I am creating an admin login. So I need a username and a hashed password. There will only be one user. I have an old script that allowed the admin to create users and add passwords. these passwords wrote to the db in a hashed form.
<?php session_start(); if ($_SESSION['valid'] == 'yes') { } else { header('Location: adminlogin.php'); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Atlas Nation-State RPG System</title> <link href="common/style.css" rel="stylesheet" type="text/css" /> </head> <body> <?php @include ("http://www.revora.net/events.php"); ?> <div id="wrapper"> <?php @include ("http://abzo.net/atlas/common/topnav.php"); ?> <div id="maintop"></div> <div id="maintile"> <div id="maintilenormal"><br /><h1>Add a New Nation</h1> <form method="post" action="do_addnation.php"> <fieldset> <legend>Nation/Password:</legend> <p><strong>Nation Name:</strong><br /> <input type="text" name="nation" size=25 maxlength=25></p> <p><strong>Password:</strong><br /> <input type="password" name="password" size=25 maxlength=25></p> </fieldset><br /> <fieldset> <legend>Map Location/Tech Level:</legend> <p><strong>Map Location:</strong><br /> <input type="text" name="maplocation" size=25 maxlength=25><br /> This marks the map location, usually denoted by a number on the world map. This number must be unique or it will cause an error in the database.</p> <p><strong>Technology Level:</strong><br /> <select name="tech" > <option value="1" selected="selected">1</option> <option value="2">2</option> <option value="3">3</option> </select><br /> Starting players should have a level one tech level and superpowers should be level two. This tech level determines what units and upgrades are avaliable to the player from the start of the game.</p> </fieldset><br /> <fieldset> <legend>Economic Resources:</legend> <p><strong>Starting RP:</strong><br /> <input type="text" name="rp" size=25 maxlength=25 value="100"><br /> This is the number of Resource Points this nation will start the game with.</p> <p><strong>Base RP:</strong><br /> <input type="text" name="rpbase" size=25 maxlength=25 value="5"><br /> This is the number of Resource Points this nation will use for determining each days points. This is a core element. By changing this number for some and not for all nations will mean some nations make more Resource Points than others. Use this with discretion.</p> <p><strong>Modifier RP:</strong><br /> <select name="rpmodifier" > <option value=".5">.5</option> <option value=".75">.75</option> <option value="1.0" selected="selected">1.0</option> <option value="1.25">1.25</option> <option value="1.50">1.50</option> </select><br /> This is a modifier that this nation will use when calculating how many RPs this nations gets per day. If you are not sure what this means, just use default.</p> </fieldset><br /> <fieldset> <legend>Science Resources:</legend> <p><strong>Starting SP:</strong><br /> <input type="text" name="sp" size=25 maxlength=25 value="25"><br /> This is the number of Science Points this nation will start the game with.</p> <p><strong>Base SP:</strong><br /> <input type="text" name="spbase" size=25 maxlength=25 value="5"><br /> This is the number of Science Points this nation will use for determining each days points. This is a core element. By changing this number for some and not for all nations will mean some nations make more Science Points than others. Use this with discretion.</p> <p><strong>Modifier SP:</strong><br /> <select name="spmodifier" > <option value=".5">.5</option> <option value=".75">.75</option> <option value="1.0" selected="selected">1.0</option> <option value="1.25">1.25</option> <option value="1.50">1.50</option> </select><br /> This is a modifier that this nation will use when calculating how many SPs this nations gets per day. If you are not sure what this means, just use default. </p></fieldset> <input type="hidden" name="government" value=""> <input type="hidden" name="capital" value=""> <input type="hidden" name="map" value=""> <input type="hidden" name="flag" value=""> <input type="hidden" name="history" value=""> <input type="hidden" name="politics" value=""> <input type="hidden" name="economy" value=""> <input type="hidden" name="geography" value=""> <input type="hidden" name="military" value=""> <p><input type="submit" name="submit" value="Create Nation" /> <a href="do_authadmin.php" target="_self">Return to Admin Panel</a></p><br /> </form> </div> </div> <div id="mainbottom"></div> </div> </body> </html>
See the adding password part is simply text. The actual writing record script is:
<?php session_start(); if ($_SESSION['valid'] == 'yes') { } else { header('Location: adminlogin.php'); } $db_name = "XXX_"; $table_name = "users"; $connection = @mysql_connect("localhost", "XXX", "XXX") or die(mysql_error()); $db = @mysql_select_db($db_name, $connection) or die(mysql_error()); $sql = "INSERT INTO $table_name (id, nation, password, maplocation, government, population, tech, rp, rpbase, rpmodifier, sp, spbase, spmodifier, capital, map, flag, history, politics, economy, geography, social, military) VALUES ('', '{$_POST['nation']}', PASSWORD('{$_POST['password']}'), '{$_POST['maplocation']}', '{$_POST['government']}', '{$_POST['population']}', '{$_POST['tech']}', '{$_POST['rp']}', '{$_POST['rpbase']}', '{$_POST['rpmodifier']}', '{$_POST['sp']}', '{$_POST['spbase']}', '{$_POST['spmodifier']}', '{$_POST['capital']}', '{$_POST['map']}', '{$_POST['flag']}', '{$_POST['history']}', '{$_POST['politics']}', '{$_POST['economy']}', '{$_POST['geography']}', '{$_POST['social']}', '{$_POST['military']}')"; $result = @mysql_query($sql, $connection) or die(mysql_error()); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Atlas Nation-State RPG System</title> <link href="common/style.css" rel="stylesheet" type="text/css" /> </head> <body> <?php @include ("http://www.revora.net/events.php"); ?> <div id="wrapper"> <?php @include ("http://abzo.net/atlas/common/topnav.php"); ?> <div id="maintop"></div> <div id="maintile"> <div id="maintilenormal"><br /><h1>Add a New Nation</h1> <P><h2><? echo "$_POST[nation]"; ?></h2></P> <fieldset> <legend>Map Location/Tech Level:</legend> <p><strong>Map Location:</strong><br /> <? echo "$_POST[maplocation]"; ?><br /></p> <p><strong>Technology Level:</strong><br /> <? echo "$_POST[tech]"; ?><br /></p> </fieldset><br /> <fieldset> <legend>Economic Resources:</legend> <p><strong>Starting RP:</strong><br /> <? echo "$_POST[rp]"; ?><br /></p> <p><strong>Base RP:</strong><br /> <? echo "$_POST[rpbase]"; ?><br /></p> <p><strong>Modifier RP:</strong><br /> <? echo "$_POST[rpmodifier]"; ?><br /></p> </fieldset><br /> <fieldset> <legend>Science Resources:</legend> <p><strong>Starting SP:</strong><br /> <? echo "$_POST[sp]"; ?><br /></p> <p><strong>Base RP:</strong><br /> <? echo "$_POST[spbase]"; ?><br /></p> <p><strong>Modifier RP:</strong><br /> <? echo "$_POST[spmodifier]"; ?><br /></p> </fieldset> <p><a href="do_authadmin.php" target="_self">Return to Admin Panel</a></p><br /> </div> </div> <div id="mainbottom"></div> </div> </body> </html>
PASSWORD('{$_POST['password']}') appears to be the hashing part. Do I have to actually write a temporary unprotected page to add an admin login with a hashed password or can I insert it directly in Myphp or what?
I can't remember how I did it in the first place...
Also, does this page help in making it really secure and if it does how do I implement it?
http://www.sajithmr....k-the-password/