This question already has answers here:
Is it possible to decrypt MD5 hashes?
(24 answers)
Closed 9 years ago.
How to fetch md5 password from database.
i am making a login form>
i want,when the user is going to login.if the username and password text field is matched with database than use will login.
database..
in database,i store the password with md5().
now how to fetch the password from database.and how to make validation with this.
thanks all
<h1>Login Here</h1>
<form name="f1" action="login.php" method="post">
<table border="1">
<tr><td>username</td><td><input type="text" name="t1"></td></tr>
<tr><td>password</td><td><input type="password" name="t2"></td></tr>
<tr><td><input type="submit" value="login"></td></tr>
</table>
</form>
login.php
<?php
include "db.php";
$user=$_POST['t1'];
$pass=$_POST['t2'];
$result=mysql_query("select * from core where username='$user'")or die(mysql_error());
$row=mysql_fetch_row($result);
?>
<h1>Welcome Mr. <?php echo $user;?></h1>
<table border="1">
<tr><td>Your User-Id :- </td><td><?php echo $row[0];?></td></tr>
<tr><td>Your Username: </td><td><?php echo $row[1];?></td></tr>
<tr><td>your md5 Password: </td><td><?php echo $row[2];?></td></tr>
<tr><td>your Email Id: </td><td><?php echo $row[3];?></td></tr>
</table>
Dont try to decode the password from database and check it with that of user entered input pasword.Instead of that try encoding the user entered password as md5 and check it with that it the database.
There is no way to decrypt MD5. Well, there is, but no reasonable way
to do it. That's kind of the point.
To check if someone is entering the correct password, you need to MD5 whatever the user entered, and see if it matches what you have in the database.
For more you can check in this answer.
So what you can do is like this
if(isset($_POST['t2']) && trim($_POST['t2']) != ''){
$pass = md5(trim($_POST['t2']));
//Do a select query for fetching with the username and $pass and do the rest
}
Related
This question already has answers here:
encrypt and decrypt md5
(6 answers)
Closed 5 years ago.
I am sharing my 2 file's code.for insert username and passwords and to retrieve data. My scenario is something different. if username :
abc and password: 123456789
on login screen user have to enter only 3 digits from his password.But that will be random numbers from his password. if now system will ask me for 1st,3rd and 9th digit from password.after reload page it will change randomly. it will display 2nd,5th and 4th etc etc.
I am done this task earlier with my code. but now i am thinking to insert password with md5 encryption method.
I am stuck here if i used md5 for encryption then how to retrive password.
insert.php :
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<form action="" method="post">
<label>username</label>
<input type="text" name="username">
<label>pin</label>
<input type="password" name="pin">
<label>password</label>
<input type="password" name="password">
<button name="submit">Submit</button>
</form>
</body>
</html>
<?php
include 'conn.php';
if (isset($_POST['submit']))
{
$name = $_POST['username'];
$pass = md5($_POST['password']);
$sql = mysqli_query($conn,'INSERT INTO `emp`(`name`, `pass`) VALUES ("'.$name.'","'.$pass.'")');
if ($sql>0)
{
header('Location: index.php');
}
}
?>
index.php:
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<?php
include 'conn.php';
if (isset($_POST['submit'])) {
$name = $_POST['username'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
$pass3 = $_POST['pass3'];
$char1 = $_POST['char1'];
$char2 = $_POST['char2'];
$char3 = $_POST['char3'];
$sql = 'SELECT name,pass,pin from `emp` '
. 'where `name` = "'.$name.'" '
. 'AND SUBSTR(pass, '.($char1).', 1) = \''.$pass1.'\' '
. 'AND SUBSTR(pass, '.($char2).', 1) = \''.$pass2.'\' '
. 'AND SUBSTR(pass, '.($char3).', 1) = \''.$pass3.'\' ';
$sql = mysqli_query($conn,$sql);
$data = mysqli_fetch_assoc($sql);
if ($data)
{
echo 'success';
}
else
{
echo 'Fail';
}
}
// generate unique, not equal numbers
$char_pos = range(1, 9);
shuffle($char_pos);
$char_pos = array_slice($char_pos, 0, 3);
sort($char_pos);
?>
<form action="" method="post">
<input type="hidden" name="char1" value="<?php echo $char_pos[0]; ?>">
<input type="hidden" name="char2" value="<?php echo $char_pos[1]; ?>">
<input type="hidden" name="char3" value="<?php echo $char_pos[2]; ?>">
Username:
<input type="text" name="username" value="">
Password:
<input type="password" class="inputs" maxlength="1" name="pass1" placeholder='<?php echo $char_pos[0]; ?>st' value="">
<input type="password" class="inputs" maxlength="1" name="pass2" placeholder='<?php echo $char_pos[1]; ?>th' value="">
<input type="password" class="inputs" maxlength="1" name="pass3" placeholder='<?php echo $char_pos[2]; ?>th' value="">
<button name="submit">Submit</button>
</form>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script>
$(".inputs").keyup(function () {
if (this.value.length == this.maxLength) {
$(this).next('.inputs').focus();
}
});
</script>
</body>
</html>
MD5() function is not a encrypt decrypt function. it produce data based on input. That data cannot be reverted. if you need to check MD5 output with ordinary text, you have to MD5 ordinary text then compare both MD5 output.
