[SOLVED] Some Help With Encryped Login

[jaikob]

Hi,

 

Well Um im really stumped on this one. I've tried everything. This is Dreamweaver generated code, there is a develop package ad-on for dreamweaver, but I don't feal like paying that much for it. if you could help me modify this code to check the database using md5 that would really help my ache here.

 

The database details are:

 

the database is called webapp

the table is users

and the password and username sections of that table are what this code is checking.

Access level checking through Dreamweaver is on here, so there is almost a duplicate code.

 

heres my code. I hope you can help.

<?php require_once('../Connections/BPA.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

mysql_select_db($database_BPA, $BPA);
$query_login = "SELECT * FROM users";
$login = mysql_query($query_login, $BPA) or die(mysql_error());
$row_login = mysql_fetch_assoc($login);
$totalRows_login = mysql_num_rows($login);
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "http://jaikobcreate.com/bpa/user/panel.php";
  $MM_redirectLoginFailed = "https://jaikobcreate.com/bpa/user/login.php?error=Invalid Username Or Password!";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_BPA, $BPA);
  
  $LoginRS__query=sprintf("SELECT username, password FROM users WHERE username=%s AND password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
   
  $LoginRS = mysql_query($LoginRS__query, $BPA) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;    

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "admin";
  $MM_redirectLoginSuccess = "http://jaikobcreate.com/bpa/user/panel.php";
  $MM_redirectLoginFailed = "https://jaikobcreate.com/bpa/user/login.php?error=Invalid Username Or Password!";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_BPA, $BPA);
  	
  $LoginRS__query=sprintf("SELECT username, password, admin FROM users WHERE username=%s AND password=%s",
  GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
   
  $LoginRS = mysql_query($LoginRS__query, $BPA) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
    
    $loginStrGroup  = mysql_result($LoginRS,0,'admin');
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;	
$_SESSION['user'] = $_POST['username'];
$_SESSION['user_id'] = $_POST['username'];	 
  	      

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
<html>
<head>
<title>Welcome To Chicago! - Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="../style.css" rel="stylesheet" type="text/css">
<script src="../Scripts/AC_RunActiveContent.js" type="text/javascript"></script>
</head>
<body bgcolor="#FFFFFF" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<table width="952" height="575" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" class="tblborder" id="Table_01">
<tr>
	<td width="1" height="227">
		<img src="../images/Stage_3_Design_01.jpg" width="1" height="227" alt=""></td>
<td width="949" valign="top"><script type="text/javascript">
AC_FL_RunContent( 'codebase','http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,28,0','width','949','height','227','src','../images/banner','quality','high','pluginspage','http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash','movie','../images/banner' ); //end AC code
</script>
<noscript><object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,28,0" width="949" height="227">
  <param name="movie" value="../images/banner.swf">
  <param name="quality" value="high">
  <embed src="../images/banner.swf" quality="high" pluginspage="http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash" type="application/x-shockwave-flash" width="949" height="227"></embed>
</object></noscript></td>
  </tr>
<tr>
	<td height="67" colspan="2" valign="middle" background="../images/Stage_3_Design_03.jpg">
        
        
        <table width="946" height="62" border="0" align="center" cellpadding="0" cellspacing="0">
          <tr>
            <td align="right" valign="middle">
            
            <div align="center" class="style3">
              <div align="right"><?php include('../navigation.php'); ?></div></td>
          </tr>
          <tr>
            <td><div align="right"><?php include('include.php'); ?></div></td>
          </tr>
        </table></td>
</tr>
<tr>
	<td colspan="2" align="center" valign="top" bgcolor="#FFFFFF" class="footer"><table width="949" height="40" border="0" align="center" cellpadding="0" cellspacing="0" class="norepeat_underheader">
          <tr>
            <td width="949" valign="top">
            
  <p> </p>
  <p> </p>
  <p> </p>
  <table width="322" height="228" border="0" align="center" bgcolor="#475A7B" class="tblborder opacity">
    <tr>
      <td width="314" height="222" valign="top"><p>User Login:</p>
        <form action="<?php echo $loginFormAction; ?>" method="POST" name="login" id="login">
          <label>
          <div align="center"><em>Username:</em> 
            <input name="username" type="text" class="FieldStyle" id="username" size="15">
            <br />
            <em>Password:</em>
            <input name="password" type="password" class="FieldStyle" id="password" size="17">
          <br />
          <label>
          <a href="https://jaikobcreate.com/bpa/user/step1.php" target="_blank">Forgot Your Password?</a>
          <div align="right">
            <input name="button" type="submit" id="button" value="Login">
          </div>
          </label>
</div>
          <div align="center"></div>
          <label>          </label>
        </form>        
        <table width="259" height="33" border="0" align="center" bgcolor="#1B2E4E" class="tblborder">
          <tr>
            <td width="251" align="center"><p>If you are not yet a registered user, please Sign-up now!</p>
              <p><a href="register.php" target="_blank">Register</a> | <a href="https://jaikobcreate.com/bpa/admin">If Your An Admin, Log-in</a></p></td>
          </tr>
        </table>        
        <p align="center" class="style5"><?php echo $_GET['error']; ?></p></td>
    </tr>
  </table>
  <p> </p>
              <p> </p>
              <p> </p>
              <p> </p>
            <p> </p>
            <p> </p>
            <p> </p></td>
          </tr>
        </table>
	<p> </p>
	  <p> </p>
	  <p> </p>
  <p> </p></td>
  </tr>
</table>
<?php include('../footerbar.php'); ?>
</body>
</html>
<?php
mysql_free_result($login);
?>

 

[revraz]

$query = "SELECT * FROM users WHERE username = '$loginUsername' AND password = md5('$password')";

 

That's basically what you need to do.

[redarrow]

what in the database is md5 example password name what m8?

[jaikob]

revraz,

 

I'd have to edit

 

LoginRS__query=sprintf("SELECT username, password FROM users WHERE username=%s AND password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 

 

I get stuck on this. I had an idea i would have to edit this one. Can you Help Me?

 

 

I didn't Really understand what your asking. =[

 

what in the database is md5 example password name what mate?

[jaikob]

Thanks All of You I got it now =]

[revraz]

Great, mark as solved please.