Temos pavadinimas: WordPress, Shopify ir PHPFusion programuotojų bendruomenė :: Perdarymas ant md5 $ salt

Parašė tarciokk· 2011 Lie. 23 15:07:19
#1

Sveiki, gal kas galite perdaryti sio register.php registracija i md5 $ salt kad saugotu?


<? 
        include "config.php";
 
        $Data = '<form action=cadastro.php method=post>
         Login:  
        <br><input type=text name=login><br><br>
         Senha:
        <br><input type=password name=passwd><br><br>
         Confirmar Senha:
        <br><input type=password name=repasswd><br><br>
        Email:
        <br><input type=text name=email><br><br>
        <input type=submit name=submit value="Registration">
        </form>';
 
        if (isset($_POST['login']))
                {
                        $Link = MySQL_Connect($DBHost, $DBUser, $DBPassword) or die ("Can't connect to <span style="border-bottom: 1px dotted black;">MySQL</span>");
                        MySQL_Select_Db($DBName, $Link) or die ("Database ".$DBName." do not exists.");
 
                        $Login = $_POST['login'];
                        $Pass = $_POST['passwd'];
                        $Repass = $_POST['repasswd'];
                        $Email = $_POST['email'];
 
                        $Login = StrToLower(Trim($Login));
                        $Pass = StrToLower(Trim($Pass));
                        $Repass = StrToLower(Trim($Repass));
                        $Email = Trim($Email);
 
                if (empty($Login) || empty($Pass) || empty($Repass) || empty($Email))
                        {
                            echo "Preencha todos campos.";
                        }
 
                elseif (ereg("[^0-9a-zA-Z_-]", $Login, $Txt))
                        {
                                echo "Seu Login est&#225; incorreto.";
                        }
 
                elseif (ereg("[^0-9a-zA-Z_-]", $Pass, $Txt))
                        {
                                echo "Sua senha est&#225; Incorreta.";
                        }
 
                elseif (ereg("[^0-9a-zA-Z_-]", $Repass, $Txt))
                        {
                                echo "Sua senha est&#225; Incorreta.";
                        }
                elseif (StrPos('\'', $Email))
                        {
                                echo "Seu Email est&#225; Incorreto.";
                        }       
                else
                        {
                                $Result = MySQL_Query("SELECT name FROM users WHERE name='$Login'") or ("Can't execute query.");
 
                if (MySQL_Num_Rows($Result))
                        {
                                echo "Esse Login <b>".$Login."</b> j&#225; existe!";
                        }
 
                elseif ((StrLen($Login) < 4) or (StrLen($Login) > 10)) 
 
                        {
                                echo "Login deve ter 4 caracter no minimo e 10 no maximo.";
                        }
 
                elseif ((StrLen($Pass) < 4) or (StrLen($Pass) > 10)) 
 
                        {
                                echo "Senha deve ter 4 caracter no minimo e 10 no maximo.";
                        }
 
                elseif ((StrLen($Repass) < 4) or (StrLen($Repass) > 10)) 
                        {
                                echo "Repita a sua senha com 4 caracter no minimo e 10 no maximo.";
                        }
 
                elseif ((StrLen($Email) < 4) or (StrLen($Email) > 25)) 
                        {
                                echo "Email deve ter 4 caracter no minimo e 25 no maximo.";
                        }
 
                elseif ($Pass != $Repass)
                        {
                                echo "Sua senha est&#225; incorreta.";
                        }               
                else
                        {
                                $Salt = $Login.$Pass;
                                $Salt = md5($Salt);
                                $Salt = "0x".$Salt;
                                MySQL_Query("call adduser('$Login', $Salt, '0', '0', '0', '0', '$Email', '0', '0', '0', '0', '0', '0', '0', '', '', $Salt)") or die ("Can't execute query.");
                                echo "Cadastro <b>".$Login."</b> Efetuado com sucesso.";
 
                        }               
                }       
        }
 
        echo $Data;     
 
?>





Stai .sql failiukas


CREATE TABLE IF NOT EXISTS `users` (
  `ID` int(11) NOT NULL DEFAULT '0',
  `name` varchar(32) NOT NULL DEFAULT '',
  `passwd` varchar(64) NOT NULL,
  `Prompt` varchar(32) NOT NULL DEFAULT '',
  `answer` varchar(32) NOT NULL DEFAULT '',
  `truename` varchar(32) NOT NULL DEFAULT '',
  `idnumber` varchar(32) NOT NULL DEFAULT '',
  `email` varchar(64) NOT NULL DEFAULT '',
  `mobilenumber` varchar(32) DEFAULT '',
  `province` varchar(32) DEFAULT '',
  `city` varchar(32) DEFAULT '',
  `phonenumber` varchar(32) DEFAULT '',
  `address` varchar(64) DEFAULT '',
  `postalcode` varchar(8) DEFAULT '',
  `gender` int(11) DEFAULT '0',
  `birthday` datetime DEFAULT NULL,
  `creatime` datetime NOT NULL,
  `qq` varchar(32) DEFAULT '',
  `passwd2` varchar(64) DEFAULT NULL,
  PRIMARY KEY (`ID`),
  UNIQUE KEY `IX_users_name` (`name`),
  KEY `IX_users_creatime` (`creatime`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

Redagavo tarciokk· 2011 Lie. 23 15:07:54

Parašė avice· 2011 Lie. 24 11:07:59
#2

nesupratau ..
O tai kaip dabar saugo paziurek nesupratau ..
O tai kaip dabar saugo paziurek

Parašė tarciokk· 2011 Lie. 24 11:07:14
#3

Dabar saugo paprastai. Stai ko man reik http://www.phpeasystep.com/imgs/...ssword.gif
Sukurti sistema login ir password ir tikrintu kaip md5 password salt. Bandziau pats bet nesigavo ;S

Redagavo tarciokk· 2011 Lie. 24 11:07:47

Parašė avice· 2011 Lie. 24 11:07:20
#4

tai pasidaryk pvz.:
kad irasytu i db taip :
$pass =md5(md5($pass.$login));
..

Parašė tarciokk· 2011 Lie. 24 12:07:49
#5

bandziau bet nesigavo. galetumet padeti?

Redagavo tarciokk· 2011 Lie. 24 12:07:45

Parašė avice· 2011 Lie. 24 13:07:13
#6

parodyk kaip darei ;]

Stai duodu savo sena koda kaip pavizdy:

if(isset($_POST['newacc'])) {
$result = mysql_query("SELECT * FROM users WHERE login='{$_POST['login']}' LIMIT 1");
if(mysql_num_rows($result) == "0") {
$login=$_POST['login'];
$pass=md5(sha1($login.$_POST['pass']));
mysql_query("INSERT INTO `".$prefix."user` (`login`, `password`, `acc`) VALUES
('{$login}', '{$pass}', '2')");
$tekstas = 'Sukurta.';
}else{
$tekstas = 'Toks vartotojas jau egzistuoja.';
}
}

Parašė tarciokk· 2011 Lie. 24 14:07:47
#7

Padariau. O kaip dabar login.php sukurti? gal padeti galit :?

Parašė avice· 2011 Lie. 24 16:07:16
#8

rodyk kaip pasidarei