Results 1 to 6 of 6
  1. #1
    Moderator
    Join Date
    April 6th, 2006
    Posts
    2,689
    Need help with php & user authentication form
    OK, I'm reaching out for help..

    Unrelated to my affiliate sites, I'm finishing up a custom website project for a business association, and hit a wall with some php/mysql code. I inherited a script, and the final piece is to implement password encryption, where there was none. The boyfriend is a developer, but sadly he can't help this weekend (!)

    Here goes.. when an administrator sets up a new account, there are 3 fields in a form - user, email & password.

    I have converted the password field to MD5 hash, which means whatever is typed in the password field has to be encrypted first, and then added to the database.

    The problem is that 4-5 other screens share the same "form processing" script, and I'm having problems isolating my password field (to apply the MD5 hash).

    Best I can see is these 2 lines capture my 3 fields:
    Code:
    if ($qt == update) { $qt = 'UPDATE'; $end = "WHERE ID = '$id'  "; }
    $pre = array_keys( $_POST );
    Does anyone know how to extract my fields from an array..? The script is approx 250 lines, with lots of noise..

    Any help much appreciated!!
    Last edited by teezone; December 7th, 2012 at 05:00 PM. Reason: typo

  2. #2
    Moderator
    Join Date
    April 6th, 2006
    Posts
    2,689
    I think I just came up with a brilliant solution..

    I'm going to remove the password field from the form that I can't figure out - and create a separate form to submit the password in MD5 hash.

    Sometimes writing out the problem helps generate a solution!

  3. #3
    developer+marketer
    Join Date
    June 17th, 2007
    Posts
    7
    A couple things.

    First, DON'T USE MD5! It's not secure in the slightest. I suggest Portable PHP password hashing ("password encryption") framework and use bcrypt.

    Now on to actual code, it looks like it's getting all the POST data ($_POST) and storing it in $pre. I would suggest doing
    Code:
    var_dump($pre);
    and then see how it's storing the form data and get what you need.

  4. #4
    Newbie
    Join Date
    December 19th, 2012
    Location
    London
    Posts
    11
    MD5 might not be enough for protecting credit card info, but for many things it will do right.
    SHA2 is now a good alternative!

  5. #5
    Moderator
    Join Date
    April 6th, 2006
    Posts
    2,689
    Who said anything about credit card info?? It's user/pw for a simple business directory.

    My question had nothing to do with the quality of hash method, it was code-related.

  6. #6
    developer+marketer
    Join Date
    June 17th, 2007
    Posts
    7
    Quote Originally Posted by ukprintfactory View Post
    MD5 might not be enough for protecting credit card info, but for many things it will do right.
    SHA2 is now a good alternative!
    Just so we're not spreading misinformation. MD5 should never be used for passwords. It's not strong enough and it's bad practice to continue using it. MD5 is a file hashing utility. Appropriate use cases would be checking for file integrity/matching. It's fast and the probability of collisions is extremely low. The fast part is what makes it a bad password hashing algorithm.

    Quote Originally Posted by teezone View Post
    Who said anything about credit card info?? It's user/pw for a simple business directory.

    My question had nothing to do with the quality of hash method, it was code-related.
    Did you solve the problem ready or do you still need help?

  7. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Two-step/factor authentication and now locked out...
    By GuardianAngel in forum ShareASale - SAS
    Replies: 3
    Last Post: July 19th, 2014, 11:05 PM
  2. CJ Rest API: Authentication in c#
    By kevinmcc in forum Commission Junction - CJ
    Replies: 3
    Last Post: May 27th, 2010, 11:52 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •