SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Guru ripcurlksm's Avatar
    Join Date
    Aug 2004
    Location
    San Clemente, CA
    Posts
    857
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Scrambled Password

    I have a script thats is writing a scrambled password to the database and I am trying to pinpoint where in the script its scrambles it?

    Here is the database screen shot of the scrambled passwords.


    Here are the PHP scripts that is used to write to the database: (They take you through the registration process, please pinpoint the script that would make password post a scrambled password to the database.)

    REGISTRATION FORM
    PHP Code:
    <form method=post action="register_new.php">
     <
    table bgcolor=#cccccc>
       
    <tr>
         <
    td>Email address:</td>
         <
    td><input type=text name=email size=30 maxlength=100></td></tr>
       <
    tr>
         <
    td>Preferred username <br />(max 16 chars):</td>
         <
    td valign=top><input type=text name=username
                         size
    =16 maxlength=16></td></tr>
       <
    tr>
         <
    td>Password <br />(between 6 and 16 chars):</td>
         <
    td valign=top><input type=password name=passwd
                         size
    =16 maxlength=16></td></tr>
       <
    tr>
         <
    td>Confirm password:</td>
         <
    td><input type=password name=passwd2 size=16 maxlength=16></td></tr>
       <
    tr>
         <
    td colspan=2 align=center>
         <
    input type=submit value="Register"></td></tr>
     </
    table></form
    REGISTER_NEW.php
    PHP Code:
     //create short variable names
      
    $email=$HTTP_POST_VARS['email'];
      
    $username=$HTTP_POST_VARS['username'];
      
    $passwd=$HTTP_POST_VARS['passwd'];
      
    $passwd2=$HTTP_POST_VARS['passwd2'];
       
    // start session which may be needed later
       // start it now because it must go before headers
       
    session_start();

     
       
    // check forms filled in
       
    if (!filled_out($HTTP_POST_VARS))
       {
          
    do_html_header('Problem:');
          echo 
    'You have not filled the form out correctly - please go back'
              
    .' and try again.';
          
    do_html_footer();
          exit; 
       }    

       
    // email address not valid
       
    if (!valid_email($email))
       {
          
    do_html_header('Problem:');
          echo 
    'That is not a valid email address.  Please go back '
               
    .' and try again.';
          
    do_html_footer();
          exit;
       } 

       
    // passwords not the same 
       
    if ($passwd != $passwd2)
       {
          
    do_html_heading('Problem:');
          echo 
    'The passwords you entered do not match - please go back'
               
    .' and try again.';
          
    do_html_footer();
          exit;
       }

       
    // check password length is ok
       // ok if username truncates, but passwords will get
       // munged if they are too long.
       
    if (strlen($passwd)<|| strlen($passwd) >16)
       {
          
    do_html_header('Problem:');
          echo 
    'Your password must be between 6 and 16 characters.'
               
    .'Please go back and try again.';
          
    do_html_footer();
          exit;
       }
       
    // attempt to register
       
    $reg_result register($username$email$passwd);
       if (
    $reg_result === true)
       {
         
    // register session variable 
         
    $HTTP_SESSION_VARS['valid_user'] = $username;
         

         
    // provide link to members page
         
    do_html_header('Registration successful');
         echo 
    'Your registration was successful.  Go to the members page '
              
    .'to start setting up your bookmarks!';
         
    do_html_url('member.php''Go to members page');
       }
       else
       {
         
    // otherwise provide link back, tell them to try again
         
    do_html_header('Problem:');
         echo 
    $reg_result
         
    do_html_footer();
         exit;
       }

       
    // end page
       
    do_html_footer(); 
    Here is the register function that is referred to above, which writes to the database:
    PHP Code:
    function register($username$email$password)
    // register new person with db
    // return true or error message
    {
     
    // connect to db
      
    $conn db_connect();
      if (!
    $conn)
        return 
    'Could not connect to database server - please try later.';

      
    // check if username is unique 
      
    $result mysql_query("select * from user where username='$username'"); 
      if (!
    $result)
         return 
    'Could not execute query';
      if (
    mysql_num_rows($result)>0
         return 
    'That username is taken - go back and choose another one.';

      
    // if ok, put in db
      
    $result mysql_query("insert into user values 
                             ('
    $username', password('$password'), '$email')");
      if (!
    $result)
        return 
    'Could not register you  in database - please try again later.';

      return 
    true;



    From the code above-any clue on why the password is not written to the database as it was typed instead of being scrambled?

    -Kevin

  2. #2
    SitePoint Guru
    Join Date
    Sep 2004
    Location
    NY, USA
    Posts
    712
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    password('$password')

  3. #3
    SitePoint Enthusiast mrobinson's Avatar
    Join Date
    Aug 2004
    Location
    New York, NY, USA
    Posts
    50
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If I registered with
    username: mark
    password: letmein
    email: mark@mydomain.com

    The SQL that would be executed would be:
    Code:
    insert into user values ('mark', password('letmein'), 'mark@mydomain.com')
    password() is a function internal to MySQL (and so it is MySQL that is encrypting the password).

  4. #4
    SitePoint Guru ripcurlksm's Avatar
    Join Date
    Aug 2004
    Location
    San Clemente, CA
    Posts
    857
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •