;
   }
   else{
      return false;
   }
}

function displayLogin(){
   global $logged_in;
   if($logged_in){
      echo "<h1>Logged In!</h1>";
      echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>";
   }
   else{
?>

<h1>Login</h1>
<form action="" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr>
<tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr>
<tr><td colspan="2" align="left"><input type="checkbox" name="remember">
<font size="2">Remember me next time</td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr>
<tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr>
</table>
</form>

<?php
   }
}



if(isset($_POST['sublogin'])){
   if(!$_POST['user'] || !$_POST['pass']){
      die('You didn\'t fill in a required field.');
   }
   $_POST['user'] = trim($_POST['user']);
   if(strlen($_POST['user']) > 30){
      die("Sorry, the username is longer than 30 characters, please shorten it.");
   }

   $formpass = $_POST['pass'];
   $md5pass = md5($formpass);
   $result = confirmUser($_POST['user'], $md5pass);

   if($result == 1){
      die('That username doesn\'t exist in our database.');
   }
   else if($result == 2){
      die('Incorrect password, please try again.');
   }

   $_POST['user'] = stripslashes($_POST['user']);
   $_SESSION['username'] = $_POST['user'];
   $_SESSION['password'] = $md5pass;

   if(isset($_POST['remember'])){
      setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
      setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
   }

   echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[php_SELF]\">";
   return;
}

$logged_in = checkLogin();
displayLogin();
?>

[JayBachatero]

You are sending $md5pass to the confirmUser function.  Should send $formpass instead.

 

$result = confirmUser($_POST['user'], $md5pass);

[maxudaskin]

nope... it converts to MD5, then adds something converted to MD5 onto it

[maxudaskin]

For future reference, I had to do this to correct the length of the MD5 String.

 

if(strlen($pass)>16{
$pass = md5($_REQUEST['pass']);
$pass2 = str_split($pass,16);
$md5pass = current($pass2);
}