32 bit password instead of 16

**smithster** · 06-07-2007, 02:09 AM

I have a login script for a web application that I am still currently scripting. The login script looks for a 16bit string for a password. I already have a bunch of users in my database and I just want to use their login info save them having to sign up again. I transferred the login info table to another database but the login script when used just says invalid password.

All the passwords in the database are 32 bit. How do I set the login script to look for 32 bit passwords instead of 16 bit.

If you need me to post the script let me know.

Thanks

Smithster

**Twey** · 06-07-2007, 10:07 AM

Of course we need you to post both scripts -- the original one and the new one.

Also, I doubt you really mean 16-bit and 32-bit passwords. In ASCII, 16 bits is two characters; 32 is four. In UTF-16, 16 bits is only one character. This is not a secure password.

**smithster** · 06-07-2007, 02:47 PM

Well I wouldn't really have a clue as I only found out about this today when I searched for "length of encripted passwords" because I noticed that the encription was twice as long in the original database.

I only have the sql file and the original login script. I didn't do anything to it as I only wanted to get it working first of all.

PHP Code:


CREATE TABLE tbl_auth_user (

user_id VARCHAR(10) NOT NULL,

user_password CHAR(32) NOT NULL,



PRIMARY KEY (user_id)

);



INSERT INTO tbl_auth_user (user_id, user_password) VALUES ('someuser', PASSWORD('somepass'));

If I use the SQL to create a user then it encripts the password to 16 characters.

PHP Code:


<?php

// we must never forget to start the session

session_start();



$errorMessage = '';

if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {

    // first check if the number submitted is correct

    $number   = $_POST['txtNumber'];

    

    if (md5($number) == $_SESSION['image_random_value']) {

        include 'library/config.php';

        include 'library/opendb.php';

        

        $userId   = $_POST['txtUserId'];

        $password = $_POST['txtPassword'];

    

        

        // check if the user id and password combination exist in database

        $sql = "SELECT user_id 

                FROM tbl_auth_user

                WHERE user_id = '$userId' AND user_password = PASSWORD('$password')";

        

        $result = mysql_query($sql) or die('Query failed. ' . mysql_error()); 

        

        if (mysql_num_rows($result) == 1) {

            // the user id and password match, 

            // set the session

            $_SESSION['image_is_logged_in'] = true;



            // remove the random value from session            

            $_SESSION['image_random_value'] = '';

            

            // after login we move to the main page

            header('Location: main.php');

            exit;

        } else {

            $errorMessage = 'Sorry, wrong user id / password';

        }

        

        include 'library/closedb.php';

    } else {

        $errorMessage = 'Sorry, wrong number. Please try again';

    }    

}

?>

<html>

<head>

<title>Basic Login</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

</head>



<body>

<?php

if ($errorMessage != '') {

?>

<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>

<?php

}

?>

<form action="" method="post" name="frmLogin" id="frmLogin">

 <table width="500" border="1" align="center" cellpadding="2" cellspacing="2">

  <tr>

   <td width="150">User Id</td>

   <td><input name="txtUserId" type="text" id="txtUserId"></td>

  </tr>

  <tr>

   <td width="150">Password</td>

   <td><input name="txtPassword" type="password" id="txtPassword"></td>

  </tr>

  <tr>

   <td width="150">Enter Number</td>

   <td><input name="txtNumber" type="text" id="txtNumber" value="">

    &nbsp;&nbsp;<img src="randomImage.php"></td>

  </tr>



  <tr>

   <td width="150">&nbsp;</td>

   <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>

  </tr>

 </table>

</form>

</body>

</html>