I want to create kinda authentication system for my site, but I encountered problem with MD5 function - it's not working correctly, look at snippet below:
$valid_request = 0;
$login = "";
$passwordMD5 = "";
$hardwareidMD5 = "";
$hash1 = "";
$hash2 = "";
// a - username
// b - hardwareid md5 hash
// c - password md5 hash
// d - hash of (a+b+c)
// e - hash of (a+b+c+d)
if(isset($_GET['a']) && isset($_GET['b']) && isset($_GET['c'])
&& isset($_GET['d']) && isset($_GET['e']) )
{
$login = $_GET['a'];
if(strlen($login) <= 32 && strlen($login) >= 1 && isValid($login,1) === 1)
{
$passwordMD5 = $_GET['b'];
if(strlen($passwordMD5) === 32 && isValid($passwordMD5,2) === 1)
{
$hardwareidMD5 = $_GET['c'];
if(strlen($hardwareidMD5) === 32 && isValid($hardwareidMD5,2) === 1)
{
$valid_request = 1;
$hash1 = MD5($login+$passwordMD5+$hardwareidMD5);
$hash2 = MD5($login+$passwordMD5+$hardwareidMD5+$hash1);
echo "HASH1: $hash1\n"."HASH2: $hash2\n";
}else $valid_request = 0;
}else $valid_request = 0;
}else $valid_request = 0;
}else
$valid_request = 0;
problem is in this lines:
$hash1 = MD5($login+$passwordMD5+$hardwareidMD5);
$hash2 = MD5($login+$passwordMD5+$hardwareidMD5+$hash1);
echo "HASH1: $hash1\n"."HASH2: $hash2\n";
it's always printing twice same md5, page source looks like this:
HASH1: cfcd208495d565ef66e7dff9f98764da
HASH2: cfcd208495d565ef66e7dff9f98764da
The problem is that you are trying to concatenate the argument of the md5 functions with +
instead of .
.
But if you allow me, I would like to suggest to you not to use the md5 for passwords anymore. Use sha256 instead.Here is a link to the explanation: Reasons why SHA512 is superior to MD5
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.