evanct Posted December 14, 2008 Share Posted December 14, 2008 Still fairly new. I made a table 'users' in which the username field has an entry 'markj' with the password being 'thimble' which is MD5 encrypted. I run this script(omitting the mysql connecting stuff and the html for you): $username=($_GET['username']); $password=($_GET['password']); if (isset($username) || isset($password)) { $query="SELECT * FROM users WHERE username='".$username."' AND password=MD5('".$password."') LIMIT 1"; $result=$connection->query($query); if (MDB2::isError($result)) { die("Could not query the database: ".$query." ".MDB2::errorMessage($result)); } if (($result->numRows())==0) { echo "Incorrect password."; }else { echo ("Thank you for logging in, ".$username); } } When I enter the correct things into the html textfields(markj and thimble) I get 'Incorrect password'. so i run this little test: $query="SELECT * FROM users WHERE password=MD5('thimble')"; $result=$connection->query($query); while ($row=$result->fetchRow(MDB2_FETCHMODE_ASSOC)) { echo $row['username']; } which results in a blank page. (However if i change the query to "SELECT * FROM users WHERE user_id=1" or something, the correct username is echoed) So what am i doing wrong here? sorry if i'm stupid, like I said I'm new. Link to comment https://forums.phpfreaks.com/topic/136881-md5-encryption/ Share on other sites More sharing options...
laPistola Posted December 14, 2008 Share Posted December 14, 2008 $username=$_GET['username']; $password=$_GET['password']; Link to comment https://forums.phpfreaks.com/topic/136881-md5-encryption/#findComment-714914 Share on other sites More sharing options...
PFMaBiSmAd Posted December 14, 2008 Share Posted December 14, 2008 What is the password field in your table defined as? Have you examined what is in your table and if the value in the password field is the same as what you get when you echo the md5() of your password? Link to comment https://forums.phpfreaks.com/topic/136881-md5-encryption/#findComment-714915 Share on other sites More sharing options...
laPistola Posted December 14, 2008 Share Posted December 14, 2008 infact thinking about it are you passing the username and password via the url using the GET method in your form as you really should be using POST and then that code should be $username=$_POST['username']; $password=$_POST['password']; its better security as the password isn't visable in a URL Link to comment https://forums.phpfreaks.com/topic/136881-md5-encryption/#findComment-714916 Share on other sites More sharing options...
evanct Posted December 14, 2008 Author Share Posted December 14, 2008 What is the password field in your table defined as? Have you examined what is in your table and if the value in the password field is the same as what you get when you echo the md5() of your password? the password field is: MD5('thimble') when I echo it, it displays as: 23aebcf37d7305 Link to comment https://forums.phpfreaks.com/topic/136881-md5-encryption/#findComment-714922 Share on other sites More sharing options...
laPistola Posted December 14, 2008 Share Posted December 14, 2008 what PFMaBiSmAd is trying to say is the password field in your MySQL table displaying 23aebcf37d7305 Link to comment https://forums.phpfreaks.com/topic/136881-md5-encryption/#findComment-714924 Share on other sites More sharing options...
PFMaBiSmAd Posted December 14, 2008 Share Posted December 14, 2008 An md5 is 32 characters long - MD5(str) Calculates an MD5 128-bit checksum for the string. The value is returned as a binary string of 32 hex digits, or NULL if the argument was NULL. The return value can, for example, be used as a hash key. The length of your password field in your table, which I asked you what it was defined as, is not long enough to hold a md5 value. Link to comment https://forums.phpfreaks.com/topic/136881-md5-encryption/#findComment-714925 Share on other sites More sharing options...
evanct Posted December 14, 2008 Author Share Posted December 14, 2008 An md5 is 32 characters long - MD5(str) Calculates an MD5 128-bit checksum for the string. The value is returned as a binary string of 32 hex digits, or NULL if the argument was NULL. The return value can, for example, be used as a hash key. The length of your password field in your table, which I asked you what it was defined as, is not long enough to hold a md5 value. oh i see. I changed it to 32 chars and now everything's just peachy. thanks Link to comment https://forums.phpfreaks.com/topic/136881-md5-encryption/#findComment-714927 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.