thedecline

the help is much appreciated, thanks guys

I solved this a few hours ago, it was entirely down to my own stupid fault. i don't even want to point it out here for fear of backlash at how stupid it is. However i have learned alot about login systems that i an now implement. thanks alot. DO i have to pm a mod to set this as solved or just rename the thread?

But isn't that just rehashing the password from the database? Does anyone have code for a functional log-in system that i could have a look at?

include("connection.php"); //Connects to database $result = mysql_query("SELECT * FROM users WHERE username='$username'"); while($row = mysql_fetch_array($result)){ $DBpassword=$row['password']; } /* encrypts the password to allow comparison */ /* to the encrypted password in the database */ $passwordHash=md5($password); //$passwordHash = sha1($password); $result = mysql_query("SELECT * FROM user WHERE username = '$username' AND password = '$passwordHash'"); //echo ($result); //testing echo("<b>encrypted password on database:</b> ".$result."<br .>"); echo("<b>encrypted password just entered:</b> ".$passwordHash."<br .>"); //end testing if ($result == "0") { echo("<p>Incorrect Password.</p>"); return False; } else { return True; } The table accepts a 32 character string and md5 returns a 32 character string, as you can see above i am hashing the entered password before comparing it to the password in the database

I'm coding a log-in page for the user account sytem of a library system im working on. the only problem im having with it is verifying the password the password is in the database encrypted with an md5 hash function when i retrieve it to compare it to the password entered on the form the hashed password never matches the hashed one from the database. Any idea how to hash the password on login so that it will be the same output as when it was hashed on registration? Or am i approaching this from entirely the wrong angle? Any ideas welcome.