boemboem Posted February 26, 2009 Share Posted February 26, 2009 I have made a double insert query for a username/password a database, this is working ok, but it seems something is wrong with the password/md5 part. It does insert a md5 like password in the database, but I can not use it, but when I copy an other password in place of the previous one, I can login. My question, are their different ways of interpreting md5 passwords? This is the part of the main website: // insert in db $md5pwd = md5($pwd1); $registerdate=time(); Link to comment https://forums.phpfreaks.com/topic/147018-solved-md5-question/ Share on other sites More sharing options...
rhodesa Posted February 26, 2009 Share Posted February 26, 2009 nope, nothing fancy. can you post more code for the INSERTing and then verifying the password? Link to comment https://forums.phpfreaks.com/topic/147018-solved-md5-question/#findComment-771825 Share on other sites More sharing options...
boemboem Posted February 26, 2009 Author Share Posted February 26, 2009 This is the register part. <?php eval ("\$title_register = \"".gettemplate("title_register")."\";"); echo $title_register; if($_POST['save']) { //register_globals = off $username = htmlspecialchars($_POST['username']); $nickname = htmlspecialchars($_POST['nickname']); $pwd1 = $_POST['pwd1']; $pwd2 = $_POST['pwd2']; $mail = $_POST['mail']; $country = $_POST['country']; $CAPCLASS = new Captcha; if(!$CAPCLASS->check_captcha($_POST['captcha'], $_POST['captcha_hash'])) $error[]="The security code was wrong!"; // prüfung username $ergebnis = safe_query("SELECT * FROM ".PREFIX."user WHERE username = '$username' "); $num = mysql_num_rows($ergebnis); if($num) $error[]="username already in use!"; // prüfung mail $ergebnis = safe_query("SELECT * FROM ".PREFIX."user WHERE email = '$mail' "); $num = mysql_num_rows($ergebnis); if($num) $error[]="mailadress already in use!"; // prüfung nickname $ergebnis = safe_query("SELECT * FROM ".PREFIX."user WHERE nickname = '$nickname' "); $num = mysql_num_rows($ergebnis); if($num) $error[]="nickname already in use!"; if(!(strlen(trim($username)))) $error[]="you have to enter a username!"; elseif( strlen(trim($username)) > 30 ) $error[]="your username is too long! (max 30 chars)"; // prüfung passwort if($pwd1 == $pwd2) { if(!(strlen(trim($pwd1)))) $error[]="you have to enter a password!"; } else $error[]="your repeated password is not valid!"; // prüfung e-mail $sem = '^[a-z0-9_\.-]+@[a-z0-9_-]+\.[a-z0-9_\.-]+$'; if(!(eregi($sem, $mail))) $error[]="your e-mail is not valid!"; // prüfung nickname if(!(strlen(trim($nickname)))) $error[]="you have to enter your nickname!"; if(is_array($error)) { echo'<b>There has been errors!</b><br><br>'; foreach($error as $err) { echo'<li>'.$err.'</li>'; } echo'<br><br><input type="button" class="button" onClick="javascript:history.back()" value="Back">'; } else { // insert in db $md5pwd = md5($pwd1); $registerdate=time(); $activationkey = 1; safe_query("INSERT INTO members (`name`, `password`, `email`, `act`, `country`) VALUES ('$username', '$md5pwd', '$mail', '".$activationkey."', '$country')"); safe_query("INSERT INTO `".PREFIX."user` (`registerdate`, `lastlogin`, `username`, `password`, `nickname`, `email`, `newsletter`, `activated`, `country`) VALUES ('$registerdate', '$registerdate', '$username', '$md5pwd', '$nickname', '$mail', '1', '".$activationkey."', '$country')"); // insert in user_groups safe_query("INSERT INTO ".PREFIX."user_groups ( userID ) values('$insertid' )"); echo "Your registration was successful, you are able to login now!"; }} elseif($_GET['key']) { safe_query("UPDATE `".PREFIX."user` SET activated='1' WHERE activated='".$_GET['key']."'"); if(mysql_affected_rows()) redirect('index.php?site=login','Your account has been activated successfully.<br>You are now able to login.'); else redirect('index.php?site=login','Your activation key ist wrong!'); } else { $bg1=BG_1; $bg2=BG_2; $bg3=BG_3; $bg4=BG_4; $CAPCLASS = new Captcha; $captcha = $CAPCLASS->create_captcha(); $hash = $CAPCLASS->get_hash(); $CAPCLASS->clear_oldcaptcha(); eval ("\$register = \"".gettemplate("register")."\";"); echo $register; } ?> Link to comment https://forums.phpfreaks.com/topic/147018-solved-md5-question/#findComment-771832 Share on other sites More sharing options...
killah Posted February 26, 2009 Share Posted February 26, 2009 It probably has something to do when you are validating it to login. Are you sure you have something like this in the authenticate file. $password = md5($_POST['password']); ? Then to check it. $rows = mysql_query("SELECT userid FROM users WHERE password = '".$password."'"); Link to comment https://forums.phpfreaks.com/topic/147018-solved-md5-question/#findComment-771842 Share on other sites More sharing options...
boemboem Posted February 26, 2009 Author Share Posted February 26, 2009 function set($login){ global $config; $login[pass] = md5(md5($login[pass])); if(!mysql_num_rows(mysql_query("SELECT id FROM members WHERE name='$login[name]' AND password='$login[pass]'"))){ $mes="1"; login($mes); exit; } This is in the login.php, steange enough, when I copy a md5 code from a test account (I know that password) and paste it in the other test account in the db, I can login. Link to comment https://forums.phpfreaks.com/topic/147018-solved-md5-question/#findComment-771923 Share on other sites More sharing options...
PFMaBiSmAd Posted February 26, 2009 Share Posted February 26, 2009 $login[pass] = md5(md5($login[pass])); Don't you suppose that using two md5() will produce a different value than using one in the registration code - $md5pwd = md5($pwd1); Link to comment https://forums.phpfreaks.com/topic/147018-solved-md5-question/#findComment-771929 Share on other sites More sharing options...
boemboem Posted February 26, 2009 Author Share Posted February 26, 2009 That's indeed the problem. when I use this $login[pass] = md5($login[pass]); works great! Link to comment https://forums.phpfreaks.com/topic/147018-solved-md5-question/#findComment-771964 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.