User Authentication Using MD5

Due: Monday Feb 20, 2017 - 11:55pm

See Addendum for updates.

This assigment requires you to create a single page which carries out an encrypted password user login procedure. In this assignment you will gain hands-on experience with the process of maintaining encrypted passwords using the MD5 hash.

Here briefly, the steps/operations to be carried out by the code you write.

• Create a web page with appropriate header and footer
• Present login form at the center of page
• Log in form will accept username and password (credentials) from user using submit type
• Validate user inputs - hardcode 2 sets of credentials for verification - one of your own choice and the other with Username: ct310
• Hashed value of user passwords are stored (MD5) and you must never store an unencrypted password.
• Display the Result - Login Success / Failure, on the same page with time stamp (date and time)

You are being given the MD5 hash value of password, for ct310 user at the bottom of this page. You will need to hash your own password; there are many online hash generators, e.g. Miracle Salad.

Please review this documentation and example and then see to it that your Assignment uses this approach to modify page behavior before and after a username and password pair is submitted.

Hint: Use PHP ability to conditionally check raw HTML. In other words, you will use the Structured Conrol syntax in this assignment to select behavior between form entering and form processing; also refer this example Escaping from HTML Example.

Note this assignment will feel somewhat incomplete because you will not actually be changing the state of the session in a persistant manner that indicates the user has logged in successfully. That will come in a future excercise.

You will submit a single zip file "lastname.zip" with the required files. Submission will be through Canvas. The file should be named as login.php. Please host it on your CS account and provide URL to your page as a comment during the Canvas submission, also comment username and password pair you created.

To do this assignment, please use a text editor and type all the necessary tags by hands. Please do not use any web development application to create your login page. Your work will be tested with Chrome on department machines.

Here is the MD5 hash of the ct310 user password for this specific assignment:

To be clear, you'll need to validate the user entered password against the saved (as values bound to local variables) ones. As the saved ones aren't stored as plain text but as a MD5 hash, please make use of the md5($password) method in PHP to generate MD5 hash of the user entered password on the fly and validate. You'll need to have validations for two sets of credentials: One for yours and the other for "ct310" username and it's password hash is given above.

Last but not least, please be aware this assignment represents a valuable step along the path toward understanding modern secure authentication techniques. However, it is not the full story, and in particular the very properties of md5 hashing that make it useful in this excercse also make it an unacceptable alternative for securing modern sites. There is a more modern approach available in PHP and we will learn this approach shortly. However, for now enjoy the fact that you can push and poke at the md5 process and gain some basic insight into what it means to store a hashed password.

Addendum

None at this time