Jump to content

Recommended Posts

I am encrypting my password on my register page with

$_POST['pass'] = md5($_POST['pass']);

 

and when I try to log in page I have

$_POST['pass'] = md5($_POST['pass']);

if ($_POST['pass'] != $info['password']) {

die('Incorrect password, please try again.');

}

 

my question is when you use md5();  it will give you the same thing every time as long as the variable does not change right?

Link to comment
https://forums.phpfreaks.com/topic/141824-solved-encrypting-passwords/
Share on other sites

It'll give you the same thing everytime if the input is exactly the same.

 

Btw,

<?php
$pass = md5($_POST['pass']);

if ($pass) != $info['password']) {

die('Incorrect password, please try again.');

}

 

You won't be able to set a $_POST variable to a different variable - and if you can, it's bad practice.

I figured that I am just getting a password incorrect error. So I am narrowing down the issue.

 

 

NEW QUESTION will this produce a random number and updated the activationkey field in my DB?

 

$newkey =  mt_rand();
$sql="UPDATE users SET activationkey = '$newkey', status='activated' WHERE (id = $row[id])";

Yes, a string encrypted with md5 will be the same every time.

 

When checking logins, you should run the query like this...


<?php
$username = $_POST['username'];
$password = md5($_POST['password']);

$query = "SELECT * FROM users WHERE username = '$username' && password = '$password'";
$result = mysql_query($query);
if(mysql_num_rows($query) == 1) {
  // user found, set sessions or whatever you want.
}else{
// error, this user was not found.
}
?>

 

You should also use strip_slashes() or mysql_real_escape_string() around your $_POST data to sanitize the data before running it in the query.

 

(sorry the post was marked as solved by the time I submitted this... but I typed it all out already so I am submitting it :)  )

 

Nate

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.