foreach($_POST AS $key => $value) $submitted[$key]=$value;
-$saltplus=md5($_SERVER[REMOTE_ADDR].":".$_SERVER[REMOTE_PORT]."|".$_SERVER[HTTP_USER_AGENT]);
$salt=md5($_SERVER[REMOTE_ADDR]."|".$_SERVER[HTTP_USER_AGENT]);
-//(md5(md5('jasper').$salt) == $vars[user]) ? $vun = "Username validated" : $vun = "Username incorrect";
-//(md5(md5('test' ).$salt) == $vars[pass]) ? $vpw = "Password validated" : $vpw = "Password incorrect";
-//echo $vun . ' <br/> ' . $vpw;
-
if ($tools=="logout"){
session_destroy();
$_SESSION[creds][validated]=false;
$smarty = new Smarty;
$smarty->assign('salt',$salt);
-$smarty->assign('vun',$vun);
-$smarty->assign('vpw',$vpw);
$smarty->assign('debug',$debug);
$smarty->display('login.tpl');
$query="SELECT * FROM users";
$q_result = mysql_query($query);
while ($fetched_object = mysql_fetch_object($q_result)){
- if (md5(md5($fetched_object->user_name).$salt) == $vars[user]){
+ if ($fetched_object->user_name == $vars[user]){
if (md5($fetched_object->user_pass.$salt) == $vars[pass]){
//validated
$creds[user_id] = $fetched_object->user_id;
<script language="javascript">
function hasher(){ldelim}
var salt = '{$salt}';
- document.loginform.user.value=hex_md5(hex_md5(document.loginform.user.value)+salt);
document.loginform.pass.value=hex_md5(hex_md5(document.loginform.pass.value)+salt);
{rdelim}
</script>
projects / squasher.git / commitdiff