ok i cant seem to log in with a regualr password. this code works fine without md5 but it doesnt work when i use md5. yes i've already connected and selected database.
$username = mysql_real_escape_string($_POST); //so someone cant sql inject.

$ = mysql_real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$result = mysql_query("SELECT * FROM registered_members WHERE username=\"$username\"");
$row = mysql_fetch_assoc($result); // note assoc
if ($row['password'] == $password) {
echo "Login successful <br />";
echo "Welcome $username <br />";
include("adminstuff.php"); // shows the user stuff if the user login is successfull
} else {
die ('Login Failed.');
}

ok i cant seem to log in with a regualr password. this code works fine without md5 but it doesnt work when i use md5. yes i've already connected and selected database.

How is the password stored in the database?

You say the code works fine without md5 but it doesn't work with md5. When you change the code to encrypt the password, do you also change the database entry (manually I suppose) to the md5 hash?

Remember that all md5 does is turn your password into a garbled bunch of characters. So you need to store that garbled bunch in the database, and use that to compare to the md5 hash you create of the user's input.

Other than that I don't see anything wrong with the script. Try echo-ing what you're pulling out of the database as $row - that could give you an idea of what's going wrong.

- Walkere

ok i cant seem to log in with a regualr password. this code works fine without md5 but it doesnt work when i use md5. yes i've already connected and selected database.
$username = mysql_real_escape_string($_POST); //so someone cant sql inject.

$ = mysql_real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$result = mysql_query("SELECT * FROM registered_members WHERE username=\"$username\"");
$row = mysql_fetch_assoc($result); // note assoc
if ($row['password'] == $password) {
echo "Login successful <br />";
echo "Welcome $username <br />";
include("adminstuff.php"); // shows the user stuff if the user login is successfull
} else {
die ('Login Failed.');
}

Umm.. Instead of checking the password for that username(by fetching the password from the table and all), you can simplify this step by checking the password in your query !

$query="select * from registered_members where username='$username' && password='$password'";
$result=mysql_query($query);
if(mysql_num_rows($result) > 0 ){
  echo "Valid user";
} else {
   echo "Invalid User";
}

How is the password stored in the database?

You say the code works fine without md5 but it doesn't work with md5. When you change the code to encrypt the password, do you also change the database entry (manually I suppose) to the md5 hash?

Remember that all md5 does is turn your password into a garbled bunch of characters. So you need to store that garbled bunch in the database, and use that to compare to the md5 hash you create of the user's input.

Other than that I don't see anything wrong with the script. Try echo-ing what you're pulling out of the database as $row - that could give you an idea of what's going wrong.

- Walkere

yea it works fine when u register it inserts the md5 hash of the password u give it.

yea it works fine when u register it inserts the md5 hash of the password u give it.

So if you were to add this line (#2) ...

$row = mysql_fetch_assoc($result); // note assoc
echo $password . '<br />' . $row['password'] . '<br />';
if ($row['password'] == $password) {
echo "Login successful <br />";

the two results match?

- Walkere

Umm.. Instead of checking the password for that username(by fetching the password from the table and all), you can simplify this step by checking the password in your query !

$query="select * from registered_members where username='$username' && password='$password'";
$result=mysql_query($query);
if(mysql_num_rows($result) > 0 ){
  echo "Valid user";
} else {
   echo "Invalid User";
}

thanks but that still won't work. :(

ok i think i found the problem. it has to do with the registration page. idk why but it keeps on entering the same hash. and here's the code:

$passwordmy = md5($_POST["password"]);
$sql="INSERT INTO registered_members (username, password, email, ip)
VALUES
('$usernamemy','$passwordmy','$emailmy','$ip')";

I also had the problem using md5, it converts the password into random digits and alfanumeric characters. You need to compare the entered password md5 encrypted with the md5 encrypted in the database. For example:

$enteredpassword = "mypass";
$enteredusername = "me";
$query1 = "SELECT * FROM auth WHERE username='$enteredusername'";
$result1 = mysql_query($query1);
$row = mysql_fetch_array($result1);
if (md5($enteredpassword) == $row[password]) {
echo "Login is succesfull";
} else {
echo "Login didnt work";
}

note that the password needs to md5-encrypted in the database.

This article has been dead for over six months. Start a new discussion instead.