Jump to content

Little problem in encrypting passwords (PHP and SQL)

Twister1004

By Twister1004
in PHP Coding Help

 Share

Recommended Posts

Twister1004 Member

Twister1004

Posted
Posted 

Hello everyone! Thanks for reading =)

Objective:
Ok, I'm hosting a server for a game right now, and I'm trying to figure out how to get the passwords in encrypted. I've found out how they do it, but I can't figure out how to make it work.

Problem:
The SQL Is currently not working correctly, it acts like one value does not have a value. 

Error type:
Error in the encryption! You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 2

Encryption type:
Sha1 and concat.

whole code:
[code=php:0]
<?php
mysql_connect('localhost', 'root', 'root'); mysql_select_db('test');
if($_SERVER['REMOTE_ADDR'] != "76.7.105.94"){
echo "You are not allowed to view this page!";
}
?>
<html><head></head>
<body>
<form method="POST" action="">
<input type="text" name="username" />
<input type="text" name="password" />
<input type=submit name=submit />
</form>
<?php
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];

echo $username . "<p></p>";
echo $password . "<br/>";
$sql = mysql_query("INSERT INTO `passwords` (`name`, `password`) 
VALUES (UPPER('".$username."'), SHA1(CONCAT(UPPER('".$username."') , ('".$password."')))") or die("Error in the encryption! " . mysql_error());
}
?>
</body>
</html>

 

Thank you for you help, tips, hints, guiding, etc.

=)

Link to comment
Share on other sites
MadTechie Regular Member

MadTechie

Posted
Posted 

$sql = mysql_query("INSERT INTO `passwords` (`name`, `password`) 
   VALUES (UPPER('".$username."'), SHA1(CONCAT(UPPER('".$username."') , ('".$password."')))") or die("Error in the encryption! " . mysql_error());

 

should be

$sql = mysql_query("INSERT INTO `passwords` (`name`, `password`) 
   VALUES (UPPER('$username'), 'SHA1(CONCAT(UPPER('$username') , ('$password')))') ") or die("Error in the encryption! " . mysql_error())

;

 

But i would recommend using MD5

ie

$sql = mysql_query("INSERT INTO `passwords` (`name`, `password`) 
   VALUES (UPPER('$username'), md5('$password')")) or die("Error in the encryption! " . mysql_error());

Link to comment
Share on other sites
Twister1004 Member

Twister1004

Posted
  • Author
Posted

Omg, thank you! However, the password did not come out correctly. It came out as a whole different thing, however, it was encrypted, but it didn't work. It's not the same.

 

Here, maybe this will help ya get a hint =)

 

http://twistablepie.servegame.com/help

 

That is the full script or the register page from someone else. I just want to be able to make a simple register out of it (without the OOP if you will =) )

 

Could you maybe figure it out? I can't seem to find anything that would be helpful.

 

The username used is test and the password that is used is test.

 

The encryption came out as 3d0d99423e31fcc67a6745ec89d70d700344bc76 .

Link to comment
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted

Ps. If you want the code revamped as provided, Your need to go to the freelance part of this forum, or placed in the 3rd party forum, you might get it done free.

 

The code it self is out off date, But apart from that it is straight froward job.

 

Even better.

 

1 in a million two md5 clash.

 

example md5/sha1/md5

<?php

$name="test"; // variable name
$password="test"; // variable name

$name=md5(sha1(md5($_POST['name']))); // encoded.
$password=md5(sha1(md5($_POST['password']))); //encoded.

$n=strlen($name); // length characters.
$p=strlen($password); //length characters.

//echoed out.
echo  "  char $n Name: $name <br> char $p password: $password";

?>

 

Link to comment
Share on other sites
MadTechie Regular Member

MadTechie

Posted
Posted

Humm the SHA should be 5e5cedf57e5cf4ed008bee8f095a0fc24b0f1c58

Lets try this

<?php
$PreHASH = strtoupper($username)."$password";
echo "TESTING:";
echo sha1($PreHASH);
$sql = mysql_query("INSERT INTO `passwords` (`name`, `password`)
   VALUES (UPPER('$username'), SHA1('$PreHASH') ") or die("Error in the encryption! " . mysql_error());
/*
$sql = mysql_query("INSERT INTO `passwords` (`name`, `password`)
   VALUES (UPPER('$username'), 'SHA1(CONCAT(UPPER('$username') , ('$password')))') ") or die("Error in the encryption! " . mysql_error());
*/
?>

 

Why?  SHA1 is more secure.

But i would recommend using MD5

Okay.. bad recommendation But to be trueful its a only little more secure but its also a little slower, SHA and MD5 are very old

and lets face it.. the someone gains access to the HASH no matter which one you pick, it won't matter lol..

 

ROFL @ redarrow's

$password=md5(sha1(md5($_POST['password']))); //encoded.

Surelly you know that will cause more collisions, encrypting a 160bit password with 128bit password is a bad idea!

 

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.