www.webdeveloper.com
Results 1 to 9 of 9

Thread: MD5 and Salt Help

  1. #1
    Join Date
    Dec 2007
    Location
    Mississippi
    Posts
    1,063

    MD5 and Salt Help

    Can anyone tell me what's wrong with my code?

    PHP Code:
    <?php

      $user_id 
    $_GET['user_id'];

      
    // start the session
      
      
    session_name('pickles');
      
    session_set_cookie_params(900);
      
    session_start();
      
      
      
      
    // verify session
      
      
    if (empty($_SESSION) || $_SESSION['news'] != true)
      {
      
        
    // redirect them
        
        
    header("Location: login page");
        
        exit;
        
      }
      
      
    // require the connection and salt settings
      
      
    require_once("path_to_connection_and_update_code);
      
      require_once("
    path_to_salt_code");
      
      // connect to the database
      
      
    $conn = path_to_connection_and_update_code_function;
      
      
      
      // write the query
      
      
    $query1 = "SELECT `user_id`, `username`, `pwd`, `user_emailFROM `usersWHERE `user_id` = ? LIMIT 1";
      
      // prepare the statement
      
      if (
    $stmt1 = $conn->prepare($query1))
      {
      
        // bind the parameters
        
        
    $stmt1->bind_param('i', $user_id);
        
        // execute
        
        if (
    $stmt1->execute())
        {
        
          
    $stmt1->bind_result($id$username$pwd$email);
          
          
    $stmt1->fetch();
          
          
    $stmt1->close();
          
        }
        
      }
      
      // process the form
      
      if (array_key_exists('submit', 
    $_POST) && !empty($_POST['submit']))
      {
      
        // create an array for missing fields
        
        
    $missing = array();
        
        // check to see if there are any missing fields
        
        foreach (
    $_POST as $key => $value)
        {
        
          if (empty(
    $key))
          {
          
            
    $missing[] = $key;
            
            exit;
            
          }
          
        }
        
        
    $email1 = $_POST['email'];
        
    $pwd1 = md5($salt . md5($_POST['pwd1'] . $salt));
        
    $pwd2 = md5($salt . md5($_POST['pwd2'] . $salt));
        
        // check to see that the passwords are identical
        
        if (
    $pwd1 !== $pwd2)
        {
          
    $notIdentical = false;
          
          exit;
          
        }
        
        // if all input is clear, let's go
        
        if (empty(
    $missing) && $pwd1 === $pwd2)
        {
        
          // missing is no longer needed
          
          unset(
    $missing);
          
          
    $query2 = "UPDATE `usersSET `pwd` = ? WHERE `user_id` = ?";
          
          if (
    $stmt2 = $conn->prepare($query2))
          {
          
          
    $stmt2->bind_param('si', $newPwd$id2);
          
          
    $newPwd = $pwd1;
          
    $id2 = $user_id;
          
          
    $stmt2->execute();
          
          
    $stmt2->close();
          
          header("
    Locationdifferent page");
          
          }
          
        }
        
      }
      

      
     ?>
    What I'm trying to do is update a user's password with an encrypted password (as evident by the salt and MD5 function use). However, the password never seems to update. Every time I log into phpMyAdmin and check, the password is the same as it always was. No encryption, and no edits to the original word

  2. #2
    Join Date
    Dec 2005
    Posts
    193
    might want to change `user_id` = ? to user_id = '.$user_id.'

    also for testing I would do this:

    PHP Code:
        if ($pwd1 !== $pwd2)
        {
          
    $notIdentical false;
          
    echo 
    $pwd1;
    echo 
    $pwd2;
    echo 
    $salt;
    echo 
    $_POST['pwd1'];
    echo 
    $_POST['pwd1'];
          exit;
          
        } 
    also I don't know how you are using $notIdentical but shouldn't it be true?

  3. #3
    Join Date
    Dec 2007
    Location
    Mississippi
    Posts
    1,063
    I'm using PHP's MySQL Improved extension. That's why it looks like it does; that's how MySQL Improved works.

    And you could be right about $notIdentical...

  4. #4
    Join Date
    Jun 2006
    Location
    Down at the bottom of the garden
    Posts
    1,239
    Is $stmt2->execute(); returning correctly?

