PDA

View Full Version : MD5 hashing issue...I think... PHP



MDwebdev85
29 Jan 2010, 05:38 PM
I posted on webmaster-talk.com earlier, and figured I'd post here as well...


Hey guys, maybe someone can help me out on this one. I have a client (contract) through my work that asked for my assistance with an internal web site. It's a php site with a mySQL database. They migrated from a Red Hat server to a Sun Solaris 10 server and cannot log into anything with their passwords. They can select the tables and what not, and the link diag page shows a successful connection to the database. My concern was that the hashses for the passwords were being generated differently between the 2 different php engines.

Red Hat - 4.3.2

Sun Solaris - 4.4.5

Here's the log in form:
----------------------------------------------------------------------



<?php


function login($Code, $Password){
include("config.php");
$data = 'training';
$table = 'Agency';

if($Code == NULL || $Password ==NULL)
return "Agency Code or Password is incorrect";

//connects to database
if (!($link=mysql_pconnect($_SESSION['hostname'],$_SESSION['username'], $_SESSION['password']))) {
error(sprintf("error connecting to host %s, by user %s", $_SESSION['hostname'], $_SESSION['username']));
exit();
}

//select database
if (!mysql_select_db($data, $link)){
error(sprintf("error in executing %s database", $data));
error(sprintf("error:%d %s", mysql_errno($link), mysql_error($link)));
exit();
}

$query = "SELECT id, Code FROM $table WHERE ((Code = '$Code')) AND ((Password = md5('$Password')))";

//stores the result of the query to the array $result
if(!$result = mysql_query($query, $link)){
error(sprintf("Error in executing %s stmt", $result));
error(sprintf("error:%d %s", mysql_errno($link), mysql_error($link)));
exit();
}



//if the user exists
if(mysql_num_rows($result)){
//update last login and ip address


$date = mktime();
$id = mysql_result($result, 0, id);
$ip = ip();
$update = "UPDATE Agency SET Last_Visit = '$date', ip_address = '$ip' WHERE id = '$id'";

if(!mysql_query($update, $link)){
error(sprintf("Error in executing %s stmt", $update));
error(sprintf("error:%d %s", mysql_errno($link), mysql_error($link)));
exit();
}
$_SESSION['Code'] = mysql_result($result, 0, Code);
$_SESSION['AgencyID'] = mysql_result($result, 0, ID);

header("Location: $currentsite"); //after success it redirects
exit;
} else {
return "Username or Password is incorrect";
}
}


?>

--------------------------------------------------------------------------


Now, someone also mentioned to me that the encoding could be different. As in the old server interpreting the characters as ASCII or ANSI...and the new server interpreting the opposite. I'm not too sure, since I really haven't had to do this stuff before with passwords. I did see in the config.inc.php file the following:

--------------------------------------------------------------------------


<? php

* MySQL settings
*/
// Column types;
// varchar, tinyint, text and date are listed first, based on estimated popularity
$cfg['ColumnTypes'] = array(
'VARCHAR',
'TINYINT',
'TEXT',
'DATE',
'SMALLINT',
'MEDIUMINT',
'INT',
'BIGINT',
'FLOAT',
'DOUBLE',
'DECIMAL',
'DATETIME',
'TIMESTAMP',
'TIME',
'YEAR',
'CHAR',
'TINYBLOB',
'TINYTEXT',
'BLOB',
'MEDIUMBLOB',
'MEDIUMTEXT',
'LONGBLOB',
'LONGTEXT',
'ENUM',
'SET'
);

// Atributes
$cfg['AttributeTypes'] = array(
'',
'BINARY',
'UNSIGNED',
'UNSIGNED ZEROFILL'
);

// Available functions
if ($cfg['ShowFunctionFields']) {
$cfg['Functions'] = array(
'ASCII',
'CHAR',
'SOUNDEX',
'LCASE',
'UCASE',
'NOW',
'PASSWORD',
'MD5',
'ENCRYPT',
'RAND',
'LAST_INSERT_ID',
'COUNT',
'AVG',
'SUM',
'CURDATE',
'CURTIME',
'FROM_DAYS',
'FROM_UNIXTIME',
'PERIOD_ADD',
'PERIOD_DIFF',
'TO_DAYS',
'UNIX_TIMESTAMP',
'USER',
'WEEKDAY',
'CONCAT'
);

// Which column types will be mapped to which Group?
$cfg['RestrictColumnTypes'] = array(
'VARCHAR' => 'FUNC_CHAR',
'TINYINT' => 'FUNC_NUMBER',
'TEXT' => 'FUNC_CHAR',
'DATE' => 'FUNC_DATE',
'SMALLINT' => 'FUNC_NUMBER',
'MEDIUMINT' => 'FUNC_NUMBER',
'INT' => 'FUNC_NUMBER',
'BIGINT' => 'FUNC_NUMBER',
'FLOAT' => 'FUNC_NUMBER',
'DOUBLE' => 'FUNC_NUMBER',
'DECIMAL' => 'FUNC_NUMBER',
'DATETIME' => 'FUNC_DATE',
'TIMESTAMP' => 'FUNC_DATE',
'TIME' => 'FUNC_DATE',
'YEAR' => 'FUNC_DATE',
'CHAR' => 'FUNC_CHAR',
'TINYBLOB' => 'FUNC_CHAR',
'TINYTEXT' => 'FUNC_CHAR',
'BLOB' => 'FUNC_CHAR',
'MEDIUMBLOB' => 'FUNC_CHAR',
'MEDIUMTEXT' => 'FUNC_CHAR',
'LONGBLOB' => 'FUNC_CHAR',
'LONGTEXT' => 'FUNC_CHAR',
'ENUM' => '',
'SET' => ''
);

// Map above defined groups to any function
$cfg['RestrictFunctions'] = array(
'FUNC_CHAR' => array(
'ASCII',
'CHAR',
'SOUNDEX',
'LCASE',
'UCASE',
'PASSWORD',
'MD5',
'ENCRYPT',
'LAST_INSERT_ID',
'USER',
'CONCAT'
),

'FUNC_DATE' => array(
'NOW',
'CURDATE',
'CURTIME',
'FROM_DAYS',
'FROM_UNIXTIME',
'PERIOD_ADD',
'PERIOD_DIFF',
'TO_DAYS',
'UNIX_TIMESTAMP',
'WEEKDAY'
),

'FUNC_NUMBER' => array(
'ASCII',
'CHAR',
'MD5',
'ENCRYPT',
'RAND',
'LAST_INSERT_ID',
'COUNT',
'AVG',
'SUM'
)
);

} // end if


/**
* Unset magic_quotes_runtime - do not change!
*/
set_magic_quotes_runtime(0);

/**
* File Revision - do not change either!
*/
$cfg['FileRevision'] = '$Revision: 1.182 $';
?>

--------------------------------------------------------------------------

I've tried to do some searching online but haven't been successful in getting in the right direction. If anyone could point me in the right direction it would be greatly appreciated. I can post more info if need be. Thanks.

MDwebdev85
01 Feb 2010, 12:35 AM
Nevermind, I have fixed the problem... it was in fact a hashing problem.