I have a script thats is writing a scrambled password to the database and I am trying to pinpoint where in the script its scrambles it?
Here is the database screen shot of the scrambled passwords.
Here are the PHP scripts that is used to write to the database: (They take you through the registration process, please pinpoint the script that would make password post a scrambled password to the database.)
REGISTRATION FORM
REGISTER_NEW.phpPHP Code:<form method=post action="register_new.php">
<table bgcolor=#cccccc>
<tr>
<td>Email address:</td>
<td><input type=text name=email size=30 maxlength=100></td></tr>
<tr>
<td>Preferred username <br />(max 16 chars):</td>
<td valign=top><input type=text name=username
size=16 maxlength=16></td></tr>
<tr>
<td>Password <br />(between 6 and 16 chars):</td>
<td valign=top><input type=password name=passwd
size=16 maxlength=16></td></tr>
<tr>
<td>Confirm password:</td>
<td><input type=password name=passwd2 size=16 maxlength=16></td></tr>
<tr>
<td colspan=2 align=center>
<input type=submit value="Register"></td></tr>
</table></form>
Here is the register function that is referred to above, which writes to the database:PHP Code://create short variable names
$email=$HTTP_POST_VARS['email'];
$username=$HTTP_POST_VARS['username'];
$passwd=$HTTP_POST_VARS['passwd'];
$passwd2=$HTTP_POST_VARS['passwd2'];
// start session which may be needed later
// start it now because it must go before headers
session_start();
// check forms filled in
if (!filled_out($HTTP_POST_VARS))
{
do_html_header('Problem:');
echo 'You have not filled the form out correctly - please go back'
.' and try again.';
do_html_footer();
exit;
}
// email address not valid
if (!valid_email($email))
{
do_html_header('Problem:');
echo 'That is not a valid email address. Please go back '
.' and try again.';
do_html_footer();
exit;
}
// passwords not the same
if ($passwd != $passwd2)
{
do_html_heading('Problem:');
echo 'The passwords you entered do not match - please go back'
.' and try again.';
do_html_footer();
exit;
}
// check password length is ok
// ok if username truncates, but passwords will get
// munged if they are too long.
if (strlen($passwd)<6 || strlen($passwd) >16)
{
do_html_header('Problem:');
echo 'Your password must be between 6 and 16 characters.'
.'Please go back and try again.';
do_html_footer();
exit;
}
// attempt to register
$reg_result = register($username, $email, $passwd);
if ($reg_result === true)
{
// register session variable
$HTTP_SESSION_VARS['valid_user'] = $username;
// provide link to members page
do_html_header('Registration successful');
echo 'Your registration was successful. Go to the members page '
.'to start setting up your bookmarks!';
do_html_url('member.php', 'Go to members page');
}
else
{
// otherwise provide link back, tell them to try again
do_html_header('Problem:');
echo $reg_result;
do_html_footer();
exit;
}
// end page
do_html_footer();
PHP Code:function register($username, $email, $password)
// register new person with db
// return true or error message
{
// connect to db
$conn = db_connect();
if (!$conn)
return 'Could not connect to database server - please try later.';
// check if username is unique
$result = mysql_query("select * from user where username='$username'");
if (!$result)
return 'Could not execute query';
if (mysql_num_rows($result)>0)
return 'That username is taken - go back and choose another one.';
// if ok, put in db
$result = mysql_query("insert into user values
('$username', password('$password'), '$email')");
if (!$result)
return 'Could not register you in database - please try again later.';
return true;
}
From the code above-any clue on why the password is not written to the database as it was typed instead of being scrambled?
-Kevin
Bookmarks