MD5 with salt?

Ok after searching the forum I am thinking this can't be done as the redirect page says login failed. Anyways, the database I am connecting to (and cannot be changed) is using a email field (varchar255), a password field (char32) with MD5 encryption and a password_salt field (char3). Looking at the only user (1 record)...which is the admin the password_salt field data is "=0=" which I assume would be the same for all user.

I was able to create the form and the redirects forms but having no success in an actual success for a login. I am assuming because I have to use MD5 for the encryption for the password field and that does not generate the extra file in the webassist folder called "wa_securitykey.php" which I guess is required for salt. Is there anyway to hardcode it.

Thank you in advance for your time.

John

what version of security assist are you using?

the salt should not be stored in the database. The wa_secuirtykey.php file should be created in the webassist/security_assist folder. the salt should be set in that file.

also, the password field should be a varchar filed, not a char filed.


send a copy for the registration page and the login page please.

WOW!!! Very sorry for taking such a long time to respond and I want to thank you for trying to help so fast. I have searched hundreds of threads and searched many keywords...their search on this application is not as good as yours and they have pretty much no documentation. Below is what I found so far in regards to their application. Your software is so much easier to use and that is why I want to create separate forms using your software instead to interface with their database to confirm the user is log in as well as making a new log in form connecting to their database. Thanks in advance for any help.

The final field we require for this table is the password. It is split up into 2 fields:
password
password_salt

The field: password
holds a 32 character salted MD5 hashed version of their password. In order to get this value we use the following PHP code:

md5(md5($PASSWORD) . md5($SALT))

The variable: $PASSWORD
holds the users password. The variable:

$SALT
holds a random set of characters. The PHP function we use is:

function getSalt($iTotal = 3)
{
$sSalt = '';
for ($i = 0; $i < $iTotal; $i++)
{
$sSalt .= chr(rand(33, 91));
}
return $sSalt;
}

For the field: password_salt
we input the value for the salt we created earlier and used in the MD5 hash.

This would take hand coding to accomplish. You would need a recordset to lookup the entered email address, and return the salt for that email address, use the recordset value for the salt in the wa_secuirtykey.php file

Thank you....I will attempt that...even with my limited skill set :)

Ok Jason...I learned a lot and hopefully you can direct me some more. I will only put part of the code since I think you know the easy parts already.

1. I was able to make an HTML file with an email and password field with submit button...blah blah blah :)
2. Made a PHP file started a session for the email and password.
3. Opened a database connection found the matching email.
4. Pulled the salt from the database ($salt = $row['password_salt'];)
5. Then took the session password and applied encryption ($password = md5(md5($password) . md5($salt));)
6. Then called the database again and compared $password with the database password (if ($respassword == $password) {)
7. Came back echo...congrats login.

Now even though it comes in login....nothing was set in their software so when I attempted to do location redirect it would only go to the log in page. So within the if statement of being login at attempted to use their service (which it worked).

8. Connect to their service.

define('TheirService', true);
define('TheirService_DS', DIRECTORY_SEPARATOR);

define('TheirService_DIR', dirname(__FILE__) . TheirService_DS . 'SomeFolder' . TheirService_DS);

define('TheirService_START_TIME', array_sum(explode(' ', microtime())));
require(TheirService_DIR . 'include' . TheirService_DS . 'ini.inc.php');

list($bSuccess, $aUser) = TheirService::getService('user.auth')->login($semail, $sPassword);

if ($bSuccess == true)
{
{header("Location: http://localhost/Domain/folder/index.php?do=/place/");
exit;

Now everything works...I can use their service to pull stuff from the database but I want to use my own login form...or I really mean to use your forms and software for an outside product so when they update their stuff it won't affect me unless they change the tables and field names...which they won't. I know you said I had to put the salt in wa_secuirtykey.php file but since MD5 does not use that in your software I am not too sure what you want me to learn or do as I added the login form and tried several things but nothing works. I am somewhat new at this and this last stuff took me at least a week to learn...although happy to learn it...very stressful figuring it myself. Like I said...I want to use webassist software to create forms, security and everything else webassist has I have purchased most of it but use their database to store info and retrieve info as well. If you could give me a helping hand I would really appreciate it....thank you in advance for your time :)

JohnJr

I'm not really sure what your question is, see private message.