Simple MD5 Authentication

Due: Monday Feb 15, 2016 - 11:55pm

Due: Monday Feb 16, 2016 - 11:55pm

See Addendum for updates.

This assigment requires you to create a single page which carries out an encrypted password user login procedure. In this assignment you will gain hands-on experience with the process of maintaining encrypted passwords using the MD5 hash.

Here briefly our the steps/operations to be carried out by the code you write.

• Present login a form
• User enters credentials and clicks submit
• Validate user inputs - hardcode 2 sets of credentials for verification - one of your choice and the other with Username: ct310
• Hashed user passwords are stored (MD5) and you must never store an unencrypted password.
• Display the Result - Login Success / Fail, in the same page

You are being given the MD5 hash of the ct310 users password through at the bottom of this page. You will need to hash your own passoord; there are many online hash generators, e.g. Miracle Salad.

Hint: Use PHP ability to conditionally check raw HTML. In other words, you will use the Structured Conrol syntax in this assignment to select behavior between form entering and form processing.

Note this assignment will feel somewhat incomplete because you will not actually be changing the state of the session in a persistant manner that indicates the user has logged in successfully. That will come in a future excercise.

You will submit a single tar file "lastname.tar" with the required files. Submission will be through Canvas. The file should be named as login.php. Please host it on your CS account and provide URL to your page as a comment during the Canvas submission.

To do this assignment, please use a text editor and type all the necessary tags by hands. Please do not use any web development application to create your login page. Your work will be tested with Chrome on department machines.

Here is the MD5 hash of the ct310 user password for this specific assignment:

Addendum (last updated 2/14/2016)

The link above to Structured Control was not as clear as might have been hoped. The Escaping from HTML Example documentation is much better.

Also note that we have now constructed a better example of our own demonstrating the alternative syntax. Please review this better documentation and example and then see to it that your Assignment 3 uses this approach to modify page behavior before and after a username and password pair is submitted. (update 2/14/2016).

There was some confusion over the MD5 hashing in Monday's recitation. To be clear, you'll need to validate the user entered password against the saved (on variables) ones. As the saved ones aren't stored as plain text but as a MD5 hash, please make use of the md5($password) method in PHP to generate MD5 hash of the user entered password on the fly and validate. You'll need to have validations for two sets of credentials: One for yours and the other for "ct310" username and it's password hash in the image given above. (update 2/8/2015)