WEB allowing a script to process multiple passwords...

Discussion in 'OT Technology' started by JEWbacca, Jul 23, 2009.

  1. JEWbacca

    JEWbacca =/

    Joined:
    May 10, 2001
    Messages:
    2,230
    Likes Received:
    0
    Location:
    Long Beach, CA
    I'm using a small cms script to manage a site, but the script only allow for one password to be used.

    The password is stored hashed in a php file in this format: <?php $user_password = '3dZNy6Ya9cGDw'; ?>

    Is there a simple way to call a password list where I can store several (5 or so) hashed passwords all of which are valid?
     
  2. fishbulb

    fishbulb Active Member

    Joined:
    Oct 29, 2001
    Messages:
    6,848
    Likes Received:
    4
    Location:
    md
    Code:
    
    <?php
    
    $valid_passwords = Array('3dZNy6Ya9cGDw','love,'secret','sex','god');
    
    if(in_array($_POST['password'],$valid_passwords)){
    
     // valid pass
     // do stuff
    
    }else{
    
     // invalid pass
    
    }
    
    ?>
    
    
     
  3. JEWbacca

    JEWbacca =/

    Joined:
    May 10, 2001
    Messages:
    2,230
    Likes Received:
    0
    Location:
    Long Beach, CA
    Thanks.

    Would this also work then?

    <?php $valid_passwords = Array('3dZNy6Ya9cGDw','love,'secret','sex','god'); ?>


    <?php $user_password = '$valid_passwords'; ?>
     
  4. TurkeyChicken

    TurkeyChicken New Member

    Joined:
    Jun 26, 2003
    Messages:
    42,913
    Likes Received:
    0
    Location:
    Albuquerque, NM
    why are you storing user passwords in the php file itself?
     
  5. intrktevo

    intrktevo New Member

    Joined:
    Oct 18, 2004
    Messages:
    5,781
    Likes Received:
    0
    Location:
    UCF
    No, that would not work because $user_password would not be an array containing all the valid passwords. Additionally, a single = means you are setting the array to $user_password, which would cause anything to work. To compare strings you would use == or ===. In this case, you will need to use in_array() as fish_bulb already mentioned.
     
  6. JEWbacca

    JEWbacca =/

    Joined:
    May 10, 2001
    Messages:
    2,230
    Likes Received:
    0
    Location:
    Long Beach, CA
    I played with the arrays but had little luck... here is what i'm working with:

    } if (($_SESSION['pass_hash_user'] != $user_password) || ($_POST['pass_string_hash'] != $string_response) || ($_POST['agenthash'] != $agent_response)) {

    more or less I want it to check against $user_password or $admin_password instead of just the $user_password..
     
  7. JEWbacca

    JEWbacca =/

    Joined:
    May 10, 2001
    Messages:
    2,230
    Likes Received:
    0
    Location:
    Long Beach, CA
    I think I figured it out....

    } if ((($_SESSION['pass_hash_user'] != $admin_password) && ($_SESSION['pass_hash_user'] != $user_password)) || ($_POST['pass_string_hash'] != $string_response) || ($_POST['agenthash'] != $agent_response)) {
     
  8. macistaniMac

    macistaniMac New Member

    Joined:
    Jul 6, 2006
    Messages:
    176
    Likes Received:
    0
    Haven't done php in a while, but the quick pseudo fix would be...

    $ArrayofPasswords = ("dsafsd", "sdfsdf", "sdfdsf");
    $realPasswordVariableAlreadyInScript = "SDFSDFSDFSADGDSASD";

    if (InArray($userSubmittedPassword, ArrayofPasswords))
    {
    $userPasswordVariableScriptLooksAt = $realPasswordVariableAlreadyInScript;
    }
    else
    {
    $userPasswordVariableScriptLooksAt = "WROGNWRONGWRONG";
    }


    Also, don't store passwords in sessions, that's retarded.
    Lazy fix for that...

    OnLogin { SESSION[expiretime] = NOW + "5 minutes" }

    if (SESSION[expiretime] > NOW) { FORCE LOGOUT }
    else
    { //Slide Expire
    SESSION[expiretime] = NOW + 5 minutes;
    //Do Stuff
    }


    I leave it to other, more talented individuals to write actual php for this.
     

Share This Page