thedecline Posted April 20, 2008 Share Posted April 20, 2008 I'm coding a log-in page for the user account sytem of a library system im working on. the only problem im having with it is verifying the password the password is in the database encrypted with an md5 hash function when i retrieve it to compare it to the password entered on the form the hashed password never matches the hashed one from the database. Any idea how to hash the password on login so that it will be the same output as when it was hashed on registration? Or am i approaching this from entirely the wrong angle? Any ideas welcome. Link to comment https://forums.phpfreaks.com/topic/101936-solved-loging-in-to-accounts-using-hashed-passwords/ Share on other sites More sharing options...
mofm Posted April 20, 2008 Share Posted April 20, 2008 make sure ur password coloum in ur table will allow enough charters to enter it. Link to comment https://forums.phpfreaks.com/topic/101936-solved-loging-in-to-accounts-using-hashed-passwords/#findComment-521675 Share on other sites More sharing options...
unidox Posted April 20, 2008 Share Posted April 20, 2008 And can we see some code? Link to comment https://forums.phpfreaks.com/topic/101936-solved-loging-in-to-accounts-using-hashed-passwords/#findComment-521677 Share on other sites More sharing options...
DeanWhitehouse Posted April 20, 2008 Share Posted April 20, 2008 when you submit the password to check it encrypt it with md5 before checking Link to comment https://forums.phpfreaks.com/topic/101936-solved-loging-in-to-accounts-using-hashed-passwords/#findComment-521686 Share on other sites More sharing options...
thedecline Posted April 20, 2008 Author Share Posted April 20, 2008 include("connection.php"); //Connects to database $result = mysql_query("SELECT * FROM users WHERE username='$username'"); while($row = mysql_fetch_array($result)){ $DBpassword=$row['password']; } /* encrypts the password to allow comparison */ /* to the encrypted password in the database */ $passwordHash=md5($password); //$passwordHash = sha1($password); $result = mysql_query("SELECT * FROM user WHERE username = '$username' AND password = '$passwordHash'"); //echo ($result); //testing echo("<b>encrypted password on database:</b> ".$result."<br .>"); echo("<b>encrypted password just entered:</b> ".$passwordHash."<br .>"); //end testing if ($result == "0") { echo("<p>Incorrect Password.</p>"); return False; } else { return True; } The table accepts a 32 character string and md5 returns a 32 character string, as you can see above i am hashing the entered password before comparing it to the password in the database Link to comment https://forums.phpfreaks.com/topic/101936-solved-loging-in-to-accounts-using-hashed-passwords/#findComment-521832 Share on other sites More sharing options...
jonsjava Posted April 20, 2008 Share Posted April 20, 2008 <? include("connection.php"); //Connects to database $result = mysql_query("SELECT * FROM users WHERE username='$username'"); while($row = mysql_fetch_array($result)){ $DBpassword=$row['password']; } /* encrypts the password to allow comparison */ /* to the encrypted password in the database */ $passwordHash=md5($DBpassword); //$passwordHash = sha1($password); $result = mysql_query("SELECT * FROM user WHERE username = '$username' AND password = '$passwordHash'"); //echo ($result); //testing echo("<b>encrypted password on database:</b> ".$result."<br .>"); echo("<b>encrypted password just entered:</b> ".$passwordHash."<br .>"); //end testing if ($result == "0") { echo("<p>Incorrect Password.</p>"); return False; } else { return True; } you had done this: $DBpassword=$row['password']; } /* encrypts the password to allow comparison */ /* to the encrypted password in the database */ $passwordHash=md5($password); when you should have done this: $DBpassword=$row['password']; } /* encrypts the password to allow comparison */ /* to the encrypted password in the database */ $passwordHash=md5($DBpassword); Link to comment https://forums.phpfreaks.com/topic/101936-solved-loging-in-to-accounts-using-hashed-passwords/#findComment-521836 Share on other sites More sharing options...
thedecline Posted April 20, 2008 Author Share Posted April 20, 2008 But isn't that just rehashing the password from the database? Does anyone have code for a functional log-in system that i could have a look at? Link to comment https://forums.phpfreaks.com/topic/101936-solved-loging-in-to-accounts-using-hashed-passwords/#findComment-522026 Share on other sites More sharing options...
unidox Posted April 20, 2008 Share Posted April 20, 2008 Yea, look at my recent topic. The user system. Link to comment https://forums.phpfreaks.com/topic/101936-solved-loging-in-to-accounts-using-hashed-passwords/#findComment-522049 Share on other sites More sharing options...
