You add the salt to the password hash when you register, but you don't ad..." />
Should Define $myusername and $mypassword $salt = '~Z`! @#$%I^&*()_-+Q=}{\|">You add the salt to the password hash when you register, but you don't add it when you attempt a login I also want to strongly urge you not to POST directly into your database queries, but to use the mysql_real_escape for every POST variable that is used in a query. Better still would be to use prepared statements Doest that help at all?
Should // Define $myusername and $mypassword $salt = '~Z`! @#$%I^&*()_-+Q=}{\|">You add the salt to the password hash when you register, but you don't add it when you attempt a login. I also want to strongly urge you not to POST directly into your database queries, but to use the mysql_real_escape for every POST variable that is used in a query.
Better still would be to use prepared statements. Doest that help at all?
1 Indeed. There is SQL injection possible. Just have a look at the following xkcd: xkcd.Com/327.
– Shi Aug 9 at 15:06 @Shi: The xkcd comic, while both funny and educational, does not apply here. Mysql_query can only run a single query, so such exploit is not possible ;) (There are other, no less 'interesting', possibilities with this code though). For example, let's say I'll try to login with username ' OR 1-- – Mchl Aug 9 at 15:16 @Mchl As soon as you found a valid username, you can login using Robert"; --.
– Shi Aug 9 at 15:20 1 @Mchl The code checks for mysql_num_rows() == 1 so without valid username, your suggestion will fail. – Shi Aug 9 at 15:21 Yeah... he's actually checking for rowcount equal to 1... that saves him from my puny attempt ;P – Mchl Aug 9 at 15:21.
I do not see where the "salt" is used in your login script. Maybe try the following: $mypassword = hash('sha512', $mypassword . $salt).
See updated output i'm getting please – user886187 Aug 9 at 15:25.
Your $_POST'upass'; variable is empty. Check if your form field is actually called upass. Based on this piece of information: >> $salt = '~Z`!
@#$%I^&*()_-+Q=}{\|">> hash('sha512', 'poop'. $salt); '4e4d252a08ac4c35c2917b4fc715fef13bac2b686c7ebc8f8256765bd584a89634df3fa455ed73c1fbec84d442f11d5e064749396dcb1c0f1525f82c1b0ea57a' >> hash('sha512', ''. $salt); 'bffbc4f94f40d0cece6774ed9ec792b03ad5362edf768d190913d033c46ad4af4e2cbe1d42134f58da402efb7d3209b7e9b62ff3e81caf6341262b24dd300e9a.
Register $myusername, $mypassword and redirect to file "login_success.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.