1

Hi i have this login script which works. it will work for passwords that i have directly entered into the database through phpmyadmin but wont login for the passwords that i have entered through the registeration script for which i have used md5. Understandable !

But as soon as i put md5 for the password field(as commented out below) in the loginscript, it takes me straight to the relogin page. As in it wont recognise the incripted passwords i am putting in, i have checked them against my paperwork as i wrote them down thinking i might forget and they are correct ones i am entering.

When i am typing the password it is coming up in plain text instead of *****.

This is part of a project i would really really appreciate any help.

<?php
$host="localhost"; // Host name 
$usernamee="*****"; // Mysql username 
$passwordd="*****"; // Mysql password 
$db_name="sportscentre"; // Database name 
$tbl_name="registration"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$usernamee", "$passwordd")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$username=$_POST['username'];  
$password = ($_POST['password']);

//$password = md5($_POST['password']);

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql) or die ("Query failed: " . mysql_error());;

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){

include 'member_login_success.php';
}
else {
//echo "Wrong Username or Password";
include 'relogin_member.php';
}
?>
Votes + Comments
thanks for askign a good question and showing you put forth effort vefore posting it. welcome to the forum
5
Contributors
7
Replies
9
Views
8 Years
Discussion Span
Last Post by tiger86
1

Is the password stored in the database as the md5 hash?
If so, is the field configured to allow all 32 characters of the md5 hash, or is it being truncated?

Also, when you login are you using the actual word or the md5 hash?
if you are typing in the md5 hash directly, then md5 hashing it again will give you a different value.

What do you get if you echo the password to screen after you have done the md5()?

Votes + Comments
Helped me solve the problem really quickly
0

Hi Thanks for replying. Yes the password is stored as md5 & the field takes 32 characters.
When i log in i use the actual word not the md5 hash but it still wont take it. I tried what u said about echo the password, with the md5 it echos the md5 password entered in the form which is also the one in the database. but silly me ;+) has just realised that even though i changed the field to accept 32 chars it is not showing 32 in database so i just going to delete table & make it again. I will c if that works and let u know.

0

Hi I made the table again and entered data through the registration form. Now it will let me log in if i use md5 in the login script. Only problem is when i enter the password i can see what i am entering not secure. why is this happening? why are the stars not appearing in place of the characters?

1

The type of field you use in your HTML form should be "password" not "text". ie <input type="password" name="password">

Votes + Comments
it was a silly mistake but thankyou you quickly solved it for me
0

I must admit that was a silly mistake abt the password but thats
how we learn, I will always remember to check it next time. I just want to say thank you Simon & Dukane your replies really helped, problem solved in seconds.

0

I found what I believe to be an error in your script on line 4 for the mysql password the variable is $passwordd . I'm not sure if that was on purpose or an accident... looks accidental.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.