View Full Version : Hashing Password on login to match the hash value in database

04-09-2011, 07:17 PM
Users have already signed up through a webpage, When they signup it encrypts the passwords using MD5 Hash, They can log in through the webpage using their normal password but If I do it through VB then the only way to get in is to use the MD5 hash code and not the normal password.
So if I have the password "banana" it is encrypted in the database using md5 as "sfdhhf488348" or whatever, I can still login through the webpage with "banana" yet in vb.net I have to use "sfdhhf488348"

What do i have to add to the code so the password what they login to matches the password witch is already hashed in the database.

Private Sub OK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles OK.Click

MySqlConnection = New MySqlConnection
MySqlConnection.ConnectionString = "server=aerolitegaming.co.uk;Port=3306; user id=walkerki_login; password=hidden; database=walkerki_testingphp"

Dim Myadapter As New MySqlDataAdapter
Dim sqlquary = "SELECT * From users WHERE Username='" & UsernameTextBox.Text & "'And Password= '" & PasswordTextBox.Text & "';"

Dim command As New MySqlCommand
command.Connection = MySqlConnection
command.CommandText = sqlquary
Myadapter.SelectCommand = command
Dim mydata As MySqlDataReader
mydata = command.ExecuteReader
If mydata.HasRows = 0 Then
MsgBox("Sorry! We can't find your Username and Password. Try Again or contact us on the forum")

End If
End Sub

Oh and i know about SQL Injecting

04-10-2011, 06:55 PM
You have to md5 encrypt the password in your vb code and pass that into your query instead of the text box text.