Password Protecting?

[SMOKEY_TEK]

I was wondering if anybody who has messed around with the "GRPG" script, if so would you know how to md5 the passwords when a someone registers an account. I tried doing this:

 

 $password = md5($_POST["newpass"]);
 $password2 = md5($_POST["newpassagain"]);

 

It does work, but when I log in, the font size is HUGE, and I have to click "Home" again for the font size to go back to normal size... Any solutions on how I could fix this problem???? Please help me or if you have any other ways to md5 passwords...

 

Thank you,

SMOKEY_TEK

[Jordan Palmer]

NOT TESTED;

Replace login.php with this

 

<?
include(DIRNAME(__FILE__) . '/nliheader.php');

if(isset($_POST['submit'])){
$username = mysql_real_escape_string($_POST['username']);
$password = $_POST['password'];
$hashpw = hash("sha512",$password); 
 $result = mysql_query("SELECT * FROM `grpgusers` WHERE `username`='$username'") or die("Name and password not found or not matched");
 $worked = mysql_fetch_array($result);
 $user_class = new User($worked['id']);

 if($worked['password'] == $hashpw) {  
if($user_class->rmdays > 0){
	echo '<meta http-equiv="refresh" content="0;url=index.php">';
} else {
  ?>
  <tr><td class="contenthead">GRPG Is Brought To You By:</td></tr>
  <tr><td class="contentcontent">


   [url="index.php"]Continue[/url]
Want to see your ad here? For only $20 a month you could put anything you want on this page! Contact me at [email][email protected][/email]
   </center>
   </td></tr>
  <?
  }
	$_SESSION['id'] = $worked['id'];
exit;
 } 
 else {
echo Message('Sorry, your username and password combination are invalid.');
 }
}
?>
<tr><td class="contenthead">
.: Login
</td></tr>
<tr><td class="contentcontent">
<form name='login' method='post' action='login.php'>
 <table width='25%' border='0' align='center' cellpadding='0' cellspacing='0'>
<tr>
 	<td width='35%' height='27'><font size='2' face='verdana'>Username</font></td>
 	<td width='65%'><font size='2' face='verdana'>
   	<input name='username' type='text' size='22'>
   	</font></td>
</tr>
<tr>
 	<td height='24'><font size='2' face='verdana'>Password</font></td>
 	<td><font size='2' face='verdana'>
   	<input name='password' type='password' size='22'>

   	</font></td>
</tr>
<tr>
 	<td></td>
 	<td><font size='2' face='verdana'>
   	<input type='submit' name='submit' value='Login'>
   	</font></td>
</tr>
 </table>
</form>



<center>
</center>
</td></tr>

<?
include(DIRNAME(__FILE__) . '/nlifooter.php');
?>

 

then replace register.php with this

 

<?php
include(DIRNAME(__FILE__) . '/nliheader.php');
$domain = $_SERVER['HTTP_HOST'];
$year=date("Y");
$IP = $_SERVER['REMOTE_ADDR'];
if (isset($_POST['submit'])) {

 $username = strip_tags(mysql_real_escape_string($_POST["newname"]));
 $signuptime = time();
 $password = hash("sha512", $_POST['newpass']);
 $password2 = hash("sha512", $_POST['newpassagain']);
 $email = mysql_real_escape_string($_POST["email"]);
 $checkuser = mysql_query("SELECT * FROM `grpgusers` WHERE `username`='$username'");

 $username_exist = mysql_num_rows($checkuser);

 if($username_exist > 0){
$message .= "<div>I'm sorry but the username you chose has already been taken.  Please pick another one.</div>";
 }
 if(strlen($username) < 4 or strlen($username) > 20){
$message .= "<div>The username you chose has " . strlen($username) . " characters. You need to have between 4 and 20 characters.</div>";
 }
 if(strlen($password) < 4 or strlen($username) > 20){
$message .= "<div>The password you chose has " . strlen($password) . " characters. You need to have between 4 and 20 characters.</div>";
 }
 if($password != $password2){
$message .= "<div>Your passwords don't match. Please try again.</div>";
 }
 if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {
$message .= "<div>The e-mail address you entered was invalid.</div>";
 }
if(file_exists('ipbans/'.$IP))
{
echo Message('[b]You\'re IP has been banned from the site, Please email IPbanned@'.$domain.'[/b]');
}

 //insert the values
 if (!isset($message)){
$result= mysql_query("INSERT INTO `grpgusers` (ip, username, password, email, signuptime, lastactive)".
"VALUES ('".$IP."', '$username', '$password', '$email', '$signuptime', '$signuptime')");
echo  'Your account has been created successfully! Redirecting to login page in 5 seconds. <meta http-equiv="refresh" content="5;url=login.php">';

if ($_POST['referer'] != ""){
$result= mysql_query("INSERT INTO `referrals` (`when`, `referrer`, `referred`)".
"VALUES ('$signuptime', '".$_POST['referer']."', '".$username."')");
}

exit;
 }
}
?>
<?
if (isset($message)) {
echo Message($message);
}
?>
<tr><td class="contenthead">
.: Register
</td></tr>
<tr><td class="contentcontent">
 <table width='28%' border='0' align='center' cellpadding='0' cellspacing='0'>
<form name='register' method='post' action='register.php'>
<tr>
 	<td height='26'><font size='2' face='verdana'>Username:
</font></td>
 	<td><font size='2' face='verdana'>
   	<input type='text' name='newname'>
   	</font></td>
</tr>
<tr>
 	<td height='28'><font size='2' face='verdana'>Password: 
</font></td>
 	<td><font size='2' face='verdana'>
   	<input type='password' name='newpass'>
   	</font></td>
</tr>
<tr>
 	<td height='28'><font size='2' face='verdana'>Confirm Password: 
</font></td>
 	<td><font size='2' face='verdana'>
   	<input type='password' name='newpassagain'>
   	</font></td>
</tr>
<tr>
 	<td height='26'><font size='2' face='verdana'>Email address: 
</font></td>
 	<td><font size='2' face='verdana'>
   	<input type='text' name='email'>
   	</font></td>
</tr>
<tr>
 	<td></td>
 	<td><font size='2' face='verdana'>
 	<input type='hidden' name='referer' value='<? echo $_GET['referer'] ?>'>
   	<input type='submit' name='submit' value='Register'>
   	</font></td>
</tr>
 </table>
 </form>


<center>
<?
echo '© '.$domain.' 2010 - '.$year.' '; ?>
</center>
 </td></tr>
<?
include 'nlifooter.php';
?>

 

THIS ISN'T TESTED:

This is using sha512 hash not md5;

Alter the db row too varchar(255)

 

This should work fine;

[Djkanna]

TEXT may be better than VARCHAR (255)