Hashing(MD5) Password on login to match the hash value in database [Archive]

View Full Version : Hashing(MD5) Password on login to match the hash value in database

mgreen84

05-19-2010, 09:48 PM

Hi all,

I'm using the following code below on my sign page to my app, because the user passwords are stored as its Hash(MD5) value in the database. So I need for when the user types their password on the login page to be converted to its Hash(MD5) value so it can match the value in the database. The code I'm using below to address this issue doesn't seem to be doing that, can anyone tell me why? or provide a better way?

'Performs the login
Public Overridable Sub Login(ByVal bRedirectOnSuccess As Boolean)

Dim password As String = Me.Password.Text
Dim mhash As HashAlgorithm = New MD5CryptoServiceProvider()
Dim bytValue() As Byte = System.Text.Encoding.UTF8.GetBytes(password)
Dim bytHash() As Byte = mhash.ComputeHash(bytValue)
mhash.Clear()
Me.Password.Text = Convert.ToBase64String((bytHash)
Me.Login(bRedirectOnSuccess)

End Sub

accwebworks

05-20-2010, 04:53 PM

Where are you comparing password hash to what you have stored in the database?
This piece of code hashes password, converts to base64 then calls itself again.

MewersTheCat

05-28-2010, 08:02 PM

you want to simply hash the password then check it against the database.. create a function. then use it to convert the password before checking it in SQL..

\
Public Function HashPW() as String
Dim mhash As HashAlgorithm = New MD5CryptoServiceProvider()
Dim bytValue() As Byte = System.Text.Encoding.UTF8.GetBytes(password)
Dim bytHash() As Byte = mhash.ComputeHash(bytValue)
mhash.Clear()
Return Convert.ToBase64String((bytHash)
End Function

then.. have your sql query look something like..

"select * from [Users] where password='" & HashPW(Me.Password.text) & "' and username='" & Me.Username.text & "'"

crude example.. hope you understand.

mgreen84

06-07-2010, 08:26 PM

Hey thanks Mewer for your previous post it helped a lot. but now i'm receiving the following popup box when I run it: "Conversion from string "magic184" to type'Integer' is not valid."

Do you have any idea why I would be getting this message? (below is my code)

Public Function HashPW() as string
Dim mhash As HashAlgorithm = New MD5CryptoServiceProvider()
Dim bytValue() As Byte = System.Text.Encoding.UTF8.GetBytes(Me.Password.Text)
Dim bytHash() As Byte = mhash.ComputeHash(bytValue)
mhash.Clear()
Return Convert.ToBase64String((bytHash))
End Function
'**********************************

Public Overridable Sub Login(ByVal bRedirectOnSuccess As Boolean)
Dim strUserName As String = Me.UserName.Text
Dim strPassword As Char = HashPW(Me.Password.text)
If (HashPW(Me.Password.text) = "**********" Or HashPW(Me.Password.text) = "") Then
Dim state As SignInState = New SignInState
strPassword = state.LoginPassword
End If