Voodoo Jai Posted March 5, 2008 Share Posted March 5, 2008 Where do I place a MD5 check sum in the following code, I am trying to hide/secure a password posted to a db. <?php // *** Redirect if username exists $MM_flag="MM_insert"; if (isset($_POST[$MM_flag])) { $MM_dupKeyRedirect="register.php"; $loginUsername = $_POST['username']; $LoginRS__query = "SELECT username FROM users WHERE username='" . $loginUsername . "'"; mysql_select_db($database_LostMyMenu_conn, $LostMyMenu_conn); $LoginRS=mysql_query($LoginRS__query, $LostMyMenu_conn) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); //if there is a row in the database, the username was found - can not add the requested username if($loginFoundUser){ $MM_qsChar = "?"; //append the username to the redirect page if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&"; $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername; header ("Location: $MM_dupKeyRedirect"); exit; } } function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue; switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { $insertSQL = sprintf("INSERT INTO users (username, pwd, Name, Email) VALUES (%s, %s, %s, %s)", GetSQLValueString($_POST['username'], "text"), GetSQLValueString($_POST['pwd'], "text"), GetSQLValueString($_POST['Name'], "text"), GetSQLValueString($_POST['Email'], "text")); mysql_select_db($database_LostMyMenu_conn, $LostMyMenu_conn); $Result1 = mysql_query($insertSQL, $LostMyMenu_conn) or die(mysql_error()); $insertGoTo = "Login.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); } mysql_select_db($database_LostMyMenu_conn, $LostMyMenu_conn); $query_Users = "SELECT * FROM users"; $Users = mysql_query($query_Users, $LostMyMenu_conn) or die(mysql_error()); $row_Users = mysql_fetch_assoc($Users); $totalRows_Users = mysql_num_rows($Users); ?> I have already done it with the login page but not sure about register page. Thanks all Jai Quote Link to comment Share on other sites More sharing options...
uniflare Posted March 5, 2008 Share Posted March 5, 2008 you should md5 a password in the sql query. Then when logging in, md5 the password from a submitted form to check the md5 pwd in the db. hope this helps, Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.