There are several Online MD5 Decrypter present. It is based on Past input history.
www.md5online.org
md5decrypt.net/en/
You can check with this ..
Thank you...
As already pointed out in comments, md5 is a one-way hash function, not an encryption. This means that it is impossible to perform a partial password verification against the hash because the original password cannot be retrieved.
The Smart Architects blog used to have a great article on partial password verification, but now it is only accessible via web archive.
To sum up the possibilities (omitting the completely unsecure storing password in plain text solution):
Store the passwords in an encrypted format, meaning you can retrieve the password in plain text if needed for comparison. Pro: easy to implement. Con: if someone obtains the key, then all passwords can be reversed. If you want something really secure, then you probably need an HSM (Hardware Security Module) for this. Until you get your hands on an HSM, you can try openssl_encrypt() function.
Hash all combination of letters the interface may ask in a hashed format. Pro: probably the most secure storage format (if the right hashing algorithm is used with salts). Con: just think about the number of records you need to create for a long password.
Use Shamir secret sharing scheme. Pro: compromise in storage space vs security. Con: probably the most difficult solution to implement from a coding perspective.
First of all I apologize for the noobish nature of my question. I have tried to search the internet for a solution, so far with little luck. I therefore turn to the awesome people of StackOverflow, as this usually gets the problems solved quite fast.
I am trying to make a very simple login function for a website. It consists of a HTML-form and a php login script. The problem is that the username (and password) does not seem to get passed from the form to the login script. Starting with the form, it looks like this:
<form name="loginForm" method="post" action="loginScript.php">
<table style="position: absolute; top:55%; left:50%; transform: translate(-50%, -50%)">
<tr>
<td>Brugernavn:</td><td><input name="edUsername" type="text" id="username" autofocus></td>
</tr>
<tr>
<td>Adgangskode:</td><td><input name="edPassword" type="password" id="password"><br></td>
</tr>
<tr>
<td style ="font-size: 10px;">Glemt din adgangskode?</td>
<td style="text-align: right;"><input name="Submit" type="submit" value="Log ind"></td>
</tr>
</table>
</form>
So the information i need in my login script is the username and password data. I try to obtain these with the filter_input() since I read that this was safer than $_POST[]. In the login script it looks like this:
// Get username and password from post form
$ed_user = filter_input(INPUT_POST, 'username');
$ed_pass = filter_input(INPUT_POST, 'password');
echo $ed_user;
The "echo" part is just a temporary line, to check if there is indeed a username retrieved. So far this is not the case. So my question is, what the heck am I doing wrong?
Rewrite as
$ed_user = filter_input(INPUT_POST, 'edUsername');
$ed_pass = filter_input(INPUT_POST, 'edPassword');
Use the name of the field instead of the id.
You've got the names wrong, Check below.
$ed_user = filter_input(INPUT_POST, 'edUsername');
$ed_pass = filter_input(INPUT_POST, 'edPassword');
Your mistake is that you're using input's id attribute instead of the name.
