ngreenwood6 Posted August 4, 2008 Share Posted August 4, 2008 I am having some trouble encrypting passwords. I have a section where you can register: <?php //define the variables $firstname = Trim(stripslashes($_POST['firstname'])); $lastname = Trim(stripslashes($_POST['lastname'])); $email = Trim(stripslashes($_POST['email'])); $username = Trim(stripslashes($_POST['username'])); $password = Trim(stripslashes(md5($_POST['password']))); //define the database variables $host = "localhost"; $db_name = "login"; $db_table = "members"; $db_username = "root"; $db_password = ""; //function to insert the data into the database $insertinto_db = "INSERT INTO members (firstname, lastname, email, username, password) VALUES ('$firstname','$lastname','$email','$username','$password')"; //variable to connect to database $mysqli_connect = mysqli_connect($host,$db_username,$db_password,$db_name) or die ("Could not connect to database"); $link = mysqli_connect($host,$db_username,$db_password,$db_name); if ($result = mysqli_query($link, "SELECT username from members WHERE username = '$username' ")) { $num_rows = mysqli_num_rows($result); mysqli_free_result($result); } $link2 = mysqli_connect($host,$db_username,$db_password,$db_name); if ($result2 = mysqli_query($link2, "SELECT email from members WHERE email = '$email' ")) { $num_rows2 = mysqli_num_rows($result2); mysqli_free_result($result2); } //error handling if (!$firstname) { include("registration_error.php"); } else if(!$lastname) { include("registration_error.php"); } else if(!$email) { include("registration_error.php"); } else if (!$username) { include("registration_error.php"); } else if (!$password) { include("registration_error.php"); } else if ($num_rows2 > 0) { include("email_exists.php"); } else if ($num_rows > 0) { include ("already_exists.php"); } else if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) { include("valid_format.php"); } else { //variable to send data to the database mysqli_query($mysqli_connect,$insertinto_db) or die ("Error: ".mysqli_error($mysqli_connect)); include ("registered.php"); } ?> Then I have a section where you can login: <?php $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="login"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // encrypt password $encrypted_mypassword=md5($mypassword); // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("Location:logged_in.php"); } else { header("Location:error.php"); } ?> They both work properly with out being encrypted, but if I encrypt the password it wont allow me to login. I looked at the database and the password is encrypted on there. Am I missing something? Link to comment https://forums.phpfreaks.com/topic/118082-solved-encrypt-password/ Share on other sites More sharing options...
wildteen88 Posted August 4, 2008 Share Posted August 4, 2008 md5 returns a string which is 32 characters in length , make sure your password field holds atleast 32 characters. also as your password is encrypted after running this line: $encrypted_mypassword=md5($mypassword); You do not need to make it safe for insertion into the database, as md5 uses alpha numeric characters (a-z and 0-9) only. So following lines are not necessary: $mypassword = stripslashes($mypassword); $mypassword = mysql_real_escape_string($mypassword); EDIT Didn't read your register script, this line $password = Trim(stripslashes(md5($_POST['password']))); should be $password = md5(trim($_POST['password'])); Link to comment https://forums.phpfreaks.com/topic/118082-solved-encrypt-password/#findComment-607499 Share on other sites More sharing options...
ngreenwood6 Posted August 4, 2008 Author Share Posted August 4, 2008 Thanks. That is useful information to know. I had set it to 20 characters when I had not encrypted it yet. Thanks for the help. Link to comment https://forums.phpfreaks.com/topic/118082-solved-encrypt-password/#findComment-607506 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.