I got the script working so, I'm posting a script that work for me. If you
wanna try it out or use it then you'll need to get the MD5.js that come with
the libPHP. Just download the libPHP and pull out only one file, MD5.js and
then junk the libPHP.
I found one thing interesting about this code is that whether the login is
successfull or failed. The password will not be shown, neither is the
encrypted password. That is a good thing.
I had to create a Session ID also.
You'll have to forgive me for include some script for PHP 4.0.6 and PHP
4.2.3 since I'm stuck with one of the employee who doesn't have time to
upgrade one of the website.
--clip--
<?
//PHP 4.0.x Only ==============================
if ($auth == "true") {
//Initialize the Session Cookie......
@session_start();
@session_register("admin_detail");
//=============================================
//PHP 4.2.x Only ==============================
//if ($_REQUEST['auth'] == "true") {
// //Initialize the Session Cookie......
// @session_start();
//=============================================
$SID = session_name()."=".session_id();
//PHP 4.0.x Only ==============================
//Validating the User's Login Attempt.....
if (($user == "administrator")&&($HiddenField ==
md5(md5("passwordExample123").$admin_detail['random_number']))) {
//=============================================
//PHP 4.2.x Only =============================
////Validating the User's Login Attempt.....
//if (($_REQUEST['user'] == "administrator")&&($_REQUEST['HiddenField']
== md5(md5("passwordExample123").$_SESSION['random_number']))) {
//=============================================
header("Location:
http://www.whatever.com/admin/main_index.php?$SID";);
} else {
$login_action = "Failed!!";
}
} else {
//Creation of the Session ID.....
$salt = strtoupper(md5(uniqid(rand())));
session_id($salt);
session_start();
//PHP 4.0.x Only ==============================
session_register('admin_detail');
$admin_detail['random_number'] = rand();
//=============================================
//PHP 4.2.x Only ===========================
//$_SESSION['random_number'] = rand();
//=============================================
}
?>
<script language="javascript1.2" src="scripts/md5.js"
type="text/javascript"></script>
<script language="javascript1.2" type="text/javascript">
function encryptPass(formObj) {
formObj.HiddenField.value =
MD5(MD5(formObj.pass.value)+formObj.RandomString.value);
formObj.pass.value="";
return true;
}
</script>
<? echo "<form name='LoginForm' method='post'
action='dp_admin_auth.php?".SID."&auth=true'
onSubmit='encryptPass(document.LoginForm)'>"; ?>
<table border="0" cellpadding="0" cellspacing="0" align="center"
width="600">
<tr>
<td class="normal">
Use the Login to access the Administration Site.
</td>
<td>
<table border='1' align='right'>
<tr>
<td>
<table width='175' cellpadding='0' cellspacing='0' border='0'>
<tr>
<td align='center'><br>
Username:
<input type='text' name='user' size='10' maxlength='14'>
<br><br>
Password:
<input type='password' name='pass' size='10' maxlength='14'>
<br><br>
</td>
</tr>
<tr>
<td align='center'>
<input type='submit' value=' Login '>
<input type='reset' value=' Clear '><br><br>
<?
//PHP 4.0.x Only ==============================
echo "<input type='hidden' name='RandomString'
value='".$admin_detail['random_number']."'>";
//=============================================
//PHP 4.2.3 Only ============================
//echo "<input type='hidden' name='RandomString'
value='".$_SESSION['random_number']."'>";
//=============================================
echo "<input type='hidden' name='HiddenField' value='Null'>";
?>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="dp_support1">
<?
if($login_action == "Failed!!") {
echo " <span
style='color:#FF0000;'>The Login Attempt had Failed!!</span>";
}
?>
</td>
</tr>
</table>
</form>
--clip--
Enjoy!
FletchSOD
"Scott Fletcher" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Here's the message I got from someone. It is pretty cool!
>
> --clip--
> if U want MD5 for Java Script try down load PHPLib and search in this
> package. and you will find MD5 script with Java Script.
>
> --clip--
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
