md5 help/mysql help

Question

kishou 0 Junior Poster in Training

16 Years Ago

ok i cant seem to log in with a regualr password. this code works fine without md5 but it doesnt work when i use md5. yes i've already connected and selected database.
$username = mysql_real_escape_string($_POST); //so someone cant sql inject.

$ = mysql_real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$result = mysql_query("SELECT * FROM registered_members WHERE username=\"$username\"");
$row = mysql_fetch_assoc($result); // note assoc
if ($row['password'] == $password) {
echo "Login successful <br />";
echo "Welcome $username <br />";
include("adminstuff.php"); // shows the user stuff if the user login is successfull
} else {
die ('Login Failed.');
}

mysql php

4 Contributors
8 Replies
307 Views
1 Year Discussion Span
Latest Post 15 Years Ago Latest Post by Graphix

Walkere 19 Junior Poster in Training

16 Years Ago

ok i cant seem to log in with a regualr password. this code works fine without md5 but it doesnt work when i use md5. yes i've already connected and selected database.

How is the password stored in the database?

You say the code works fine without md5 but it doesn't work with md5. When you change the code to encrypt the password, do you also change the database entry (manually I suppose) to the md5 hash?

Remember that all md5 does is turn your password into a garbled bunch of characters. So you need to store that garbled bunch in the database, and use that to compare to the md5 hash you create of the user's input.

Other than that I don't see anything wrong with the script. Try echo-ing what you're pulling out of the database as $row - that could give you an idea of what's going wrong.

- Walkere

nav33n 472 Purple hazed!

16 Years Ago

ok i cant seem to log in with a regualr password. this code works fine without md5 but it doesnt work when i use md5. yes i've already connected and selected database.
$username = mysql_real_escape_string($_POST); //so someone cant sql inject.
$ = mysql_real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$result = mysql_query("SELECT * FROM registered_members WHERE username=\"$username\"");
$row = mysql_fetch_assoc($result); // note assoc
if ($row['password'] == $password) {
echo "Login successful <br />";
echo "Welcome $username <br />";
include("adminstuff.php"); // shows the user stuff if the user login is successfull
} else {
die ('Login Failed.');
}

Umm.. Instead of checking the password for that username(by fetching the password from the table and all), you can simplify this step by checking the password in your query !

$query="select * from registered_members where username='$username' && password='$password'";
$result=mysql_query($query);
if(mysql_num_rows($result) > 0 ){
  echo "Valid user";
} else {
   echo "Invalid User";
}

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

kishou 0 Junior Poster in Training · Answer 1 · 2008-01-28T00:03:17+00:00

How is the password stored in the database?
You say the code works fine without md5 but it doesn't work with md5. When you change the code to encrypt the password, do you also change the database entry (manually I suppose) to the md5 hash?
Remember that all md5 does is turn your password into a garbled bunch of characters. So you need to store that garbled bunch in the database, and use that to compare to the md5 hash you create of the user's input.
Other than that I don't see anything wrong with the script. Try echo-ing what you're pulling out of the database as $row - that could give you an idea of what's going wrong.
- Walkere

yea it works fine when u register it inserts the md5 hash of the password u give it.

Walkere 19 Junior Poster in Training · Answer 2 · 2008-01-28T00:14:26+00:00

yea it works fine when u register it inserts the md5 hash of the password u give it.

So if you were to add this line (#2) ...

$row = mysql_fetch_assoc($result); // note assoc
echo $password . '<br />' . $row['password'] . '<br />';
if ($row['password'] == $password) {
echo "Login successful <br />";

the two results match?

- Walkere

kishou 0 Junior Poster in Training · Answer 3 · 2008-01-28T00:25:18+00:00

Umm.. Instead of checking the password for that username(by fetching the password from the table and all), you can simplify this step by checking the password in your query !
$query="select * from registered_members where username='$username' && password='$password'";
$result=mysql_query($query);
if(mysql_num_rows($result) > 0 ){
  echo "Valid user";
} else {
   echo "Invalid User";
}

thanks but that still won't work. :(

kishou 0 Junior Poster in Training · Answer 4 · 2008-01-28T02:44:40+00:00

ok i think i found the problem. it has to do with the registration page. idk why but it keeps on entering the same hash. and here's the code:

$passwordmy = md5($_POST["password"]);
$sql="INSERT INTO registered_members (username, password, email, ip)
VALUES
('$usernamemy','$passwordmy','$emailmy','$ip')";

kishou 0 Junior Poster in Training · Answer 5 · 2008-01-28T03:39:22+00:00

kishou 0 Junior Poster in Training

16 Years Ago

nvm i just used sha1 and it worked. lol. wow

Graphix 68 --- · Answer 6 · 2009-08-26T21:55:22+00:00

I also had the problem using md5, it converts the password into random digits and alfanumeric characters. You need to compare the entered password md5 encrypted with the md5 encrypted in the database. For example:

$enteredpassword = "mypass";
$enteredusername = "me";
$query1 = "SELECT * FROM auth WHERE username='$enteredusername'";
$result1 = mysql_query($query1);
$row = mysql_fetch_array($result1);
if (md5($enteredpassword) == $row[password]) {
echo "Login is succesfull";
} else {
echo "Login didnt work";
}

note that the password needs to md5-encrypted in the database.