Follow us on Twitter!
One mans freedom fighter, another's terrorist.
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 33
Guests Online: 33
Members Online: 0

Registered Members: 82831
Newest Member: FL4SHC0D3R
Latest Articles
View Thread

HellBound Hackers | Computer General | Programming

Author

php and sha1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-11-08 22:18
I'm making a login form, and running into some problems checking the encrypted password from the login form to the password that is stored in the database. The pages being affected are bellow.

login form
---------------------------------------
$nickname = $_REQUEST['nickname'];
$password = $_REQUEST['password'];

if (CheckLogin($nickname, $password) == "true"){
$_SESSION['LoggedIn'] = "true";
} else {
$_SESSION['LoggedIn'] = "false";
}
---------------------------------------

function checklogin
---------------------------------------
function CheckLogin($nickname, $password){
$salt = MemberInfo("Salt", "WHERE Nickname = '$nickname'");
$pass = sha1($salt.$password);
$sql = mysql_query("SELECT * FROM member WHERE Nickname = '$nickname' AND Password = '$pass'");

if ($sql === true){
return "true";
} else {
return "false";
}
}
---------------------------------------

function memberinfo
---------------------------------------
works fine, pulls correct information
---------------------------------------

password put into databse
---------------------------------------
$password = sha1($salt.$adminConfig['password']);
---------------------------------------

$adminConfig['password'] and $password (on page 1) are the same value

The problem is that $pass (from checkLogin function) and $password (from the password inserted into the database) are not the same.

Any ideas what would be causing this?




Edited by on 06-11-08 22:19
Author

RE: php and sha1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-11-08 22:40
I just tried it without the salt, and it is still not working.

sha1($adminConfig['password']) != sha1($pass)

even though the values for $adminConfig['password'] and $pass are the same... ugh.




Author

RE: php and sha1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-11-08 23:06
Just use the MySQL SHA1() function in the WHERE portion of your query instead of using the PHP one (on your $pass variable). Why would it make a difference? No idea... maybe a default salt of some sort.




Edited by on 06-11-08 23:12
Author

RE: php and sha1

yours31f
Member



Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank:
Elite
Posted on 06-11-08 23:21
I may be wrong, But is it supposed to have 3 equal signs?
Feralas wrote:
if ($sql === true){



Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.


img259.imageshack.us/img259/3713/sigr.png



Edited by yours31f on 07-11-08 00:32
yours31f@live.com yours31f@yahoo.com rpwd.info
Author

RE: php and sha1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-11-08 00:41
It doesn't have to have 3 equal signs, but the syntax is valid and shouldn't make a difference.


Author

RE: php and sha1

yours31f
Member



Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank:
Elite
Posted on 07-11-08 00:59
Oh, ok wasn't sure. Haven't ever seen 3 before.


Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.


img259.imageshack.us/img259/3713/sigr.png

yours31f@live.com yours31f@yahoo.com rpwd.info
Author

RE: php and sha1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-11-08 01:20
http://us3.php.ne. . .comparison


Author

RE: php and sha1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-11-08 08:15
I figured it out.

My salt function was making a salt of 51chars, instead of 50 (I started at 0, instead of 1) and the database was only storing 50chars.

I hate dumb mistakes lol.