ngreenwood6 Posted August 4, 2008 Share Posted August 4, 2008 I am having some trouble encrypting passwords. I have a section where you can register: <?php //define the variables $firstname = Trim(stripslashes($_POST['firstname'])); $lastname = Trim(stripslashes($_POST['lastname'])); $email = Trim(stripslashes($_POST['email'])); $username = Trim(stripslashes($_POST['username'])); $password = Trim(stripslashes(md5($_POST['password']))); //define the database variables $host = "localhost"; $db_name = "login"; $db_table = "members"; $db_username = "root"; $db_password = ""; //function to insert the data into the database $insertinto_db = "INSERT INTO members (firstname, lastname, email, username, password) VALUES ('$firstname','$lastname','$email','$username','$password')"; //variable to connect to database $mysqli_connect = mysqli_connect($host,$db_username,$db_password,$db_name) or die ("Could not connect to database"); $link = mysqli_connect($host,$db_username,$db_password,$db_name); if ($result = mysqli_query($link, "SELECT username from members WHERE username = '$username' ")) { $num_rows = mysqli_num_rows($result); mysqli_free_result($result); } $link2 = mysqli_connect($host,$db_username,$db_password,$db_name); if ($result2 = mysqli_query($link2, "SELECT email from members WHERE email = '$email' ")) { $num_rows2 = mysqli_num_rows($result2); mysqli_free_result($result2); } //error handling if (!$firstname) { include("registration_error.php"); } else if(!$lastname) { include("registration_error.php"); } else if(!$email) { include("registration_error.php"); } else if (!$username) { include("registration_error.php"); } else if (!$password) { include("registration_error.php"); } else if ($num_rows2 > 0) { include("email_exists.php"); } else if ($num_rows > 0) { include ("already_exists.php"); } else if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) { include("valid_format.php"); } else { //variable to send data to the database mysqli_query($mysqli_connect,$insertinto_db) or die ("Error: ".mysqli_error($mysqli_connect)); include ("registered.php"); } ?> Then I have a section where you can login: <?php $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="login"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // encrypt password $encrypted_mypassword=md5($mypassword); // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("Location:logged_in.php"); } else { header("Location:error.php"); } ?> They both work properly with out being encrypted, but if I encrypt the password it wont allow me to login. I looked at the database and the password is encrypted on there. Am I missing something? Quote Link to comment https://forums.phpfreaks.com/topic/118082-solved-encrypt-password/ Share on other sites More sharing options...
wildteen88 Posted August 4, 2008 Share Posted August 4, 2008 md5 returns a string which is 32 characters in length , make sure your password field holds atleast 32 characters. also as your password is encrypted after running this line: $encrypted_mypassword=md5($mypassword); You do not need to make it safe for insertion into the database, as md5 uses alpha numeric characters (a-z and 0-9) only. So following lines are not necessary: $mypassword = stripslashes($mypassword); $mypassword = mysql_real_escape_string($mypassword); EDIT Didn't read your register script, this line $password = Trim(stripslashes(md5($_POST['password']))); should be $password = md5(trim($_POST['password'])); Quote Link to comment https://forums.phpfreaks.com/topic/118082-solved-encrypt-password/#findComment-607499 Share on other sites More sharing options...
ngreenwood6 Posted August 4, 2008 Author Share Posted August 4, 2008 Thanks. That is useful information to know. I had set it to 20 characters when I had not encrypted it yet. Thanks for the help. Quote Link to comment https://forums.phpfreaks.com/topic/118082-solved-encrypt-password/#findComment-607506 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.