Jump to content

Encrypting


dizzleboi1

Recommended Posts

i have just set up my login in form and found that the way the password is encrypted when users sign up effects how it is when they try to log on meaning they can only log on seeing they copy the encrypted password from the database instead of just being able to use there own which is bad here is my register source

 

register.php

<?php
error_reporting(E_ALL);
include_once "functions.php";

connect();

if(!isset($_POST['submit'])){
   echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
   echo "<form method=\"post\" action=\"register.php\">\n";
   echo "<tr><td colspan=\"2\" align=\"center\">Registration Form</td></tr>\n";
   echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
   echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
   echo "<tr><td>Confirm</td><td><input type=  \"password\" name=\"passconf\"></td></tr>\n";
   echo "<tr><td>E-Mail</td><td><input type=\"text\" name=\"email\"></td></tr>\n";
   echo "<tr><td>Name</td><td><input type=\"text\" name=\"name\"></td></tr>\n";
   echo "<tr><td>AIM Address</td><td><input type=\"text\" name=\"aim\"></td></tr>\n";   
   echo "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"Register\"></td></tr>\n";
   echo "</form></table>\n"; 

}
else {
    $username = protect($_POST['username']);
    $password = protect($_POST['password']);
    $confirm = protect($_POST['passconf']);
    $email = protect($_POST['email']);
    $name = protect($_POST['name']);
    $aim = protect($_POST['aim']); 
   
    $errors = array();
   
        if(!$username){
            $errors[] = "Username is not defined!";
      }   
      
         if(!$password){
            $errors[] = "Password is not defined!";
      }

        if(!$password){
           if(!$confirm){
            $errors[] = "Confirmation password is not defined!";
           }
      }

      if(!$email){
         $errors[] = "Email is not defined!";   
      }
     
      if(!$name){
            $errors[] = "Name is not defined!";
      }
         
      If (!$aim){
          $errors[] = "AIM Screename is not defined!";
      }
      
      If ($username) {
          if(!ctype_alnum($username)){
          $errors[] = "Username can only contain numbers and letters!";
          }
          }
          $range = range(1,31);
          if(!in_array(strlen($username),$range)){
      	  $errors[] = "Username must be between 1 and 32 characters!";
           }
         
     
        
           if($password && $confirm){
           if ($password != $confirm){ 
           $errors[] = "Passwords do not match!";
           }     
   }
   
   if($email){
   	   $checkemail = "/^[a-z0-9+([_\\.-][a-z0-9]+([\.-\[a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i";  
   	   if(!preg_match($checkemail, $email)){
		   $errors[] = "E-mail is not valid, must be [email protected]";
		}
       }     
       
       if($name){
	   $range2 = range(1,64);
	   if(!in_array(strlen($name),$range2)){ 
               $errors[] = "Your name must be between 3 to and characters!";
             }
        }      
        
        if($aim){
		$range3 = range(3,16);
		if(!in_array(strlen($aim),$range3)){
		    $errors[] = "Your AIM screename must be between 3 and 16 charecters!";
		 }
	}	  		

	if($username){
		$sql = "SELECT * FROM `users` WHERE `username`='{$username}'";
		$res = mysql_query($sql) or die(mysql_error());
             
            if(mysql_num_rows($res) > 0) {
			    $errors[] = "The username you supplied is already in use!";

         	}
       }
	   
	   if($email){
	   	   $sql2 = "SELECT * FROM `users` WHERE `email`='{$email}'";
		   $res2 = mysql_query($sql2) or die(mysql_error());
		   
		       if(mysql_num_rows($res2) > 0){
			   	   $errors[] = "The email you supplied is already in use of another user!";
			}		  
		}

		if($aim){
			$sql3 = "SELECT * FROM `users` WHERE `aim`='{$aim}'";
			$res3 = mysql_query($sql3) or die(mysql_error());

			    if(mysql_num_rows($res3) > 0){
			    	$errors[] = "The AIM screename you supplied is already in use of another user!";
		        }
		 } 
		  
		  if(count($errors) > 0){
		  	  foreach($errors AS $error){
					echo $error . "<br>\n";
			 }					        	 
	     }else {
	     	$sql4 = "INSERT INTO `users`
                       (`username`,`password`,`email`,`name`,`aim`) VALUES
                     ('$username','".md5($password)."','$email','$name','$aim');";
	         $res4 = mysql_query($sql4) or die(mysql_error());  
			 echo "You have sucessfully registered!</br>
			 Username:<b>{$username}</b></br>
			 Password:<b>{$password}</b></br>
			 E-mail:<b>{$email}</b></br>
			 AIM:<b>{$aim}</b></br>
			 Name:<b>{$name}</b></br>";
			   

		    } 
      	  

}

      

?>   

 

 

i think the main part is the .md5 how do i make it in a way so i can encrypt the password but still be able to use a password i created

Link to comment
https://forums.phpfreaks.com/topic/96105-encrypting/
Share on other sites

You could, of course, make your own function for added security. Ex:

<?php
function myEncryption($string)
{
	$string = md5($string);
	$string = sha1($string);		
	$string = sha1($string);
	$string = md5($string);
	return $string;
}
?>

This will md5, then sha, and sha that, then md5 it again.

Link to comment
https://forums.phpfreaks.com/topic/96105-encrypting/#findComment-492036
Share on other sites

How would that be the case? Neither md5 nor sha1 can be decoded, so there is no way of finding the string anyway.

 

How about adding both encryptions?

<?php
function myEncryption($string)
{
	$string = md5($string) . sha1($string);
	$string = md5($string); // or sha1, depends on your person preference.
	return $string;
}
?>

Link to comment
https://forums.phpfreaks.com/topic/96105-encrypting/#findComment-492064
Share on other sites

sha1 can be decoded - kind of. Its been cracked, but it needs a crazy supercomputer.

 

Anyways, here's the thread:

 

http://www.phpfreaks.com/forums/index.php/topic,186872.0.html

 

skip down towards the end of the first page, thats where the talk starts.

Thanks, saves having two threads for arguing :o)
Link to comment
https://forums.phpfreaks.com/topic/96105-encrypting/#findComment-492082
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.