-2

I want to create kinda authentication system for my site, but I encountered problem with MD5 function - it's not working correctly, look at snippet below:

$valid_request = 0;
$login = "";
$passwordMD5 = "";
$hardwareidMD5 = "";
$hash1 = "";
$hash2 = "";
// a - username
// b - hardwareid md5 hash
// c - password md5 hash
// d - hash of (a+b+c)
// e - hash of (a+b+c+d)
if(isset($_GET['a']) && isset($_GET['b']) && isset($_GET['c']) 
    && isset($_GET['d']) && isset($_GET['e']) )
{
    $login = $_GET['a'];
    if(strlen($login) <= 32 && strlen($login) >= 1 && isValid($login,1) === 1)
    {   
        $passwordMD5 = $_GET['b'];
        if(strlen($passwordMD5) === 32 && isValid($passwordMD5,2) === 1)
        {
            $hardwareidMD5 = $_GET['c'];
            if(strlen($hardwareidMD5) === 32 && isValid($hardwareidMD5,2) === 1)
            {
                $valid_request = 1;
                $hash1 = MD5($login+$passwordMD5+$hardwareidMD5);
                $hash2 = MD5($login+$passwordMD5+$hardwareidMD5+$hash1);
                echo "HASH1: $hash1\n"."HASH2: $hash2\n";
            }else $valid_request = 0;
        }else $valid_request = 0;
    }else $valid_request = 0;       
}else
    $valid_request = 0;

problem is in this lines:

$hash1 = MD5($login+$passwordMD5+$hardwareidMD5);
$hash2 = MD5($login+$passwordMD5+$hardwareidMD5+$hash1);
echo "HASH1: $hash1\n"."HASH2: $hash2\n";

it's always printing twice same md5, page source looks like this:

HASH1: cfcd208495d565ef66e7dff9f98764da
HASH2: cfcd208495d565ef66e7dff9f98764da
encore leet
  • 19
  • 2

1 Answers1

3

The problem is that you are trying to concatenate the argument of the md5 functions with + instead of ..

But if you allow me, I would like to suggest to you not to use the md5 for passwords anymore. Use sha256 instead.Here is a link to the explanation: Reasons why SHA512 is superior to MD5

Community
  • 1
  • 1
Lucas Piske
  • 370
  • 2
  • 16