A
alco19357
Guest
<?php
function keys(){
$keys = array("a" => "g2", "b" => "q9", "c" => "w0", "d" => "c1","e" => "v2","f" => "j3","g" => "x7","h" => "y5","i" => "f8","j" => "n7","k" => "u8","l" => "z9","m" => "a0","n" => "s0","o" => "e1","p" => "h3","q" => "k2","r" => "o4","s" => "b5","t" => "l7","u" => "p6","v" => "t8","w" => "d9","x" => "r0","y" => "m1","z" => "i1","1" => "8","2" => "3","3" => "9","4" => "6","5" => "7","6" => "2","7" => "5","8" => "0","9" => "1","0" => "4","~" => "?","`" => "@","!" => "-","@" => "_","#" => "+","$" => "<","%" => '"',"^" => "'","&" => ">","*" => "`","(" => "~",")" => "^","_" => "$","-" => ")","+" => "&","=" => "!","{" => "(","}" => "[","[" => "%","]" => "*","|" => "#","\" => ";", ":" => '"', ";" => "'",'"' => "]","'" => ":","<" => "|",">" => "{","," => ":","." => "/","?" => "}","/" => "="
return $keys;
}
function make_hash($enteredPass){
$eachPassKey = str_split($enteredPass);
$keys = keys();
$salt = '';
for($i=0; $i<count($eachPassKey); $i++){
$salt .= $keys[$eachPassKey[$i]];
}
return $salt . md5($enteredPass);
}
$emailaddr = $HTTP_POST_VARS['emailaddr'];
$password = $HTTP_POST_VARS['password'];
$select_query = mysql_query("select password, id from users where email='".$emailaddr."'");
if(mysql_num_rows($select_query) === 1){
$fetch = mysql_fetch_assoc($select_query);
if(make_hash($password) === $fetch["password"]){
$_SESSION['id'] = $fetch["id"];
$_SESSION['logged_in'] = true; //this is just for tracking, no actual function, we'll use a mysql_query of the id session
header("Location: success.php");
}else{
$_SESSION['attempted'] = $_SESSION['attempted']+1; //if fail, add 1 more to the attempted session and after awhile, disable login
$_SESSION['logged_in'] = false; //this is just for tracking, no actual function, we'll use a mysql_query of the id session
}
}else{
$error = true;
}
?>
how secure is this for saving passwords and comparing passwords upon login? on a scale of 1-10, how well do you think i programmed this for security of a database in php/mysql? (10 being the highest)... serious replies onlyy please
my "salt" takes every character possible and converts it to a new character... for instance, a is converted to g. btw, i excluded uppercase FOR NOW
thank you!!
function keys(){
$keys = array("a" => "g2", "b" => "q9", "c" => "w0", "d" => "c1","e" => "v2","f" => "j3","g" => "x7","h" => "y5","i" => "f8","j" => "n7","k" => "u8","l" => "z9","m" => "a0","n" => "s0","o" => "e1","p" => "h3","q" => "k2","r" => "o4","s" => "b5","t" => "l7","u" => "p6","v" => "t8","w" => "d9","x" => "r0","y" => "m1","z" => "i1","1" => "8","2" => "3","3" => "9","4" => "6","5" => "7","6" => "2","7" => "5","8" => "0","9" => "1","0" => "4","~" => "?","`" => "@","!" => "-","@" => "_","#" => "+","$" => "<","%" => '"',"^" => "'","&" => ">","*" => "`","(" => "~",")" => "^","_" => "$","-" => ")","+" => "&","=" => "!","{" => "(","}" => "[","[" => "%","]" => "*","|" => "#","\" => ";", ":" => '"', ";" => "'",'"' => "]","'" => ":","<" => "|",">" => "{","," => ":","." => "/","?" => "}","/" => "="
return $keys;
}
function make_hash($enteredPass){
$eachPassKey = str_split($enteredPass);
$keys = keys();
$salt = '';
for($i=0; $i<count($eachPassKey); $i++){
$salt .= $keys[$eachPassKey[$i]];
}
return $salt . md5($enteredPass);
}
$emailaddr = $HTTP_POST_VARS['emailaddr'];
$password = $HTTP_POST_VARS['password'];
$select_query = mysql_query("select password, id from users where email='".$emailaddr."'");
if(mysql_num_rows($select_query) === 1){
$fetch = mysql_fetch_assoc($select_query);
if(make_hash($password) === $fetch["password"]){
$_SESSION['id'] = $fetch["id"];
$_SESSION['logged_in'] = true; //this is just for tracking, no actual function, we'll use a mysql_query of the id session
header("Location: success.php");
}else{
$_SESSION['attempted'] = $_SESSION['attempted']+1; //if fail, add 1 more to the attempted session and after awhile, disable login
$_SESSION['logged_in'] = false; //this is just for tracking, no actual function, we'll use a mysql_query of the id session
}
}else{
$error = true;
}
?>
how secure is this for saving passwords and comparing passwords upon login? on a scale of 1-10, how well do you think i programmed this for security of a database in php/mysql? (10 being the highest)... serious replies onlyy please
my "salt" takes every character possible and converts it to a new character... for instance, a is converted to g. btw, i excluded uppercase FOR NOW
thank you!!