I'm not sure if this is a common problem or not but I couldn't find any post on it yet so I'm gonna explain the problem, keeping it short and simple.

I made a user/login system that uses MD5 security for the passwords. When the person logs in, the password they enter in the html form is encrypted with md5 security and is set to match the password in the database. Here's a quick example.


//collect the post data
$username = $_POST['username'];
$password = $_POST['password'];

$password2 = md5($password);

//TEST TO SEE IF THE ENCRYPTED PASSWORD MATCHES IN THE DB, WHICH IT DON'T!
echo $password2;

$sql="SELECT * FROM members WHERE username='$username' AND password='$password2'";
$result=mysql_query($sql);

if(mysql_num_rows($result)==0) {
echo("Wrong username and/or password. Please try again.");
}
else {
echo("Login Successful! Please wait...");
}


What is wrong here? I tried various methods of placement of the MD5 function in the registration and the password that is being entered in the database is always the same, but the one from the form never matches. I have ran multiple test and now I am stuck. What is wrong?

You would need to post the code that generates the original md5() of the password and inserts it into the database for anyone here to be able to see what might be causing a difference.

Is the echo of $password2 completely different than what is in the database or are there just some characters missing from the end in the db? Post an example of what you are actually seeing for $password2 and what is in the database.

They both use the same process for md5 encryption. Is your database field 32 characters long? Are you writing to the database using mysql's md5?