RE: Re: cookie trouble

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You cannot reverse the encryption of an md5 hash. Nor should you want
to.

You don't want to know their password which is why you encrypt it.

When you seyup an account you convert the password to an md5 has(I
assume you have done so). When they log back in.. You convert the
password to an md5 hash and compare that value against the stored md5
password. If a match - log the user in. If not - kick an error page.

Aaron

> -----Original Message-----
> From: Seabird [mailto:jacco@vliegt.nl] 
> Sent: Thursday, October 31, 2002 9:49 AM
> To: php-db@lists.php.net
> Subject:  Re: cookie trouble
> 
> 
> I got this fixed,
> 
> but how do I reverse a md5 encryption????? this way I can log 
> people in again.
> 
> Jacco
> 
> --
> http://seabird.jmtech.ca
> 
> Attitude is Everything!
> But Remember, Attitudes are Contagious!
> Is Yours worth Catching????
> "Seabird" <jacco@vliegt.nl> wrote in message 
> 20021031165410.94762.qmail@pb1.pair.com">news:20021031165410.94762.qmail@pb1.pair.com...
> > Hi everyone,
> >
> > I'm having some trouble configuring a cookie (first time 
> doing this): 
> > I have a login-script and this sets a session cookie. What I really 
> > want
> is
> > to pass a cookie so that returning-people don't have to log 
> in every 
> > time, but I'm not sure how to do what part is passing on 
> the cookie (I 
> > think $_HTTP_SESSION_VARS=['PHP_SELF'] )
> >
> > How can I change this to a cookie that stores username and password 
> > for a time set by me (infinite).
> >
> > Here is my loginscript:
> >
> > <?php
> > if(isset($_POST['submit'])) { // if form has been submitted
> >  /* check they filled in what they were supposed to and 
> authenticate 
> > */  if(!$_POST['uname'] | !$_POST['passwd']) {
> >   print '<form action="index.php" method="post">
> >         <div align="left">
> >           <input class="test" name="uname" type="text" size="8" 
> > maxlength="8">
> >           <input class="test" type="password" size="8" 
> maxlength="8" 
> > name="passwd">
> >           <input name="submit" type="submit" value="Login">
> >           <br>
> >           <span class="welcome">please fill in the required 
> > fields.</span></div>
> >       </form>
> > ';
> >  }
> >  // authenticate.
> >  if(!get_magic_quotes_gpc()) {
> >   $_POST['uname'] = addslashes($_POST['uname']);
> >  }
> >  $check = $db_object->query("SELECT username, password FROM users 
> > WHERE username = '".$_POST['uname']."'");
> >  if(DB::isError($check)) {
> >   print '<form action="index.php" method="post">
> >         <div align="left">
> >           <input class="test" name="uname" type="text" size="8" 
> > maxlength="8">
> >           <input class="test" type="password" size="8" 
> maxlength="8" 
> > name="passwd">
> >           <input name="submit" type="submit" value="Login">
> >           <br>
> >           <span class="welcome">username doesn\'t exist.</span> <a 
> > class="header" 
> > 
> href="javascript:loadPage(\'mainlayer\',null,\'login/signup.php\')">si
> > gn
> up
> > here</a></div>
> >       </form>
> > ';
> >  }
> >  $info = $check->fetchRow();
> >  // check passwords match
> >  $_POST['passwd'] = stripslashes($_POST['passwd']);  
> $info['password'] 
> > = stripslashes($info['password']);  $_POST['passwd'] = 
> > md5($_POST['passwd']);  if($_POST['passwd'] != $info['password']) {
> >   print '<form action="index.php" method="post">
> >         <div align="left">
> >           <input class="test" name="uname" type="text" size="8"
> > maxlength="8">
> >           <input class="test" type="password" size="8" maxlength="8"
> > name="passwd">
> >           <input name="submit" type="submit" value="Login">
> >           <br>
> >           <span class="welcome">wrong password, try 
> again</span></div>
> >       </form>
> > ';
> >  }
> >
> >  // if we get here username and password are correct, 
> register session 
> > variables and set  // last login time.
> >  $date = date('m d, Y');
> >  $update_login = $db_object->query("UPDATE users SET 
> last_login = '$date'
> > WHERE username = '".$_POST['uname']."'");
> >  $_POST['uname'] = stripslashes($_POST['uname']);
> >  $_SESSION['username'] = $_POST['uname'];
> >  $_SESSION['password'] = $_POST['passwd'];
> >  $db_object->disconnect();
> > ?>
> > <span class="welcome">Welcome <a class="header"
> >
> href="javascript:loadPage('mainlayer',null,'users/edit.php?use
> r=<?=$_SESSION
> > ['username']?><?PHP print "&PHPSESSID=".session_id(); ?>')"><font 
> > color="white"><?=$_SESSION['username']?></font></a><br><a 
> > class="header" href="login/logout.php">Logout</a>
> > </span>
> > <?php
> > }
> > else { // if form hasn't been submitted
> > ?>
> > <form action="<?=$HTTP_SESSION_VARS['PHP_SELF']?>" method="post">
> >         <div align="left">
> >           <input class="test" name="uname" type="text" size="8" 
> > maxlength="8">
> >           <input class="test" type="password" size="8" 
> maxlength="8" 
> > name="passwd">
> >           <input name="submit" type="submit" value="Login"> <br>
> >           <a class="header"
> > 
> href="javascript:loadPage('mainlayer',null,'login/signup.php')
> ">sign up
> > here</a> </div>
> >       </form>
> > <?php
> > }
> > ?>
> >
> > Thanx,
> > Jacco
> >
> > --
> > http://seabird.jmtech.ca
> >
> > Attitude is Everything!
> > But Remember, Attitudes are Contagious!
> > Is Yours worth Catching????
> >
> >
> 
> 
> 
> -- 
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux