Encrypt password in login script

[Worqy]

Hi.

 

I have made a login script, but I would wan't to encrypt the password.

I followed a tutorial and got this:

login.php

<?php
$password = "secret";

echo $password;
/* displays secret */

$password = sha1($password);

echo $password; 
/* displays e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4 */
?>
<form action="validate.php" method="post">
  <label for="username">Username</label>
  <input type="text" name="username" id="username" />
  <br />
  <label for="password">Password</label>
  <input type="password" name="password" id="password" />
  <br />
  <input type="submit" name="submit" value="Submit" />
</form>
<?php
?>

 

validate.php

 

<?php
include "setup.php";

/* get the incoming ID and password hash */
$username=$_POST['username'];
$password=$_POST['password']; 
$password=md5($password); // Encrypted Password

/* establish a connection with the database */
$server = mysql_connect("$db_host", "$db_username","$db_password");
if (!$server) die(mysql_error());
mysql_select_db("$database");

  
/* SQL statement to query the database */
$query = "SELECT * FROM users WHERE Username = '$username' AND Password = '$password'";

/* query the database */
$result = mysql_query($query);

/* Allow access if a matching record was found, else deny access. */
if (mysql_fetch_row($result))
  echo "Access Granted: Welcome, $username!";
else
  echo "Access Denied: Invalid Credentials.";

mysql_close($server);  
?>

 

Its the line

$password=md5($password); // Encrypted Password

that messes everything up.

If I delete it and login, everything is fine, if I add it it says

Access Denied: Invalid Credentials

 

I need help with this one!

And if someone have time, give me some ideas how to make PHP scripts safer!

 

Regards

Worqy

[ManiacDan]

First of all, you're using sha1 in the first file and md5 in the second.  They are not interchangeable.

 

What you need to do is encrypt the password BEFORE you put it into the database.  That's what they mean.  Delete the rows in the user table you already have, and change your registration script so that it inserts the sha1() value.  That way, when you go to SELECT the sha1() value, it will match.

 

-Dan

[s0c0]

ManiacDan is correct here. 

 

I'd just like to point out that your code is vulnerable to SQL injection, here is a better option for the authentication portion:

 

<?php
include "setup.php";

/* establish a connection with the database */
$server = mysql_connect("$db_host", "$db_username","$db_password");
if (!$server) die(mysql_error());
mysql_select_db("$database");

/* get the incoming ID and password hash */
$username= mysql_real_escape_string($_POST['username']);
$password= mysql_real_escape_string($_POST['password']); 
$password=md5($password); // Encrypted Password
  
/* SQL statement to query the database */
$query = "SELECT * FROM users WHERE Username = '$username' LIMIT 1";
/* query the database */
$result = mysql_query($query);
$r = mysql_fetch_assoc($result);
if($r['Password'] == $password){
echo "Access Granted: Welcome, $username!";
}
else{
echo "Access Denied: Invalid Credentials.";
}
?>

 

This is better because it escapes some bad characters using mysql_real_escape_string (still not completely secure).  Also it forces them to match only the username from the database and then that username record must match the supplied password.  Otherwise I could have hacked into the system sending the following inputs:

 

username: ' OR 1='1

password: ' OR 1='1

 

[Worqy]

First of all, you're using sha1 in the first file and md5 in the second.  They are not interchangeable.

 

What you need to do is encrypt the password BEFORE you put it into the database.  That's what they mean.  Delete the rows in the user table you already have, and change your registration script so that it inserts the sha1() value.  That way, when you go to SELECT the sha1() value, it will match.

 

-Dan

 

Thank you both for your fast reply.

So you mean that insted of storing the username and password in a database I shall store the username and a md5 password?

If for example the password is "12345" is it always encrypted to the same "encryption"?

 

EDIT:

sha1 or md5 encryption? which one is better?

[ManiacDan]

sha1 is better than md5.  Even better, always use a salt:  sha1($password . "someLongStringThatNobodyElseKnows");  That way, even if someone gets a copy of your database, they can't even brute force all the passwords.

 

The key to encrypting passwords is that nobody, not even you, can get the user's plaintext password out of the database.  The database itself needs to be secure even if someone gets a copy of it.

 

-Dan

[geudrik]

To Sumarize:

 

1) You should NEVER had a cleartext pw in a database. A users password will always be stored as a hash. At login, the submitted pw is hashed, and the two hashes compared.

1a) Registration: Username -> Database, Password -> Hashed -> Database

 

2) Make sure you use a salt on your hashes. THIS SALT MUST NEVER CHANGE! Set it as a static variable somewhere and never, ever change it. It WILL break everything.

 

3) Use sha over md5, better yet, use sha2.

[coupe-r]

Can you create a new field in the "users" table that holds the salt?  That way, your salt can be different for each user?