md5 function how to..?

  • pureone_36
  • Novice
  • Novice
  • pureone_36
  • Posts: 24
  • Loc: earth

Post 3+ Months Ago

ok i need a bit of help on my script


Code: [ Select ]
<?php

// This script is intended to accept a username and password and then
// check that against a database file

// First define the name of the database file here, so it is easy to change
$databasefile = "database.txt";

// Here we define the target locations for success and failure
$successurl    =    "http://www.google.com";
$failedurl    =    "http://www.yahoo.com";

// Here we set a variable that controls if error messages will be shown
$showerrors    =    TRUE;

// Then set a control variable that will signal failure or success
// We will assume failure so only when there is a match access is allowed
$match    =    FALSE;


// Now we start doing a whole bunch of checks, before we start the real work

// First check if the username and password parameters are available at all.
// These parameters are expected to be POSTED from an html form, so we will
// look in the $_POST array for them.
$username    =    $_POST["username"];
$password    =    $_POST["password"];

if ($username    ==    ""    || $password    ==    "")
    {
    // The username or password was not provided, show error message
    if ($showerrors)    print("Username or password were not provided.<br />");
    }
else
    {
    // The username and password were provided, now check if the database
    // file actually exists.
    if (!file_exists($databasefile))
        {
        // The database file does not exist, show error message
        if ($showerrors)    print("Database file " . $databasefile . " not found.<br />");
        }
    else
        {
        // The database file does exist, so read it
        $lines    =    file($databasefile);
        // Count the number of lines in the lines array
        $linecount    =    count($lines);
        // Check if there is at least one line
        if ($linecount    <    1)
            {
            // No lines were found in the lines array, show error message
            if ($showerrors)    print("No lines found in database file " . $databasefile . ".<br />");
            }
        else
            {
            // At least one line was found in the lines array, go through them
            for ($i = 0; $i < $linecount; $i++)
                {
                // Split the current line into parts on the semicolon
                $parts    =    explode(";",$lines[$i]);
                // There are supposed to be TWO parts, the username and password
                $partcount    =    count($parts);
                if ($partcount    !=    2)
                    {
                    // The number of parts was NOT two, show error message
                    if ($showerrors)    print("The number of parts in line " . $i . " is " . $partcount . ".<br />");
                    }
                else
                    {
                    // The number of parts IS two, strip spaces from the parts
                    $parts[0]    =    trim($parts[0]);
                    $parts[1]    =    trim($parts[1]);

                    // Now we finally can compare the input to these parts
                    if ($parts[0]    ==    $username    &&    $parts[1]    ==    $password)
                        {
                        // Username AND password correct, we have got a match
                        $match    =    TRUE;
                        // Break out of the for loop to stop going through the lines
                        break;
                        }
                    }
                } // The for loop ends here
                
            // Check if there was a match
            if ($match    ==    FALSE)
                {
                // There was no match, go to failed url
                header("Location: " . $failedurl);
                }
            else
                {
                // There was a match, go to the success url
                header("Location: " . $successurl);
                }
            }
        }
    }


