I am very new to using php and have an assignment to complete for scool and need help. I am trying to write a login script for which I have been given no instructions except that it has to check an sql database for a hashed password which i was able to create and store in the database by writing my own registration script. After the password hash has been found the login script is to compare the hash of the password stored in the database to the password entered and if they are the same then the user is logged in. That is wher eI am having the problem. Below is what I have been able to do so far. Any guidance/assistance would be greatly appreciated. <html> <head> <title>Lab 6 for Network and Computer Security</title> </head> <body> <font color=black><h1>LOGIN PAGE</h1></font> <?php define('SALT_LENGTH', 9); function currentURL() { $url = "http://".$_SERVER['SERVER_NAME'].":".$_SERVER['SERVER_PORT'].$_SERVER['REQUEST_URI']; return $url; } function generateHash($password, $salt = null) { if ($salt === null) { $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH); } else { $salt = substr($salt, 0, SALT_LENGTH); } return $salt . sha1($salt . $password); } session_start(); if(isset($_POST['sendUsername'])) { if(isset($_POST['password'])) { $username = $_POST['username']; //$password = generateHash ($_POST['password']); $_SESSION['username'] = "$username"; if(empty($username)) { echo '<p><font color="red" size="+1">It would seem thst you have forgotten to enter a username!!</font></p>'; echo "<hr>"; } else { $dbServer = $dbUser = $dbPass = $dbName = $table = $conn = mysql_connect($dbServer, $dbUser, $dbPass) or die ('Error connecting to mysql' . mysql_error()); $db = mysql_select_db($dbName, $conn) or die ('Error selecting database' . mysql_error()); //$username = mysql_real_escape_string($password); $query = "SELECT * from table WHERE username = '$username'"; $results = mysql_query($query); $row = mysql_fetch_array ($result, MYSQL_NUM); $_SESSION['username'] = $row[1]; echo "Password: {$row['username']}<br>"; //echo "results: $results"; /*if (mysql_num_rows($results) == 1) { //Call function generateHash $dbpass = generateHash($_POST['passwordHash'], $salt); if (strcmp($dbpass, $password) == 0) { echo "Login was successful!!"; } else { echo '<p><font color="red" size="+1">Please try again!</font></p>'; } } else { //Redirect to nosuccess page Header("Location: nosuccess.php"); } */ } echo "Password: $password"; mysql_close($conn); } } ?> <p> <form method="post" action="login.php"> <b>Username:</b> <input name="username" type="text" size="20"><p> <b>Password:</b> <input name="password" type="password" size="20"><p> <style> body { background-color: #556b2f; } </style> <input name="sendUsername" type="submit" value="Login"><br><br> <font color=black><b>Click below to register if you have not yet done so!! </b><br> <a href = "register.php" > <font color=blue> <b>Registration page </a> </b> </font> </form> </body> </html>
I have tried all kinds of code trying to ensure that the hashed password saved to the database is being retreived all without success. I can see echo the username and hopefully that is the one stored in the database but no luck on the hashed pword.
Take in to consideration that this is just a very basic php login script I am writing. I have been doing some research and I am seeing lots of other code on the net but most of it I don't understand as I do not know much about php having only started last week.