View Full Version : 32 bit password instead of 16

06-07-2007, 02:09 AM
I have a login script for a web application that I am still currently scripting. The login script looks for a 16bit string for a password. I already have a bunch of users in my database and I just want to use their login info save them having to sign up again. I transferred the login info table to another database but the login script when used just says invalid password.

All the passwords in the database are 32 bit. How do I set the login script to look for 32 bit passwords instead of 16 bit.

If you need me to post the script let me know.



06-07-2007, 10:07 AM
Of course we need you to post both scripts -- the original one and the new one.

Also, I doubt you really mean 16-bit and 32-bit passwords. In ASCII, 16 bits is two characters; 32 is four. In UTF-16, 16 bits is only one character. This is not a secure password.

06-07-2007, 02:47 PM
Well I wouldn't really have a clue as I only found out about this today when I searched for "length of encripted passwords" because I noticed that the encription was twice as long in the original database.

I only have the sql file and the original login script. I didn't do anything to it as I only wanted to get it working first of all.

CREATE TABLE tbl_auth_user (
user_id VARCHAR(10) NOT NULL,
user_password CHAR(32) NOT NULL,

PRIMARY KEY (user_id)

INSERT INTO tbl_auth_user (user_id, user_password) VALUES ('someuser', PASSWORD('somepass'));

If I use the SQL to create a user then it encripts the password to 16 characters.

// we must never forget to start the session

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
// first check if the number submitted is correct
$number = $_POST['txtNumber'];

if (md5($number) == $_SESSION['image_random_value']) {
include 'library/config.php';
include 'library/opendb.php';

$userId = $_POST['txtUserId'];
$password = $_POST['txtPassword'];

// check if the user id and password combination exist in database
$sql = "SELECT user_id
FROM tbl_auth_user
WHERE user_id = '$userId' AND user_password = PASSWORD('$password')";

$result = mysql_query($sql) or die('Query failed. ' . mysql_error());

if (mysql_num_rows($result) == 1) {
// the user id and password match,
// set the session
$_SESSION['image_is_logged_in'] = true;

// remove the random value from session
$_SESSION['image_random_value'] = '';

// after login we move to the main page
header('Location: main.php');
} else {
$errorMessage = 'Sorry, wrong user id / password';

include 'library/closedb.php';
} else {
$errorMessage = 'Sorry, wrong number. Please try again';
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

if ($errorMessage != '') {
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="500" border="1" align="center" cellpadding="2" cellspacing="2">
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
<td width="150">Enter Number</td>
<td><input name="txtNumber" type="text" id="txtNumber" value="">
&nbsp;&nbsp;<img src="randomImage.php"></td>

<td width="150">&nbsp;</td>
<td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>

This is all I have really, hope it helps.


06-07-2007, 05:35 PM
And the other script?

06-07-2007, 09:34 PM
What other script?!?!? There is no other script!

06-08-2007, 01:22 PM
The script that generated the passwords originally.