// Get username and password from post form
$ed_user = filter_input(INPUT_POST, 'edUsername');
$ed_pass = filter_input(INPUT_POST, 'edPassword');
echo $ed_user;
Or you could swap the attributes so the PHP code is left as is.
As for the differences between id and name attributes check out another question.
I'm creating a SQL Injection demo as a project for my class. I've created a login page but i cant seem to be able to inject it. Here is what I have written for the page. I have tried blind SQLi creating multiple clauses withing the username field. The only other thing I can think of is to use subqueries or to change my code to make it easier.
EDIT* Trying to Inject the username field *
<?php // Check to see if there was a request method that is a post type
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
// Check to see if username field is null
if (!empty($_POST['username'])) {
// Connect to the server using credentials
$con = mysql_connect('localhost','root','sqlcool1');
// If the connection was not successful
if (!$con){
echo 'OUCH';
die('Could not connect: '.mysql_error());
}
// Select the correct database from the server
$db = mysql_select_db('injectme',$con);
// Pass a sql query through the table to pull the user field that was entered in the form
// Return the results in an array
$sql = mysql_query('SELECT * FROM user WHERE username = "' . $_POST['username'] . '"');
$row = mysql_fetch_row($sql);
// compare $row["password"] to $_post["password"]
// if they match it's good: log them in
// if not, they're beat: don't log them in
if ($_POST["username"] == $row[1] && $_POST["password"] == $row[2]) {
// do something to let them know that it worked
echo('<html>
<head>
<meta http-equiv="refresh" content="3; url=search.php">
</head>
<body>
<p style="color:green">logged in</p>
</body>
</html>');
} else {
// do something to let them know it didn't work
echo('<p style="color: red">Invalid username or password.</p>');
echo('<form name="login" action="login.php" method="POST">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
<input type="submit" name="submit_button" value="Submit">
<button type="submit" formaction="register.php">Register</button>
</form>');
}
//Close the connected session with the server
mysql_close($con);
} else {
// Repost Form
echo ('<p style="color: red"> No username / password provided.</p>');
echo('<form name="login" action="login.php" method="POST">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
<input type="submit" name="submit_button" value="Submit">
<button type="submit" formaction="register.php">Register</button>
</form>');
}
}
else
{
echo('<form name="login" action="login.php" method="POST">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
<input type="submit" name="submit_button" value="Submit">
<button type="submit" formaction="register.php">Register</button>
</form>');
}
?>
The code you have posted is entirely vulnerable and can be used to view the content of the entire database. One way to exploit it is with time based attack where you create an artificially long response time if a condition is true.
Consider the following username :
" UNION SELECT (WHEN "A" = (SUBSTR(password, 1, 1)) THEN SLEEP(5) ELSE 1 END) AS username, 1 as password FROM user LIMIT 0, 1 --
If the response is longer than 5 seconds, you can know the value of the first character is "A" otherwise just test for an other character. After that you just have to repeat the same pattern for other position in the string until you have found all characters of the password. After that, you can just directly use the admin password. Since it requires a lot of queries those type of attack are often scripted.
If you want to read more about it, it's called Blind SQL Injection.
To successfully exploit this vulnerability, you need to be able to inject some code such that the resulting SQL statement will return something that will pass the later test:
$_POST["username"] == $row[1] && $_POST["password"] == $row[2]
So the second column needs to be equal to the submitted username and the third row needs to be equal to the submitted password.
Now as the injection happens with the submitted username, you have a problem.
Because you cannot supply a username that fulfills both the inject some data into the result set aspect and the inject a value for the username that is identical to the injected code that injects a value for the username aspect.
The former is quite easy (assuming three columns in user):
username := '" UNION SELECT 1, "admin", "'
password := ''
This results in:
SELECT * FROM user WHERE username = "" UNION SELECT 1, "admin", ""
However, the $_POST["username"] == $row[1] part remains unresolvable as you would need to make the second SELECT return the submitted username as username column value. And that’s just not possible.
Now if you just remove the $_POST["username"] == $row[1] it works fine.
It depends on what you are trying to inject. If you are trying to inject a second query, this is not possible - the mysql_query function does not support multiple queries. From the docs:
mysql_query() sends a unique query (multiple queries are not supported) to the currently active database on the server that's associated with the specified link_identifier.
