Web Development > PHP > MD5 password PHP/mySQL
Ad:
 
  • PHP Discussion Thread
  • Unsolved
  • Views: 639
  • PHP RSS
Similar Threads
Permalink
Jul 12th, 2010
0

MD5 password PHP/mySQL

Expand Post »
Hi, I have been trying to create a login facility using PHP/mySQL and so far I have managed to get everything working apart from changing/updating the stored user password.

The code I have used is basically just the registration script with a few changes so that it will update a current record. I have tested the registration/login form and have had no problems creating and logging in new users and the script is working as it definately updates the record in the database.

The problem is that after I update a users details using the script below, the login script reports that the username/passwords do not match. I have compared the MD5 outputs from both the registration and update form using the same password and both match in the database. Once I change it using this script however, the user can no longer login. any ideas?


php Syntax (Toggle Plain Text)
  1. <?php
  2. 	//Start session
  3. 	session_start();
  4.  
  5. 	//Include database connection details
  6. 	require_once('config.php');
  7.  
  8. 	//Array to store validation errors
  9. 	$errmsg_arr = array();
  10.  
  11. 	//Validation error flag
  12. 	$errflag = false;
  13.  
  14. 	//Connect to mysql server
  15. 	$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
  16. 	if(!$link) {
  17. 		die('Failed to connect to server: ' . mysql_error());
  18. 	}
  19.  
  20. 	//Select database
  21. 	$db = mysql_select_db(DB_DATABASE);
  22. 	if(!$db) {
  23. 		die("Unable to select database");
  24. 	}
  25.  
  26. 	//Sanitize the POST values
  27. 	$fname = clean($_POST['fname']);
  28. 	$lname = clean($_POST['lname']);
  29. 	$login = clean($_POST['login']);
  30. 	$password = clean($_POST['password']);
  31. 	$cpassword = clean($_POST['cpassword']);
  32.  
  33. 	//Function to sanitize values received from the form. Prevents SQL injection
  34. 	function clean($str) {
  35. 		$str = @trim($str);
  36. 		if(get_magic_quotes_gpc()) {
  37. 			$str = stripslashes($str);
  38. 		}
  39. 		return mysql_real_escape_string($str);
  40. 	}
  41.  
  42. 	//Sanitize the POST values
  43. 	$fname = clean($_POST['fname']);
  44. 	$lname = clean($_POST['lname']);
  45. 	$login = clean($_POST['login']);
  46. 	$password = clean($_POST['password']);
  47. 	$cpassword = clean($_POST['cpassword']);
  48.  
  49. 	//Input Validations
  50. 	if($fname == '') {
  51. 		$errmsg_arr[] = 'First name missing';
  52. 		$errflag = true;
  53. 	}
  54. 	if($lname == '') {
  55. 		$errmsg_arr[] = 'Last name missing';
  56. 		$errflag = true;
  57. 	}
  58. 	if($login == '') {
  59. 		$errmsg_arr[] = 'Login ID missing';
  60. 		$errflag = true;
  61. 	}
  62. 	if($password == '') {
  63. 		$errmsg_arr[] = 'Password missing';
  64. 		$errflag = true;
  65. 	}
  66. 	if($cpassword == '') {
  67. 		$errmsg_arr[] = 'Confirm password missing';
  68. 		$errflag = true;
  69. 	}
  70. 	if( strcmp($password, $cpassword) != 0 ) {
  71. 		$errmsg_arr[] = 'Passwords do not match';
  72. 		$errflag = true;
  73. 	}
  74.  
  75.  
  76.  
  77. 	//If there are input validations, redirect back to the registration form
  78. 	if($errflag) {
  79. 		$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
  80. 		session_write_close();
  81. 		header("location: register-form.php");
  82. 		exit();
  83. 	}
  84.  
  85. 	//Create INSERT query
  86. 	$qry = "UPDATE Staff SET FirstName = '$fname', LastName = '$lname', Login = '$login', Password = '
  87. 	".md5($password)."' WHERE LastName = '$lname' AND FirstName = '$fname'";
  88. 	$result = @mysql_query($qry);
  89.  
  90. 	//print $qry;
  91.  
  92. 	//Check whether the query was successful or not
  93. 	if($result) {
  94. 		header("location: register-success.php");
  95. 		exit();
  96. 	}else {
  97. 		die("Query failed");
  98. 	}
  99. ?>
Reputation Points: 10
Solved Threads: 0
Newbie Poster
pjh1985 is offline Offline
3 posts
since Jul 2010
Permalink
Jul 13th, 2010
0