    Also, check if $id is being populated correctly?
    Last edited by MrCoder; 10-24-2008 at 06:05 AM.
    Quote Originally Posted by temp.user123
    You know... You're not so smart. Do you need me to educate you?
    If you say, "please," (and do so, nicely) then I will show you where you're dead wrong.

  5. #5
    Join Date
    Aug 2006
    Location
    Michigan
    Posts
    1,046
    Your missing a double quote in this line

    PHP Code:
    require_once("path_to_connection_and_update_code); 
    Should be this

    PHP Code:
    require_once("path_to_connection_and_update_code"); 
    Your code will look more colorful instead of all red
    PHP Code:
    <?php

      $user_id 
    $_GET['user_id'];

      
    // start the session
      
    session_name('pickles');
      
    session_set_cookie_params(900);
      
    session_start();
     
      
    // verify session
      
    if (empty($_SESSION) || $_SESSION['news'] != true)
      {
        
    // redirect them
        
    header("Location: login page");
        exit;
      }
      
      
    // require the connection and salt settings
      
    require_once("path_to_connection_and_update_code");
      require_once(
    "path_to_salt_code");
      
      
    // connect to the database
      
    $conn path_to_connection_and_update_code_function;
      
      
    // write the query
      
    $query1 "SELECT `user_id`, `username`, `pwd`, `user_email` FROM `users` WHERE `user_id` = ? LIMIT 1";
      
      
    // prepare the statement
      
    if ($stmt1 $conn->prepare($query1))
      {
        
    // bind the parameters
        
    $stmt1->bind_param('i'$user_id);
        
        
    // execute
        
    if ($stmt1->execute())
        {
          
    $stmt1->bind_result($id$username$pwd$email);
          
    $stmt1->fetch();
          
    $stmt1->close();
        }
      }
      
      
    // process the form
      
    if (array_key_exists('submit'$_POST) && !empty($_POST['submit']))
      {
        
    // create an array for missing fields
        
    $missing = array();
        
        
    // check to see if there are any missing fields
        
    foreach ($_POST as $key => $value)
        {
          if (empty(
    $key))
          {
            
    $missing[] = $key;
            exit;
          }
        }
        
        
    $email1 $_POST['email'];
        
    $pwd1 md5($salt md5($_POST['pwd1'] . $salt));
        
    $pwd2 md5($salt md5($_POST['pwd2'] . $salt));
        
        
    // check to see that the passwords are identical
        
    if ($pwd1 !== $pwd2)
        {
          
    $notIdentical false;
          exit;
        }
        
        
    // if all input is clear, let's go
        
    if (empty($missing) && $pwd1 === $pwd2)
        {
          
    // missing is no longer needed
          
    unset($missing);
          
          
    $query2 "UPDATE `users` SET `pwd` = ? WHERE `user_id` = ?";
          
          if (
    $stmt2 $conn->prepare($query2))
          {
             
    $stmt2->bind_param('si'$newPwd$id2);
          
             
    $newPwd $pwd1;
             
    $id2 $user_id;
          
             
    $stmt2->execute();
             
    $stmt2->close();
          
             
    header("Location: different page");
          }
        }
      }
      
    ?>

  6. #6
    Join Date
    Jun 2006
    Location
    Down at the bottom of the garden
    Posts
    1,239
    Code:
    require_once("path_to_connection_and_update_code");
    Some how I highly doubt that has anything to do with the issue at hand since the text within the require is not even a real file name.
    Quote Originally Posted by temp.user123
    You know... You're not so smart. Do you need me to educate you?
    If you say, "please," (and do so, nicely) then I will show you where you're dead wrong.

  7. #7
    Join Date
    Dec 2007
    Location
    Mississippi
    Posts
    1,063
    Yeah, that was just a typo when I made the post.

    Okay, so I used isset() on both $id and $id2, and they're both correct.

  8. #8
    Join Date
    Dec 2005
    Posts
    193
    that sure is a nice sig you have there

  9. #9
    Join Date
    Dec 2007
    Location
    Mississippi
    Posts
    1,063
    Too many threads have begun exactly like this one I decided to take matters into my own hands

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles