aashcool198 Posted May 26, 2009 Share Posted May 26, 2009 I have written a code to register users.It uses md5 before saving the password. $password = MD5($_POST['password']); But when user logs in i need to compare the password in database with password he writes. so i convert the password entered by user in hash $password = md5 ($_POST['password']); and now i compare this with passwords in database. But despite entering the correct password its not logging in. Please help! Link to comment https://forums.phpfreaks.com/topic/159655-solved-login-hashing/ Share on other sites More sharing options...
iarp Posted May 26, 2009 Share Posted May 26, 2009 Wheres the code that does the comparison? Is it using proper number of equal signs(==)... etc. Link to comment https://forums.phpfreaks.com/topic/159655-solved-login-hashing/#findComment-842082 Share on other sites More sharing options...
aashcool198 Posted May 26, 2009 Author Share Posted May 26, 2009 <?php // Open a connection to the DB $conn = mysql_connect('localhost', 'root', '') or die(mysql_error()); mysql_select_db('Sumeru Skills', $conn); // Start the session (DON'T FORGET!!) session_start(); // Check if user wants to login (GET info) if(isset($_GET['try'])) { // That's nice, user wants to login. But lets check if user has filled in all information If(empty($_POST['username']) OR empty($_POST['password'])) { // User hasn't filled it all in! echo 'Please fill in all the required fields!'; } else { // User filled it all in! // Make variables save with addslashes and md5 $username = $_POST['username']; $password = md5 ($_POST['password']); // Search for a combination $query = mysql_query("SELECT login_id FROM login WHERE username = '" . $username . "' AND password = '" . $password . "' ") or die(mysql_error()); // Save result list($user_id) = mysql_fetch_array($query); // If the user_id is empty no combination was found if(empty($user_id)) { echo 'No combination of username and password found.'; } else { // the user_id variable doesn't seem to be empty, so a combination was found! // Create new session, store the user id $_SESSION['user_id'] = $user_id; // Redirect to userpanel.php header('location: userpanel.php'); } } } ?> <form action="login.php?try=true" method="post"> Username: <input type="text" name="username"><br> <br> Password: <input type="password" name="password"><br> <br> <input type="submit" value="Login!"> </form> Link to comment https://forums.phpfreaks.com/topic/159655-solved-login-hashing/#findComment-842085 Share on other sites More sharing options...
iarp Posted May 26, 2009 Share Posted May 26, 2009 Made a few changes, quick edits as its late and i'm heading to bed. It may or may not work as i can't test it. Changed AND from the query to && and added brackets around both WHERE clauses removed a space between md5 and ( <?php // Open a connection to the DB $conn = mysql_connect('localhost', 'root', '') or die(mysql_error()); mysql_select_db('Sumeru Skills', $conn); // Start the session (DON'T FORGET!!) session_start(); // Check if user wants to login (GET info) if(isset($_GET['try'])) { // That's nice, user wants to login. But lets check if user has filled in all information if(empty($_POST['username']) || empty($_POST['password'])) { // User hasn't filled it all in! echo 'Please fill in all the required fields!'; } else { // User filled it all in! // Make variables save with addslashes and md5 $username = $_POST['username']; $password = md5($_POST['password']); // Search for a combination $query = mysql_query("SELECT login_id FROM login WHERE (username = '" . $username . "' && password = '" . $password . "') ") or die(mysql_error()); // Save result list($user_id) = mysql_fetch_array($query); // If the user_id is empty no combination was found if(empty($user_id)) { echo 'No combination of username and password found.'; } else { // the user_id variable doesn't seem to be empty, so a combination was found! // Create new session, store the user id $_SESSION['user_id'] = $user_id; // Redirect to userpanel.php header('location: userpanel.php'); } } } ?> <form action="login.php?try=true" method="post"> Username: <input type="text" name="username"><br> <br> Password: <input type="password" name="password"><br> <br> <input type="submit" value="Login!"> </form> Link to comment https://forums.phpfreaks.com/topic/159655-solved-login-hashing/#findComment-842088 Share on other sites More sharing options...
PFMaBiSmAd Posted May 26, 2009 Share Posted May 26, 2009 When a comparison fails, please examine the values being compared to find out why. What is in your database and what is the result of echoing $_POST['username'] and md5($_POST['password']) in the code. Link to comment https://forums.phpfreaks.com/topic/159655-solved-login-hashing/#findComment-842090 Share on other sites More sharing options...
aashcool198 Posted May 26, 2009 Author Share Posted May 26, 2009 49f68a5c84 is the registered password.. but at the time of login the password was 49f68a5c8493ec2c0bf489821c21fc3b if you see arefully the first digits a maching.. from where came the extra digits. Link to comment https://forums.phpfreaks.com/topic/159655-solved-login-hashing/#findComment-842092 Share on other sites More sharing options...
PFMaBiSmAd Posted May 26, 2009 Share Posted May 26, 2009 What makes you think they are extra - Return Values Returns the hash as a 32-character hexadecimal number. Link to comment https://forums.phpfreaks.com/topic/159655-solved-login-hashing/#findComment-842095 Share on other sites More sharing options...
aashcool198 Posted May 26, 2009 Author Share Posted May 26, 2009 please tell me how should i store password during registration and how should i match it during login? Link to comment https://forums.phpfreaks.com/topic/159655-solved-login-hashing/#findComment-842204 Share on other sites More sharing options...
iarp Posted May 26, 2009 Share Posted May 26, 2009 make sure the password column is something like varchar(32). Currently the column looks to only be storing up to 10 characters and not 32. Link to comment https://forums.phpfreaks.com/topic/159655-solved-login-hashing/#findComment-842329 Share on other sites More sharing options...
aashcool198 Posted May 30, 2009 Author Share Posted May 30, 2009 thanks a lot! That was it! Link to comment https://forums.phpfreaks.com/topic/159655-solved-login-hashing/#findComment-845848 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.