login script not checking password

Question

Newbi 3 Newbie Poster

15 Years Ago

Hi i have this login script which works. it will work for passwords that i have directly entered into the database through phpmyadmin but wont login for the passwords that i have entered through the registeration script for which i have used md5. Understandable !

But as soon as i put md5 for the password field(as commented out below) in the loginscript, it takes me straight to the relogin page. As in it wont recognise the incripted passwords i am putting in, i have checked them against my paperwork as i wrote them down thinking i might forget and they are correct ones i am entering.

When i am typing the password it is coming up in plain text instead of *****.

This is part of a project i would really really appreciate any help.

<?php
$host="localhost"; // Host name 
$usernamee="*****"; // Mysql username 
$passwordd="*****"; // Mysql password 
$db_name="sportscentre"; // Database name 
$tbl_name="registration"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$usernamee", "$passwordd")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$username=$_POST['username'];  
$password = ($_POST['password']);

//$password = md5($_POST['password']);

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql) or die ("Query failed: " . mysql_error());;

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){

include 'member_login_success.php';
}
else {
//echo "Wrong Username or Password";
include 'relogin_member.php';
}
?>

php

5 Contributors
7 Replies
149 Views
2 Days Discussion Span
Latest Post 15 Years Ago Latest Post by tiger86

Dukane commented: thanks for askign a good question and showing you put forth effort vefore posting it. welcome to the forum +3

SimonMayer 2 Junior Poster in Training

15 Years Ago

Is the password stored in the database as the md5 hash?
If so, is the field configured to allow all 32 characters of the md5 hash, or is it being truncated?

Also, when you login are you using the actual word or the md5 hash?
if you are typing in the md5 hash directly, then md5 hashing it again will give you a different value.

What do you get if you echo the password to screen after you have done the md5()?

Newbi commented: Helped me solve the problem really quickly +1

Dukane

15 Years Ago

The type of field you use in your HTML form should be "password" not "text". ie <input type="password" name="password">

Newbi commented: it was a silly mistake but thankyou you quickly solved it for me +1

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

it was a silly mistake but thankyou you quickly solved it for me

Newbi 3 Newbie Poster · Answer 1 · 2009-08-16T05:41:58+00:00

Hi Thanks for replying. Yes the password is stored as md5 & the field takes 32 characters.
When i log in i use the actual word not the md5 hash but it still wont take it. I tried what u said about echo the password, with the md5 it echos the md5 password entered in the form which is also the one in the database. but silly me ;+) has just realised that even though i changed the field to accept 32 chars it is not showing 32 in database so i just going to delete table & make it again. I will c if that works and let u know.

Newbi 3 Newbie Poster · Answer 2 · 2009-08-16T06:19:45+00:00

Hi I made the table again and entered data through the registration form. Now it will let me log in if i use md5 in the login script. Only problem is when i enter the password i can see what i am entering not secure. why is this happening? why are the stars not appearing in place of the characters?

SKANK!!!!! 5 Posting Pro in Training · Answer 3 · 2009-08-16T06:34:00+00:00

SKANK!!!!! 5 Posting Pro in Training

15 Years Ago

Silly. mark as solved.

Dukane commented: worthless post +0

Newbi 3 Newbie Poster · Answer 4 · 2009-08-17T05:52:55+00:00

I must admit that was a silly mistake abt the password but thats
how we learn, I will always remember to check it next time. I just want to say thank you Simon & Dukane your replies really helped, problem solved in seconds.

tiger86 16 Posting Pro · Answer 5 · 2009-08-17T07:48:21+00:00

I found what I believe to be an error in your script on line 4 for the mysql password the variable is $passwordd . I'm not sure if that was on purpose or an accident... looks accidental.