Hi guys,
can anyone help me with this script. i would like to update password into md5. what should i do
TQ

<?php

include("plogin.php");

session_start();
//Cek Login
if ($_SESSION['level']==user) {

        $namaLgkp = $_SESSION['username'];

?>
<?php
session_start();
include("config.php");
if($_REQUEST["Submit"]=="Ganti")
{
$sql="update tb_user set password ='$_REQUEST[pwbaru]' where username = '$_SESSION[username]'";
//echo $sql;
mysql_query($sql);
header("Location:passuser.php?msg=Update Password Berhasil");
}
?>


<html>
<head>
<title>Aplikasi Helpnet</title>
<!-- CSS -->
<link href="style/css/layout.css" rel="stylesheet" type="text/css" media="screen" />
<script>
function passwordck() {

var formName=document.frm;

if(formName.pwbaru.value == "")
{
document.getElementById("pwbaru_label").innerHTML='Please Enter New Password';
formName.pwbaru.focus();
return false;
}
else
{
document.getElementById("pwbaru_label").innerHTML='';
}


if(formName.pwbarulg.value == "")
{
document.getElementById("pwbarulg_label").innerHTML='Enter ConfirmPassword';
formName.pwbarulg.focus();
return false;
}
else
{
document.getElementById("pwbarulg_label").innerHTML='';
}


if(formName.pwbaru.value != formName.pwbarulg.value)
{
document.getElementById("pwbarulg_label").innerHTML='Passwords Missmatch';
formName.pwbarulg.focus()
return false;
}
else
{
document.getElementById("pwbarulg_label").innerHTML='';
}
}
</script>
<style type="text/css">
<!--
.style8 {font-size: 25px}
.style9 {color: #009900}
body {
    background-color: #E8FFE8;
}
-->
</style>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"></head>
<body>

    <div id="wrapper">

       <!-- Batas awal menu atas -->
        <ul id="menu">
            <li class="currentMenu" id="home"><a href="duser.php"><img src="style/img/logo_helpnet.png" alt="logo_helpnet" width="100" height="35" border="0"></a></li>
            <li><a href="duser.php">Beranda</a></li> 
            <li><a href="staticuser.php">Tiket</a></li>
            <li><a href="passuser.php">Password</a></li>
            <!-- untuk menu  utama yang sedang dipilih  -->
            <li class="logout"><a href="logout.php">Logout</a></li>
        </ul>
        <!-- Batas akhir menu atas -->

        <!-- Batas awal background layar -->
        <div id="backgroundlayar">

            <!-- Batas awal kertas -->
            <div id="kertas">
                <!-- Batas awal kotakkiri -->
                <div id="kotakkiri">

                    <!-- Batas awal menu kiri -->
                    <ul class="menukiri">
                        <li><a href="passuser.php"><strong>Password Baru </strong></a></li>   
                    </ul>
                    <!-- batas akhir menu kiri-->

                </div>    
                <!-- batas akhir kotaks kiri -->


                <h2><a href="#" class="style8">Ganti Password </a><a href="passuser.php" class="style9"></a></h2>

                <div id="utama">

                    <h3 align="center">Sebaiknya gantilah password Anda secara berkala </h3>
            <form action="passuser.php" method="post" name="frm" id="frm" onSubmit="return passwordck();">
<table>

<tr>
<td>Password Baru:</td>
<td><input type="password" name="pwbaru" id="pwbaru" size="20" autocomplete="off"/>&nbsp; <label id="pwbaru_label" class="level_msg"></td>
</tr>
<tr>
<td>Ketik ulang password baru:</td>
<td><input type="password" name="pwbarulg" id="pwbarulg" size="20" autocomplete="off">&nbsp; <label id="pwbarulg_label" class="level_msg"></td>
</tr>

<tr>
<td colspan="2" align="center"><input type="submit" name="Submit" value="Ganti" onSubmit="return passwordck();"/></td>
</tr>

</table>

</form>
                </div>
                <!-- batas akhir utama -->

                <div class="clear"></div>
            </div>
            <!-- batas akhir kertas -->

        </div>   
        <!-- batas akhir background layar -->

         <!-- Batas awal kaki -->
        <p id="kaki">Copyright &copy; 2014 Aplikasi Helpnet</p>
        <!-- batas akhir kaki -->

    </div>
    <!-- wrapper -->

</body>
</html>



<?php
}
    else {

    header('location: akses.php');
}
?>

Both PHP and MySQL have md5() functions. What exactly is the problem?

Member Avatar

diafol

This is really difficult to follow. You've mashed up js, html and php. You may find it easier to separate these, e.g. Place all your js in a script tag at the bottom of the page and get rid of all those on_ attributes.

The php can be separated by reordering the conditional block for header to above the dtd.

There is some duplication - no need for session_start() to appear twice. Just place it at the top of the page.

You are using $_REQUEST for some reason, although your form method is 'post'. Are you expecting users to be able to use 'get' via the querystring too?

ohh..i see
this form is for user changing their password. it's work
but, the password is not in md5..

Member Avatar

diafol

The password will be an md5 hash if you hash it:

$hash = md5($password);

or

$hash = hash("md5", $password);

However, do not use md5 if you can avoid it - it's not very secure. Look at sha256 or similar, or even use password_hash() if you have php 5.5.0+.

ooo.oke
than what can i do for secure it?

before, i'm really grateful for ur reply.

Member Avatar

diafol

than what can i do for secure it?

Either use sha256 or similarly hard-to-crack algorithm:

$hash = hash("sha256", $password);

Or if you have php 5.5.0 or later, use the new password hash and verify functions. This is really nice as you can use something like BCRYPT algorithm and set the "cost" - the "time" if you like required to verify a supplied password.

Check out the php manual for hash(), password_hash() and password_verify().

thank u very much.
i really appreciate it.
i'll try.

Member Avatar

diafol

Ok, come back if you're unsure.