[SOLVED] Login hashing

aashcool198 · May 26, 2009

I have written a code to register users.It uses md5 before saving the password.

$password = MD5($_POST['password']);

But when user logs in i need to compare the password in database with password he writes. so i convert the password entered by user in hash

$password = md5 ($_POST['password']);

and now i compare this with passwords in database.

But despite entering the correct password its not logging in.

Please help!

iarp · May 26, 2009

Wheres the code that does the comparison? Is it using proper number of equal signs(==)... etc.

aashcool198 · May 26, 2009

<?php

// Open a connection to the DB

$conn = mysql_connect('localhost', 'root', '') or die(mysql_error());

mysql_select_db('Sumeru Skills', $conn);

// Start the session (DON'T FORGET!!)

session_start();

// Check if user wants to login (GET info)

if(isset($_GET['try'])) {

// That's nice, user wants to login. But lets check if user has filled in all information

If(empty($_POST['username']) OR empty($_POST['password'])) {

// User hasn't filled it all in!

echo 'Please fill in all the required fields!';

} else {

// User filled it all in!

// Make variables save with addslashes and md5

$username = $_POST['username'];

$password = md5 ($_POST['password']);

// Search for a combination

$query = mysql_query("SELECT login_id FROM login

WHERE username = '" . $username . "'

AND password = '" . $password . "'

") or die(mysql_error());

// Save result

list($user_id) = mysql_fetch_array($query);

// If the user_id is empty no combination was found

if(empty($user_id)) {

echo 'No combination of username and password found.';

} else {

// the user_id variable doesn't seem to be empty, so a combination was found!

// Create new session, store the user id

$_SESSION['user_id'] = $user_id;

// Redirect to userpanel.php

header('location: userpanel.php');

}

?>

Username: <input type="text" name="username"><br>

<br>

Password: <input type="password" name="password"><br>

<br>

</form>

iarp · May 26, 2009

Made a few changes, quick edits as its late and i'm heading to bed. It may or may not work as i can't test it.

Changed AND from the query to && and added brackets around both WHERE clauses

removed a space between md5 and (

<?php

// Open a connection to the DB
$conn = mysql_connect('localhost', 'root', '') or die(mysql_error());
mysql_select_db('Sumeru Skills', $conn);

// Start the session (DON'T FORGET!!)
session_start();

// Check if user wants to login (GET info)
if(isset($_GET['try'])) {

   // That's nice, user wants to login. But lets check if user has filled in all information
   if(empty($_POST['username']) || empty($_POST['password'])) {
   
      // User hasn't filled it all in!
      echo 'Please fill in all the required fields!';
   
   } else {

      // User filled it all in!

      // Make variables save with addslashes and md5
      $username = $_POST['username'];
      $password = md5($_POST['password']);

      // Search for a combination
      $query = mysql_query("SELECT login_id FROM login
                  WHERE (username = '" . $username . "' && password = '" . $password . "')
                 ") or die(mysql_error());

      // Save result
      list($user_id) = mysql_fetch_array($query);

      // If the user_id is empty no combination was found
      if(empty($user_id)) {

         echo 'No combination of username and password found.';

      } else {
      
         // the user_id variable doesn't seem to be empty, so a combination was found!

         // Create new session, store the user id
         $_SESSION['user_id'] = $user_id;

         // Redirect to userpanel.php
         header('location: userpanel.php');
      }      
   }
}

?>
<form action="login.php?try=true" method="post">

Username: <input type="text" name="username"><br>
<br>
Password: <input type="password" name="password"><br>
<br>
<input type="submit" value="Login!">

</form>

PFMaBiSmAd · May 26, 2009

When a comparison fails, please examine the values being compared to find out why. What is in your database and what is the result of echoing $_POST['username'] and md5($_POST['password']) in the code.

aashcool198 · May 26, 2009

49f68a5c84 is the registered password..

but at the time of login the password was 49f68a5c8493ec2c0bf489821c21fc3b

if you see arefully the first digits a maching.. from where came the extra digits.

PFMaBiSmAd · May 26, 2009

What makes you think they are extra -

Return Values
Returns the hash as a 32-character hexadecimal number.

aashcool198 · May 26, 2009

please tell me how should i store password during registration and how should i match it during login?

iarp · May 26, 2009

make sure the password column is something like varchar(32). Currently the column looks to only be storing up to 10 characters and not 32.

aashcool198 · May 30, 2009

thanks a lot!

That was it!

Sign In

[SOLVED] Login hashing

Recommended Posts

aashcool198

Link to comment

Share on other sites

iarp

Link to comment

Share on other sites

aashcool198

Link to comment

Share on other sites

iarp

Link to comment

Share on other sites

PFMaBiSmAd

Link to comment

Share on other sites

aashcool198

Link to comment

Share on other sites

PFMaBiSmAd

Link to comment

Share on other sites

aashcool198

Link to comment

Share on other sites

iarp

Link to comment

Share on other sites

aashcool198

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information