denoteone Posted January 21, 2009 Share Posted January 21, 2009 I am encrypting my password on my register page with $_POST['pass'] = md5($_POST['pass']); and when I try to log in page I have $_POST['pass'] = md5($_POST['pass']); if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } my question is when you use md5(); it will give you the same thing every time as long as the variable does not change right? Quote Link to comment https://forums.phpfreaks.com/topic/141824-solved-encrypting-passwords/ Share on other sites More sharing options...
GingerRobot Posted January 21, 2009 Share Posted January 21, 2009 it will give you the same thing every time as long as the variable does not change right? Yep. You should probably salt that password though - it's much more secure. Quote Link to comment https://forums.phpfreaks.com/topic/141824-solved-encrypting-passwords/#findComment-742542 Share on other sites More sharing options...
Maq Posted January 21, 2009 Share Posted January 21, 2009 Just think about it like this, if it kept changing how would you ever be able to determine if the password was correct? Quote Link to comment https://forums.phpfreaks.com/topic/141824-solved-encrypting-passwords/#findComment-742545 Share on other sites More sharing options...
Philip Posted January 21, 2009 Share Posted January 21, 2009 It'll give you the same thing everytime if the input is exactly the same. Btw, <?php $pass = md5($_POST['pass']); if ($pass) != $info['password']) { die('Incorrect password, please try again.'); } You won't be able to set a $_POST variable to a different variable - and if you can, it's bad practice. Quote Link to comment https://forums.phpfreaks.com/topic/141824-solved-encrypting-passwords/#findComment-742546 Share on other sites More sharing options...
denoteone Posted January 21, 2009 Author Share Posted January 21, 2009 I figured that I am just getting a password incorrect error. So I am narrowing down the issue. NEW QUESTION will this produce a random number and updated the activationkey field in my DB? $newkey = mt_rand(); $sql="UPDATE users SET activationkey = '$newkey', status='activated' WHERE (id = $row[id])"; Quote Link to comment https://forums.phpfreaks.com/topic/141824-solved-encrypting-passwords/#findComment-742549 Share on other sites More sharing options...
chronister Posted January 21, 2009 Share Posted January 21, 2009 Yes, a string encrypted with md5 will be the same every time. When checking logins, you should run the query like this... <?php $username = $_POST['username']; $password = md5($_POST['password']); $query = "SELECT * FROM users WHERE username = '$username' && password = '$password'"; $result = mysql_query($query); if(mysql_num_rows($query) == 1) { // user found, set sessions or whatever you want. }else{ // error, this user was not found. } ?> You should also use strip_slashes() or mysql_real_escape_string() around your $_POST data to sanitize the data before running it in the query. (sorry the post was marked as solved by the time I submitted this... but I typed it all out already so I am submitting it ) Nate Quote Link to comment https://forums.phpfreaks.com/topic/141824-solved-encrypting-passwords/#findComment-742556 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.