05-Oct-2009, 06:47
|
|
New Member
|
|
Join Date: Oct 2009
Posts: 3
|
|
|
Using Salt and Pepper?
Well, I want to make my login more secure by using Salt and Pepper. An encryption thing.
Anyway, I need help adding it to encrypt "Password" on "Login" and "Register".
Login:
PHP Code:
<?php
include "./inc/nliheader.php";
if(isset($_POST['submit'])){
$username = $_POST["username"];
$password = $_POST["password"];
$result = mysql_query("SELECT * FROM `grpgusers` WHERE `username`='$username'") or die ("Name and password not found or not matched");
$worked = mysql_fetch_array($result);
$user_class = new User($worked['id']);
if($worked['password'] == $password){
if($user_class->rmdays > 0){
echo '<meta http-equiv="refresh" content="0;url=./index.php">';
} else {
?>
<tr><td class="contenthead">Welcome To UrbanCity</td></tr>
<tr><td class="contentcontent">
<center>
<br>
<a href="./index.php">Continue to Your Account</a>
<META http-equiv="refresh" content="3;url=./index.php">
</center>
</td></tr>
<?php
}
$_SESSION["id"] = $worked['id'];
die();
} else {
echo Message('Sorry, your username and password combination are invalid.');
}
}
?>
<tr><td class="contenthead">
.: Login
</td></tr>
<tr><td class="contentcontent">
<form name='login' method='post' action='login.php'>
<table width='25%' border='0' align='center' cellpadding='0' cellspacing='0'>
<tr>
<td width='35%' height='27'><font size='2' face='verdana'>Username: </font></td>
<td width='65%'><font size='2' face='verdana'>
<input name='username' type='text' size='22'>
</font></td>
</tr>
<tr>
<td height='24'><font size='2' face='verdana'>Password: </font></td>
<td><font size='2' face='verdana'>
<input name='password' type='password' size='22'>
<br />
</font></td>
</tr>
<tr>
<td> </td>
<td><font size='2' face='verdana'>
<input type='submit' name='submit' value='Login'>
</font></td>
</tr>
</table>
</form>
</td></tr>
<?php
include "./inc/nlifooter.php";
?>
Register:
PHP Code:
<?php
include "./inc/nliheader.php";
if (isset($_POST['submit']))
{
$username =strip_tags($_POST["newname"]);
$signuptime =time();
$password =$_POST["newpass"];
$password2 =$_POST["newpassagain"];
$email =$_POST["email"];
$checkuser =mysql_query("SELECT * FROM `grpgusers` WHERE `username`='$username'");
$username_exist=mysql_num_rows($checkuser);
if ($username_exist > 0)
{
$message.="<div>I'm sorry but the username you chose has already been taken. Please pick another one.</div>";
}
if (strlen($username) < 4 or strlen($username) > 20)
{
$message.="<div>The username you chose has " . strlen($username)
. " characters. You need to have between 4 and 20 characters.</div>";
}
if (strlen($password) < 4 or strlen($username) > 20)
{
$message.="<div>The password you chose has " . strlen($password)
. " characters. You need to have between 4 and 20 characters.</div>";
}
if ($password != $password2)
{
$message.="<div>Your passwords don't match. Please try again.</div>";
}
if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email))
{
$message.="<div>The e-mail address you entered was invalid.</div>";
}
if (!isset($message))
{
$result=mysql_query(
"INSERT INTO `grpgusers` (ip, username, password, email, signuptime, lastactive)" . "VALUES ('"
. $_SERVER['REMOTE_ADDR']
. "', '$username', '$password', '$email', '$signuptime', '$signuptime')");
echo Message(
'Your account has been created successfully! Redirecting to login page in 5 seconds. <meta http-equiv="refresh" content="5;url=login.php">');
if ($_POST['referer'] != "")
{
$result=mysql_query("INSERT INTO `referrals` (`when`, `referrer`, `referred`)" . "VALUES ('$signuptime', '"
. $_POST['referer'] . "', '" . $username . "')");
}
die();
}
}
?>
<?php
if (isset($message))
{
echo Message($message);
}
?>
<tr><td class = "contenthead">
.: Register
</td>
</tr>
<tr><td class = "contentcontent">
<table width = '28%' border = '0' align = 'center' cellpadding = '0' cellspacing = '0'>
<form name = 'register' method = 'post' action = 'register.php'>
<tr>
<td height = '26'><font size = '2' face = 'verdana'>Username: </font></td>
<br>
<td><font size = '2' face = 'verdana'> <input type = 'text' name = 'newname'> </font></td>
</tr>
<tr>
<td height = '28'><font size = '2' face = 'verdana'>Password: </font></td>
<br>
<td><font size = '2' face = 'verdana'> <input type = 'password' name = 'newpass'> </font></td>
</tr>
<tr>
<td height = '28'><font size = '2' face = 'verdana'>Confirm Password: </font></td>
<br>
<td><font size = '2' face = 'verdana'> <input type = 'password' name = 'newpassagain'> </font></td>
</tr>
<tr>
<td height = '26'><font size = '2' face = 'verdana'>Email Address: </font></td>
<br>
<td><font size = '2' face = 'verdana'> <input type = 'text' name = 'email'> </font></td>
</tr>
<tr>
<td> </td>
<td><font size = '2' face = 'verdana'>
<input type = 'hidden' name = 'referer' value = '<?php echo $_GET['referer'] ?>'>
<input type = 'submit' name = 'submit' value = 'Register'> </font></td>
</tr>
</table>
</form>
<br>
<center>
<?php
include "./inc/copyright.php";
?>
<br>
</center>
</td>
</tr>
<?php
include "./inc/nlifooter.php";
?>
Supposedly, all I should do is...
PHP Code:
////////////////////////////
// That's all!
// Now here is some usage instructions:
//
// To get a hash to put into your database (encrypted password)
// include this file and use this function:
// salt('mypassword')
// You can also set a static position and key hash like this:
// salt('mypassword', 15, 'n')
// Options for this is:
// Position must be between 10 and 38
// hash types are 'n' or 'b' where n is sha1 and b is md5
//
// To check a string against a hash from the database:
// pepper('mypass', '8fe5ccb19ba61c4c0873ddc')
// This will return TRUE or FALSE, letting you do the action you
// wish depending on the result.
//
// Both of these functions also have a debug function which works like this:
// salt('mypass', 'a', 'a', 1) (note that a value of 'a' is the same as no value at all in this case
// pepper('mypass', '8fe5ccb19ba61c4c0873ddc', 1)
//
// This will echo the value of all of the variables set.
|
|
Toyota - 2009 May Promotion by Nihal
