Changing password on login

Good day to all, gentlemen.

<?php include ("bd.php");
if (!isset($_SERVER['PHP_AUTH_USER']))
{
Header ("WWW-Authenticate: Basic realm=\"Admin Page\"");
Header ("HTTP/1.0 401 Unauthorized");
exit();
}
else
{
if (!get_magic_quotes_gpc())
{
$_SERVER['PHP_AUTH_USER'] = mysql_escape_string($_SERVER['PHP_AUTH_USER']);
$_SERVER['PHP_AUTH_PW'] = mysql_escape_string($_SERVER['PHP_AUTH_PW']);
}
$query = "SELECT a23,code_a FROM admin WHERE a22='".$_SERVER['PHP_AUTH_USER']."'";
$lst = @mysql_query($query);
$a23_passw= mysql_result( $lst, 0, 'a23' );
$admin= mysql_result( $lst, 0, 'code_a' );
if (!$lst)
{
Header ("WWW-Authenticate: Basic realm=\"Admin Page\"");
Header ("HTTP/1.0 401 Unauthorized");
exit();
}
if (mysql_num_rows($lst) == 0)
{
Header ("WWW-Authenticate: Basic realm=\"Admin Page\"");
Header ("HTTP/1.0 401 Unauthorized");
exit();
}
$a23 =  @mysql_fetch_array($lst);
if ($_SERVER['PHP_AUTH_PW']!= $a23_passw)
{
Header ("WWW-Authenticate: Basic realm=\"Admin Page\"");
Header ("HTTP/1.0 401 Unauthorized");
exit();
}
}
?>

This is the content of the file I include in each file for authorization. The essence, I think, is clear, a23– login, a24– password, admin– well, this is something that you need, and you don’t need to delete .

I would like to know about one perversion. Is it possible to make a person logging in under his login enter his password + 1 digit, which is equal to the day of the week, as a password?

Let’s say the table says: ivan, 123. We do not rewrite the table in any case. In order for ivanto log in on Monday – you need to enter 1231, on Tuesday – 1232, etc., on Sunday – 1237. Tell me how to do this?

p.s. If someone gives a couple of reasoned advice on the code itself, I would be grateful.


Answer 1, authority 100%

mysql_escape_string($_SERVER[‘PHP_AUTH_PW’])

it’s better not to do this, passwords should be stored in md5, i.e.

md5($_SERVER[‘PHP_AUTH_PW’])

and then compare against the hash in the database, like this

$pass=md5($_POST[‘pass’]);

if ($pass ==$a23_passw) {echo ‘match!’;}

Accordingly, if you want the user to enter the number of the week, you must first determine the day of the week in the authorization file, and determine what date it should be today.

In your case, you need to process the post variable by selecting the last character in it, and get two variables accordingly:

  1. password itself
  2. last digit (day of the week)

This can be done using the function substr

There is another option, in my opinion it is more optimal and less expensive:
make two fields – one for the password, the second for the day of the week, but that’s up to you.

About the code: it’s terribly unreadable, and since it’s terribly unreadable – it’s hard to say what else is there)