thedecline Posted April 20, 2008 Share Posted April 20, 2008 I'm coding a log-in page for the user account sytem of a library system im working on. the only problem im having with it is verifying the password the password is in the database encrypted with an md5 hash function when i retrieve it to compare it to the password entered on the form the hashed password never matches the hashed one from the database. Any idea how to hash the password on login so that it will be the same output as when it was hashed on registration? Or am i approaching this from entirely the wrong angle? Any ideas welcome. Quote Link to comment Share on other sites More sharing options...
mofm Posted April 20, 2008 Share Posted April 20, 2008 make sure ur password coloum in ur table will allow enough charters to enter it. Quote Link to comment Share on other sites More sharing options...
unidox Posted April 20, 2008 Share Posted April 20, 2008 And can we see some code? Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 20, 2008 Share Posted April 20, 2008 when you submit the password to check it encrypt it with md5 before checking Quote Link to comment Share on other sites More sharing options...
thedecline Posted April 20, 2008 Author Share Posted April 20, 2008 include("connection.php"); //Connects to database $result = mysql_query("SELECT * FROM users WHERE username='$username'"); while($row = mysql_fetch_array($result)){ $DBpassword=$row['password']; } /* encrypts the password to allow comparison */ /* to the encrypted password in the database */ $passwordHash=md5($password); //$passwordHash = sha1($password); $result = mysql_query("SELECT * FROM user WHERE username = '$username' AND password = '$passwordHash'"); //echo ($result); //testing echo("<b>encrypted password on database:</b> ".$result."<br .>"); echo("<b>encrypted password just entered:</b> ".$passwordHash."<br .>"); //end testing if ($result == "0") { echo("<p>Incorrect Password.</p>"); return False; } else { return True; } The table accepts a 32 character string and md5 returns a 32 character string, as you can see above i am hashing the entered password before comparing it to the password in the database Quote Link to comment Share on other sites More sharing options...
jonsjava Posted April 20, 2008 Share Posted April 20, 2008 <? include("connection.php"); //Connects to database $result = mysql_query("SELECT * FROM users WHERE username='$username'"); while($row = mysql_fetch_array($result)){ $DBpassword=$row['password']; } /* encrypts the password to allow comparison */ /* to the encrypted password in the database */ $passwordHash=md5($DBpassword); //$passwordHash = sha1($password); $result = mysql_query("SELECT * FROM user WHERE username = '$username' AND password = '$passwordHash'"); //echo ($result); //testing echo("<b>encrypted password on database:</b> ".$result."<br .>"); echo("<b>encrypted password just entered:</b> ".$passwordHash."<br .>"); //end testing if ($result == "0") { echo("<p>Incorrect Password.</p>"); return False; } else { return True; } you had done this: $DBpassword=$row['password']; } /* encrypts the password to allow comparison */ /* to the encrypted password in the database */ $passwordHash=md5($password); when you should have done this: $DBpassword=$row['password']; } /* encrypts the password to allow comparison */ /* to the encrypted password in the database */ $passwordHash=md5($DBpassword); Quote Link to comment Share on other sites More sharing options...
thedecline Posted April 20, 2008 Author Share Posted April 20, 2008 But isn't that just rehashing the password from the database? Does anyone have code for a functional log-in system that i could have a look at? Quote Link to comment Share on other sites More sharing options...
unidox Posted April 20, 2008 Share Posted April 20, 2008 Yea, look at my recent topic. The user system. Quote Link to comment Share on other sites More sharing options...
mofm Posted April 22, 2008 Share Posted April 22, 2008 heres is a login sytem iv done a few days ago have a look <?php $mysql_login_query="SELECT * FROM users WHERE username ='$userdet_username' AND password = '".md5($userdet_password)."'"; if ($mysql_login_result =mysql_query($mysql_login_query)) { $loginarray=mysql_fetch_array($mysql_login_result); if(mysql_num_rows($mysql_login_result) ==1) { if($loginarray['confirmed']=="yes") { $_SESSION['logedin']=TRUE; $_SESSION['username'] = $loginarray['username']; $_SESSION['userid'] = $loginarray['id']; $_SESSION['datejoined'] = $loginarray['datejoined']; $_SESSION['nicname'] = $loginarray['nicname']; $_SESSION['email'] = $loginarray['email']; $_SESSION['theme'] = $loginarray['theme']; $_SESSION['lastonline'] = $loginarray['lastonline']; $_SESSION['fname'] = $loginarray['fname']; $_SESSION['sname'] = $loginarray['sname']; $_SESSION['accesslvl'] = $loginarray['accesslvl']; $_SESSION['hidemail'] = $loginarray['hidemail']; echo "loged in correct"; }else{ header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/login.php?username=".$userdet_username."&error=notconfirmed"); } }else{ header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/login.php?username=".$userdet_username."&error=wrongdetails"); } ?> i removed some of the things you dont need as id rather keep the code to myself Quote Link to comment Share on other sites More sharing options...
jonsjava Posted April 22, 2008 Share Posted April 22, 2008 Login.html <form method="POST" action="p_login.php" id="Login"> <tr class="browse_rows_heading"> <td> Username: </td> <td> <input type="text" name="username"> </td> </tr> <tr class="browse_rows_heading"> <td> Password: </td> <td> <input type="password" name="password"> </td> </tr> <tr class="browse_rows_heading"> <td> <input type="submit" value="Submit"> </td> </tr> </form> </td></tr></table> p_login.php <?php /* **************************** DB INFO **************************** */ /* ################################################################################### */ /* Query to validate user */ /* ################################################################################### */ $username = addslashes($_POST["username"]); $password = addslashes($_POST["password"]); $enc_pass = md5($password); $sql = "SELECT * FROM `users_{$list_name}` where `uname` = '{$username}' and `password` = '{$enc_pass}' limit 1;"; $result = @mysql_query($sql); $validate = @mysql_num_rows($result); /* ################################################################################### */ /* END Query to validate user */ /* ################################################################################### */ if ($validate > 0){ //login the user } else{ //don't } Quote Link to comment Share on other sites More sharing options...
thedecline Posted April 22, 2008 Author Share Posted April 22, 2008 I solved this a few hours ago, it was entirely down to my own stupid fault. i don't even want to point it out here for fear of backlash at how stupid it is. However i have learned alot about login systems that i an now implement. thanks alot. DO i have to pm a mod to set this as solved or just rename the thread? Quote Link to comment Share on other sites More sharing options...
jonsjava Posted April 22, 2008 Share Posted April 22, 2008 at the top (or is it bottom?) next to the reply button, you'll see "resolved". click it. Quote Link to comment Share on other sites More sharing options...
thedecline Posted April 22, 2008 Author Share Posted April 22, 2008 at the top (or is it bottom?) next to the reply button, you'll see "resolved". click it. the help is much appreciated, thanks guys Quote Link to comment Share on other sites More sharing options...
mofm Posted April 22, 2008 Share Posted April 22, 2008 simple things get me stumped for agies dont worrie so annoying well im glad u got it sorted nneed anymore help give me a buzz dway_row@hotmail.com (msn) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.