?>
  1. <?php
  2. // This script is intended to accept a username and password and then
  3. // check that against a database file
  4. // First define the name of the database file here, so it is easy to change
  5. $databasefile = "database.txt";
  6. // Here we define the target locations for success and failure
  7. $successurl    =    "http://www.google.com";
  8. $failedurl    =    "http://www.yahoo.com";
  9. // Here we set a variable that controls if error messages will be shown
  10. $showerrors    =    TRUE;
  11. // Then set a control variable that will signal failure or success
  12. // We will assume failure so only when there is a match access is allowed
  13. $match    =    FALSE;
  14. // Now we start doing a whole bunch of checks, before we start the real work
  15. // First check if the username and password parameters are available at all.
  16. // These parameters are expected to be POSTED from an html form, so we will
  17. // look in the $_POST array for them.
  18. $username    =    $_POST["username"];
  19. $password    =    $_POST["password"];
  20. if ($username    ==    ""    || $password    ==    "")
  21.     {
  22.     // The username or password was not provided, show error message
  23.     if ($showerrors)    print("Username or password were not provided.<br />");
  24.     }
  25. else
  26.     {
  27.     // The username and password were provided, now check if the database
  28.     // file actually exists.
  29.     if (!file_exists($databasefile))
  30.         {
  31.         // The database file does not exist, show error message
  32.         if ($showerrors)    print("Database file " . $databasefile . " not found.<br />");
  33.         }
  34.     else
  35.         {
  36.         // The database file does exist, so read it
  37.         $lines    =    file($databasefile);
  38.         // Count the number of lines in the lines array
  39.         $linecount    =    count($lines);
  40.         // Check if there is at least one line
  41.         if ($linecount    <    1)
  42.             {
  43.             // No lines were found in the lines array, show error message
  44.             if ($showerrors)    print("No lines found in database file " . $databasefile . ".<br />");
  45.             }
  46.         else
  47.             {
  48.             // At least one line was found in the lines array, go through them
  49.             for ($i = 0; $i < $linecount; $i++)
  50.                 {
  51.                 // Split the current line into parts on the semicolon
  52.                 $parts    =    explode(";",$lines[$i]);
  53.                 // There are supposed to be TWO parts, the username and password
  54.                 $partcount    =    count($parts);
  55.                 if ($partcount    !=    2)
  56.                     {
  57.                     // The number of parts was NOT two, show error message
  58.                     if ($showerrors)    print("The number of parts in line " . $i . " is " . $partcount . ".<br />");
  59.                     }
  60.                 else
  61.                     {
  62.                     // The number of parts IS two, strip spaces from the parts
  63.                     $parts[0]    =    trim($parts[0]);
  64.                     $parts[1]    =    trim($parts[1]);
  65.                     // Now we finally can compare the input to these parts
  66.                     if ($parts[0]    ==    $username    &&    $parts[1]    ==    $password)
  67.                         {
  68.                         // Username AND password correct, we have got a match
  69.                         $match    =    TRUE;
  70.                         // Break out of the for loop to stop going through the lines
  71.                         break;
  72.                         }
  73.                     }
  74.                 } // The for loop ends here
  75.                 
  76.             // Check if there was a match
  77.             if ($match    ==    FALSE)
  78.                 {
  79.                 // There was no match, go to failed url
  80.                 header("Location: " . $failedurl);
  81.                 }
  82.             else
  83.                 {
  84.                 // There was a match, go to the success url
  85.                 header("Location: " . $successurl);
  86.                 }
  87.             }
  88.         }
  89.     }
  90. ?>



i get no errrors with this script but i want to know how do i make it check the part[1] as a md5 everything i have tryed is useless it either sends me to the success url because the user names right and any password will do or it sends me to the fail no matter what i enter
thanks for any help that comes
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

right offhand, you need to do some more with every one of your "if"s. In your error checking, you currently have:
PHP Code: [ Select ]
   if ($showerrors)   print("Username or password were not provided.<br />");

where you should have:
PHP Code: [ Select ]
if ($showerrors){
 
   print("Username or password were not provided.<br />");
 
} else {
 
   header("Location: " . $failedurl);
 
      #   or try again: Comment out whichever you don't want
 
   header("Location: ".$_SERVER[HTTP_REFERER]);
 
}
  1. if ($showerrors){
  2.  
  3.    print("Username or password were not provided.<br />");
  4.  
  5. } else {
  6.  
  7.    header("Location: " . $failedurl);
  8.  
  9.       #   or try again: Comment out whichever you don't want
  10.  
  11.    header("Location: ".$_SERVER[HTTP_REFERER]);
  12.  
  13. }

Your bracketing seems off too. Format your code like I did above and it'll give you a clearer view of what you're doing.

Also, you may want to set $showerrors = 1, then write your ifs as
PHP Code: [ Select ]
if($showerrors == 1){


hth
This


*edit*
btw - I do realize PHP can handle an if as a statement, but the more explicit you are with your code, the less your chance of failure - so I always put them in blocks.
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

Just thought I'd follow up with your md5 question.

You should be md5ing the $password when it gets input, and store your password ($part[1]) as an md5. This way, you don't have to md5 $part[1] when you read it into the script, just md5 $password and compare the two.

the syntax is, quite simply:
$password = md5($password);

You could also make a short script to show you the md5'd password if you need to generate one to store, like so:
PHP Code: [ Select ]
<?PHP
 
$mypass = 'The Password';
 
$mypass = md5($mypass);
 
echo $mypass;
 
exit;
 
?>
  1. <?PHP
  2.  
  3. $mypass = 'The Password';
  4.  
  5. $mypass = md5($mypass);
  6.  
  7. echo $mypass;
  8.  
  9. exit;
  10.  
  11. ?>

Post Information

  • Total Posts in this topic: 3 posts
  • Users browsing this forum: No registered users and 100 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.