Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New to the CF scene
    Join Date
    Aug 2005
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    trouble using md5 for a password check

    ok....I made a registration screen that encodes the users password into md5 encryption and stores it into a database. Everything works alright with that....however..after that I made a login screen that asks for the username and the pw and compares it to what is stored in the DB. The problem with my coding is that Im haveing trouble taking the password that is typed into the login screen and converting it to the md5 BEFORE the comparison is made. Example:
    ID USERNAME MD5 ENCRYPION (pw is 1234 btw) E-MAIL ADDRESS
    1 1234 81dc9bdb52d04dc20036dbd8313ed055 1234@1234.com

    I type in 1234 as the username, and 1234 as the password and it is comparing the pw of 1234 to md5 encryption of 81dc9bdb52d04dc20036dbd8313ed055 and comming back negative. if I use 81dc9bdb52d04dc20036dbd8313ed055 as the password it works but that kind of defetes the purpose. =o)~

    I just cant seem to type the md5 part out right for recalling it. Can anyone help? Here is my code:


    Code:
    <?php
    ob_start();
    $host="localhost"; // Host name
    $username="username"; // Mysql username
    $password="password"; // Mysql password
    $db_name="db_name"; // Database name
    $tbl_name="members"; // Table name
    
    mysql_connect("$host", "$username", "$password")or die("cannot connect");
    mysql_select_db("$db_name")or die("cannot select DB");
    
    $myusername=$_POST['myusername'];
    $mypassword=$_POST['mypassword'];
    $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='.md5($mypassword).'";
    $result=mysql_query($sql);
    
    $count=mysql_num_rows($result);
    if($count==1){
    session_register("myusername");
    session_register("mypassword");
    header("location:logged_in.php");
    }
    else {
    echo "Username or Password not registered!";
    }
    
    ob_end_flush();
    ?>

    Thank you all!!!

  • #2
    New to the CF scene
    Join Date
    Aug 2005
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Found it.
    Should have been:
    Code:
    $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='".md5($mypassword)."'";

  • #3
    Senior Coder
    Join Date
    Mar 2003
    Location
    Atlanta
    Posts
    1,037
    Thanks
    14
    Thanked 30 Times in 28 Posts
    Pesky quotation marks . You have to be careful with user input tho. I don't see you validating the user input and they could bypass the password field all together with SQL injection.

    mysql_real_escape_string()
    Most of my questions/posts are fairly straightforward and simple. I post long verbose messages in an attempt to be thorough.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •