<?php include('includes/connection.php'); $str=''; for($i=7;

1. <?php
2. include('includes/connection.php');
3.  
4. $str='';
5. for($i=7;$i>0;$i--)
6. {
7. $str=$str.chr(rand(97,122));
8. }
9. $salt=$str;
10. ?>
11.  
12. <!DOCTYPE html>
13. <html lang="en" >
14.  
15. <head>
16. <meta charset="UTF-8">
17. <title>Sign-Up/Login Form</title>
18.  
19. <link rel="stylesheet" href="css/font.css">
20. <link rel="stylesheet" href="css/normal.css">
21. <link rel="stylesheet" href="css/style.css">
22. <script src='js/jquery.min.js' ></script>
23. <script src="js/sha512.js"></script>
24.  
25.  
26.  
27. </head>
28.  
29. <body>
30.  
31. <div class="form">
32.  
33. <div id="login">
34. <h1>Login Panel</h1>
35.  
36. <form action="forlogin.php" method="post">
37.  
38. <div class="field-wrap">
39. <label>
40. Username<span class="req">*</span>
41. </label>
42. <input type="text" name="username" id="username" required autocomplete="off"/>
43. </div>
44.  
45. <div class="field-wrap">
46. <label>
47. Password<span class="req">*</span>
48. </label>
49. <input type="password" id="pwd" name="password" required autocomplete="off"/>
50. </div>
51. <div class="field-wrap">
52. <?php echo Securimage::getCaptchaHtml() ?>
53. </div>
54. <br><button name="submit" value="submit" class="button button-block"/>Log In</button>
55. </form>
56.  
57. </div>
58.  
59. </div><!-- tab-content -->
60.  
61. </div> <!-- /form -->
62.  
63.  
64. <script src='js/index.js' ></script>
65.  
66.  
67. <script type="text/javascript">
68. document.getElementById('pwd').onchange = function()
69. {
70. var salt = "<?php echo $salt ?>";
71. var txt_string = document.getElementById('pwd').value;
72. var plainhash=document.getElementById('pwd').value =encrpt(txt_string);
73. var passhash= plainhash+salt;
74. var final_hash= document.getElementById('pwd').value =encrpt(passhash);
75.  
76. console.log("This is your plain password which you entered: " , txt_string);
77. console.log("This is your salt which is fetched: ", salt);
78. console.log("This is your simple sha512 hash: ", plainhash);
79. console.log("This is your plainhash + salt: ", passhash);
80. console.log("This is your salted hash", final_hash);
81. return false;
82. }
83.  
84. </script>
85.  
86.  
87. <?php
88.  
89.  
90. $username=$_POST['username'];
91. $pass=$_POST['password'];
92.  
93. // $hashed = hash('sha512',$pass);
94. // $new_pa = $hashed.$salt;
95. // $final = hash('sha512',$new_pa);
96.  
97.  
98.  
99. $sql="SELECT * FROM `users` WHERE username = '$username'";
100. $result= mysql_query($sql);
101.  
102. if($row = mysql_fetch_array( $result )){
103.  
104. $new_pass= $row['password'];
105. }
106. $new_admin = $new_pass.$salt;
107.  
108. $salted_new =hash('sha512',$new_admin);
109.  
110. if($pass == $salted_new)
111. {
112.  
113. echo "success";
114. }
115. else
116. {
117.  
118. echo "<br>not success";
119. }
120.  
121.  
122.  
123.  
124.  
125. echo "<br>salt in variable: ".$salt;
126. echo "<br> Password from row: ".$new_pass;
127. echo "<br>password and salt: ".$new_admin;
128. echo "<br>salted hashed: ".$salted_new;
129. echo "<br> Password you entered : ".$pass;
130.  
131.  
132.  
133.  
134. ?>