mofm Posted April 22, 2008 Share Posted April 22, 2008 heres is a login sytem iv done a few days ago have a look <?php $mysql_login_query="SELECT * FROM users WHERE username ='$userdet_username' AND password = '".md5($userdet_password)."'"; if ($mysql_login_result =mysql_query($mysql_login_query)) { $loginarray=mysql_fetch_array($mysql_login_result); if(mysql_num_rows($mysql_login_result) ==1) { if($loginarray['confirmed']=="yes") { $_SESSION['logedin']=TRUE; $_SESSION['username'] = $loginarray['username']; $_SESSION['userid'] = $loginarray['id']; $_SESSION['datejoined'] = $loginarray['datejoined']; $_SESSION['nicname'] = $loginarray['nicname']; $_SESSION['email'] = $loginarray['email']; $_SESSION['theme'] = $loginarray['theme']; $_SESSION['lastonline'] = $loginarray['lastonline']; $_SESSION['fname'] = $loginarray['fname']; $_SESSION['sname'] = $loginarray['sname']; $_SESSION['accesslvl'] = $loginarray['accesslvl']; $_SESSION['hidemail'] = $loginarray['hidemail']; echo "loged in correct"; }else{ header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/login.php?username=".$userdet_username."&error=notconfirmed"); } }else{ header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/login.php?username=".$userdet_username."&error=wrongdetails"); } ?> i removed some of the things you dont need as id rather keep the code to myself Link to comment https://forums.phpfreaks.com/topic/101936-solved-loging-in-to-accounts-using-hashed-passwords/#findComment-523959 Share on other sites More sharing options...
jonsjava Posted April 22, 2008 Share Posted April 22, 2008 Login.html <form method="POST" action="p_login.php" id="Login"> <tr class="browse_rows_heading"> <td> Username: </td> <td> <input type="text" name="username"> </td> </tr> <tr class="browse_rows_heading"> <td> Password: </td> <td> <input type="password" name="password"> </td> </tr> <tr class="browse_rows_heading"> <td> <input type="submit" value="Submit"> </td> </tr> </form> </td></tr></table> p_login.php <?php /* **************************** DB INFO **************************** */ /* ################################################################################### */ /* Query to validate user */ /* ################################################################################### */ $username = addslashes($_POST["username"]); $password = addslashes($_POST["password"]); $enc_pass = md5($password); $sql = "SELECT * FROM `users_{$list_name}` where `uname` = '{$username}' and `password` = '{$enc_pass}' limit 1;"; $result = @mysql_query($sql); $validate = @mysql_num_rows($result); /* ################################################################################### */ /* END Query to validate user */ /* ################################################################################### */ if ($validate > 0){ //login the user } else{ //don't } Link to comment https://forums.phpfreaks.com/topic/101936-solved-loging-in-to-accounts-using-hashed-passwords/#findComment-523962 Share on other sites More sharing options...
thedecline Posted April 22, 2008 Author Share Posted April 22, 2008 I solved this a few hours ago, it was entirely down to my own stupid fault. i don't even want to point it out here for fear of backlash at how stupid it is. However i have learned alot about login systems that i an now implement. thanks alot. DO i have to pm a mod to set this as solved or just rename the thread? Link to comment https://forums.phpfreaks.com/topic/101936-solved-loging-in-to-accounts-using-hashed-passwords/#findComment-523964 Share on other sites More sharing options...
jonsjava Posted April 22, 2008 Share Posted April 22, 2008 at the top (or is it bottom?) next to the reply button, you'll see "resolved". click it. Link to comment https://forums.phpfreaks.com/topic/101936-solved-loging-in-to-accounts-using-hashed-passwords/#findComment-523966 Share on other sites More sharing options...
thedecline Posted April 22, 2008 Author Share Posted April 22, 2008 at the top (or is it bottom?) next to the reply button, you'll see "resolved". click it. the help is much appreciated, thanks guys Link to comment https://forums.phpfreaks.com/topic/101936-solved-loging-in-to-accounts-using-hashed-passwords/#findComment-523968 Share on other sites More sharing options...
mofm Posted April 22, 2008 Share Posted April 22, 2008 simple things get me stumped for agies dont worrie so annoying well im glad u got it sorted nneed anymore help give me a buzz [email protected] (msn) Link to comment https://forums.phpfreaks.com/topic/101936-solved-loging-in-to-accounts-using-hashed-passwords/#findComment-523971 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.