Of course, it is still vulnerable to additional WHERE clause injections.
<?
require_once('etcore.php');
mysql_connect($dburl,$dbuser,$dbpass) or die(mysql_error());
mysql_select_db("rshost") or die(mysql_error());
$username=strtoupper(clean($_POST['username']));
$password=md5($_POST['password']);
$andover = mysql_query("SELECT * FROM users WHERE usernameupper='$username' AND password='$password'") or die(mysql_error().__LINE__);
$numberofthings = mysql_num_rows($andover) or die(mysql_error().__LINE__);
if ($numberofthings = 1) {
$getit=mysql_fetch_array($andover) or die(mysql_error().__LINE__);
$_SESSION['id'] = $getit['id'];
header('Location: index.php');
}
else {
?>
<h1>Login:</h1>
<img src='http://media.idownloadblog.com/wp-content/uploads/2011/12/Warning.png' width="25" height="25" />
<strong style="color:#F03;">Incorrect Username and/or Password </strong><br>
<form method="POST" action="login.php">
Username: <input name="username" type="text" /><br />
Password: <input name="password" type="password" /><br />
<input name="submit" type="submit" value="Log In!" /><br />
</form>
<? } ?>
This is the code I am using. Whenever I run the code, I get the error "No database selected" on line 7. Any help would be appreciated. Thanks! BTW: Db user, pass and URL are all in the 'etcore.php' file, so it is not a problem there. I have also tried replacing those variables with strings and get the same error.
How about:
mysql_select_db("rshost", mysql_connect($dburl,$dbuser,$dbpass))
or even better:
$handle = mysql_connect($dburl,$dbuser,$dbpass);
mysql_select_db("rshost", $handle);
And maybe for a better knowledge and understanding:
manual page
in the section parameters
so it would be clear why it may OR may not work without using the $handle argument
Give the database privileges. May be you don't have the user permission to access database,
check this
mysql> grant all privileges on Databasename.* to 'username'#'localhost' identified by password
This question already has an answer here:
Closed 11 years ago.
Possible Duplicate:
fail execute statement with php and mysql
I have this statement taking output out of the database:
function ValidateLogin($user_name, $pass)
{
$user_name=SanitizeString($user_name);
$pass=SanitizeString($pass);
$user_name=mysql_real_escape_string($user_name);
$pass=mysql_real_escape_string($pass);
$salt = 'SHIFLETT';
$password_hash = hash('sha256',$salt.hash('sha256', $pass));
$result=mysql_query("SELECT * FROM users WHERE user_name='$user_name' AND pass='$password_hash' LIMIT 1") or die(mysql_error());
$dataArray=FALSE;
if(mysql_num_rows($result))
{
echo "Login successful".mysql_num_rows($result);
return $dataArray=TRUE;
}
else
{
echo "Login unsuccessful:".mysql_num_rows($result);
}
return $dataArray;
mysql_close();
}
The sanitize function is:
function SanitizeString($var)
{
$var=stripslashes($var);
$var=htmlentities($var, ENT_QUOTES, 'UTF-8');
$var=strip_tags($var);
$var=trim($var);
return $var;
}
Note on the insert I use the same hash algorithm. ... what I get here is always zero:
echo "Login unsuccessful:".mysql_num_rows($result);
Is mysql statement wrong..or is it the hash algorithm? or the sanitizeString function?
UPDATE:
result:
before the $pass is hashed I get this:
string(5) "Mad24"
string(1) "1"
when I insert the name and pass to the database. I get this:
string(5) "Mad24"
string(8) "luckyd55"
Again this is before the pass is hashed on the insert and login of the user. why when I login I get 1?!?!?
\
The login form
echo '
<form action="" method="POST">
<table width="80%" border="1" cellpadding="10" id="navigationBar">
<tr>
<td> Register</td>
<td> Control Panel</td>
<td> Donate </td>
<td align="right">name:<input name="name" type="text" /></td>
<td>password:<input name="pass" type="password" /> <input name="login" type="submit" value="Login" /> </td>
</tr>
</table>
</form>
';
answering to your question in the comments:
You can't improve your site security with hash algorithm.
You can improve your hash/salt usage by creating a different salt for each user, instead of using the same salt for all users.