ksv
web developer
Can anyone see what's wrong with this code?
It's a simple application which verifies a signed md5 checksum generating the checksum as well as checking the input and checksum against a database.
The database verification part seems to work, but for some reason it always says the generated checksum doesn't match.
The entered, generated and downloaded md5 checksums are printed in the html output for debug purposes, and are all identical when a correct id/checksum is entered.
It's a simple application which verifies a signed md5 checksum generating the checksum as well as checking the input and checksum against a database.
The database verification part seems to work, but for some reason it always says the generated checksum doesn't match.
The entered, generated and downloaded md5 checksums are printed in the html output for debug purposes, and are all identical when a correct id/checksum is entered.
PHP:
<?php
$submit = $_POST["submit"];
$id = $_POST["id"];
$hash = $_POST["hash"];
if(isset($submit)) {
mysql_connect("localhost", "memberreg", "3a1yux") or die(mysql_error());
mysql_select_db("members") or die(mysql_error());
// Write the id to a file...
$fp = fopen("id/$id", "w");
fwrite($fp, "$id");
fclose($fp);
// and hash it
$gen_hash = shell_exec("openssl md5 -sign /Volumes/server/key-root/id.key id/$id | openssl md5");
$sql = mysql_query("SELECT id, idhash FROM memberdata WHERE id='$id'");
$sql_check = mysql_num_rows($sql);
if($sql_check <= 0) {
$sql_match = false;
}
else {
while($row = mysql_fetch_array($sql)) {
$db_id = $row["id"];
$db_hash = $row["idhash"];
}
$sql_match = true;
}
unlink("id/$id");
mysql_close();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>urbanturban - id/md5 check</title>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<style type="text/css">
<!--
body {
font: 0.9em Arial, Helvetica, sans-serif;
}
.correct {
color: green;
}
.incorrect {
color: red;
}
p span {
border: 1px solid black;
display: block;
width: 0.8em;
height: 0.8em;
float: left;
margin-right: 5px;
}
.correct span {
background-color: lime;
}
.incorrect span {
background-color: red;
}
-->
</style>
</head>
<body>
<?php
if(isset($submit)) {
echo "$id <br /> $hash (entered) <br /> $gen_hash (generated) <br /> $db_hash (database)";
if($hash === $gen_hash) {
echo "<p class=\"correct\"><span></span>md5 checksum correct.</p>";
}
else {
echo "<p class=\"incorrect\"><span></span>md5 checksum incorrect.</p>";
}
if($sql_match == true) {
echo "<p class=\"correct\"><span></span>Id matches database record.</p>";
}
else {
echo "<p class=\"incorrect\"><span></span>Id does not match database.</p>";
}
if($hash === $db_hash) {
echo "<p class=\"correct\"><span></span>md5 matches database.</p>";
}
else {
echo "<p class=\"incorrect\"><span></span>md5 does not match database.</p>";
}
}
?>
<h3>Check id and md5</h3>
<form action="" method="post" id="idForm">
<p><label for="id">id</label> <input type="text" name="id" id="id" /></p>
<p><label for="hash">hash</label> <input type="text" name="hash" id="hash" /></p>
<input type="submit" name="submit" id="submit" value="Check" />
</form>
</body>
</html>