Re: MD5 password PHP/mySQL

echo your login select query and try to debug it.
md5 is just for encryption there might be some issue in coding.
Reputation Points: 18
Solved Threads: 35
Posting Whiz in Training
vibhadevit is offline Offline
237 posts
since Apr 2010
Permalink
Jul 13th, 2010
0

Re: MD5 password PHP/mySQL

Check your query with the following statement:

PHP Syntax (Toggle Plain Text)
  1. $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());

So you'll come to know the error.
Reputation Points: 153
Solved Threads: 229
Nearly a Posting Virtuoso
rajarajan07 is offline Offline
1,398 posts
since May 2008
Permalink
Jul 14th, 2010
0

Re: MD5 password PHP/mySQL

Thx for the replies, I added the line to the code and there was no error reported. So i added print $query; just to show what information was being stored and it returned the correct information:

UPDATE Staff SET FirstName = 'a', LastName = 'a', Login = 'a', Password = ' 5f4dcc3b5aa765d61d8327deb882cf99' WHERE LastName = 'a' AND FirstName = 'a'

However, I checked the data in the database and for some reason the passwords i have changed with this script have a blank line above the actual password.

I'm not sure what has caused this but it must be the problem as the password hash is still correct. I'm not sure how this could be caused though, any ideas?
Reputation Points: 10
Solved Threads: 0
Newbie Poster
pjh1985 is offline Offline
3 posts
since Jul 2010
Permalink
Jul 14th, 2010
0

Re: MD5 password PHP/mySQL

PHP Syntax (Toggle Plain Text)
  1. $qry = "UPDATE Staff SET FirstName = '$fname', LastName = '$lname', Login = '$login', Password = '".md5($password)."' WHERE LastName = '$lname' AND FirstName = '$fname'";
  2. $result = @mysql_query($qry);
I thing there is blank space before Password = ' and ".md5
This causes issue.
Reputation Points: 18
Solved Threads: 35
Posting Whiz in Training
vibhadevit is offline Offline
237 posts
since Apr 2010
Permalink
Jul 14th, 2010
0

Re: MD5 password PHP/mySQL

Yeah that has fixed it thank you.

In dreamweaver it appeared as though the code had just carried on to the next line and the sql output didnt seem to show there was a space there either so i never thought to check it.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
pjh1985 is offline Offline
3 posts
since Jul 2010
Permalink
Jul 14th, 2010
0

Re: MD5 password PHP/mySQL

Okay...mark thread as solved.
Reputation Points: 18
Solved Threads: 35
Posting Whiz in Training
vibhadevit is offline Offline
237 posts
since Apr 2010
Message:
Previous Thread in PHP Forum Timeline: please help me !!!
Next Thread in PHP Forum Timeline: Computer Colleg


Tags
md5, mysql, password, php
Tag Cloud for md5, mysql, password, php
access ajax apache array arrays c# c++ checkbox cms code compare cookies count css curl data data-base database date design developer display dropdown drupal dynamic edit email error excel file flash form forms framework function generator html image insert java javascript join joomla jquery ldap link login loop mail mssql multiple mysql mysqlquery object open pagination parse password pdf php php/mysql post postgresql print problem programmer programming python query recordset redirect remote script search security select server session source sql string submit system table tables text tutorial update upload url user validation variable variables vb web web-development website wordpress xml



About Us | Contact Us | Advertise | Acceptable Use Policy
Build Custom RSS Feed


Follow us on Twitter


© 2010 DaniWeb® LLC