LIKEUFACK CHRIST
Reputation: 9
i got data from a form using the post method and i want to pass that value to another page using but it is not working. Redirect a POST to a GET
please help me correct this code
$salt = 'XyZzy12*_';
$stored_hash = '1a52e17fa899cf40fb04cfc42e6352f1';
//$stored_hash = 'a8609e8d62c043243c4e201cbb342862'; // Pw is meow123
$salted = md5($salt);
$failure = false; // If we have no POST data
// Check to see if we have some POST data, if we do process it
if ( isset($_POST['who']) && isset($_POST['pass']) ) {
if ( strlen($_POST['who']) < 1 || strlen($_POST['pass']) < 1 ) {
$failure = "User name and password are required";
} else {
$check = hash('md5', $salted.$_POST['pass']);
//print "$check";
if ( $check == $stored_hash ) {
// Redirect the browser to game.php
header("Location: game.php?name=".urlencode($_POST['who']) );
return ;
} else {
$failure = "Incorrect password";
}
}
}
The first stored_hash is not working and when i put the second an error occur saying expected a POST to redirect to a GET but received POST
I tried passing the just the page game.php but it is still not working and when i look the code from my research it seems currect
Upvotes: 0
Views: 46
Answers (1)
XmlShark
Reputation: 114
The $salted variable contains the MD5 hash of the salt, which doesn't seem correct. Instead, you should concatenate the salt directly with the password and then hash it.
Also it seems like you are using hasg incorrectly, for md5 you can use md5() instead of hash('md5', ...).
From my view, it seems that the given hashes do not appear to match
I would suggest something like this:
$salt = 'XyZzy12*_';
$stored_hash = ''; // TODO: Input your stored hash here..
$failure = false; // If there should be no POST data
// If there is POST data, process it
if (isset($_POST['who']) && isset($_POST['pass'])) {
if (strlen($_POST['who']) < 1 || strlen($_POST['pass']) < 1) {
$failure = "User name and password are required";
} else {
// Correctly concatenate the salt and password, then hash
$check = md5($salt . $_POST['pass']);
if ($check == $stored_hash) {
// Redirect the browser to game.php
header("Location: game.php?name=" . urlencode($_POST['who']));
exit; // Use exit after header to prevent further code execution
} else {
$failure = "Incorrect password";
}
}
}
Upvotes: 0
Related Questions
- php: How can I redirect to the same page with a error message
- Should I store the hash function name in the DB when hashing passwords?
- my hashed password values are not matching when retrieving salt value from database
- Name and Implementation for MD5 hashing password and salt before hashing them together
- Salt and set new password
- how to encrypt password at client side when implemented MD5halsh salted algorithm on server side
- Salting my hashes with PHP and MySQL