wargolchaos Posted August 18, 2009 Share Posted August 18, 2009 My script works without the md5 but not with the md5. I cant figure out what im doing wrong. Its driving me crazy.. Please help. Heres my sql. CREATE TABLE `users` ( `id` int(10) NOT NULL auto_increment, `username` varchar(50) NOT NULL, `password` varchar(32) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ; Heres how I added a single user to test the database. <?php mysql_connect("localhost", "----", "----") or die(mysql_error()); mysql_select_db("-------") or die(mysql_error()); $username = 'testuser'; $password = 'testpass'; mysql_query("INSERT INTO test (username, password) VALUES('". mysql_escape_string($username) ."', '".md5($password)."' ) ") or die(mysql_error()); ?> And here is my login script <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title></title> </head> <body> <div id="wrap"> <?php mysql_connect("localhost", "-----", "-----") or die(mysql_error()); mysql_select_db("--------") or die(mysql_error()); if(isset($_POST['username']) && isset($_POST['password'])){ // Verify $username = mysql_escape_string($_POST['username']); $password = $_POST['password']; $gUser = mysql_query("SELECT * FROM test WHERE username='".$username."' AND password='".$password."' LIMIT 1") or die(mysql_error()); $verify = mysql_num_rows($gUser); if($verify > 0){ echo '<h2>Login Complete</h2> <p>Thanks for logging in!</p>'; }else{ echo '<h2>Login Failed</h2> <p>Sorry your login credentials are incorrect.'; } }else{ ?> <h2>Login</h2> <p>Please enter your login credentials to get access to the download area</p> <form method="post" action=""> <fieldset> <label for="username">Username:</label><input type="text" name="username" value="" /> <label for="password">Password:</label><input type="text" name="password" value="" /> <input type="submit" value="Login" /> </fieldset> </form> <?php } ?> </div> </body> </html> Link to comment https://forums.phpfreaks.com/topic/170868-solved-md5-password-help/ Share on other sites More sharing options...
ignace Posted August 18, 2009 Share Posted August 18, 2009 Aren't you forgetting something? $gUser = mysql_query("SELECT * FROM test WHERE username='".$username."' AND password='".md5($password)."' LIMIT 1") or die(mysql_error()); Link to comment https://forums.phpfreaks.com/topic/170868-solved-md5-password-help/#findComment-901185 Share on other sites More sharing options...
mikesta707 Posted August 18, 2009 Share Posted August 18, 2009 you have to MD5 the posted password also. A normal password will never equal its MD5'ed counter part so $gUser = mysql_query("SELECT * FROM test WHERE username='".$username."' AND password='".md5($password)."' LIMIT 1") or die(mysql_error()); should fix your problem EDIT: dam ignace beat me to the punch Link to comment https://forums.phpfreaks.com/topic/170868-solved-md5-password-help/#findComment-901186 Share on other sites More sharing options...
wildteen88 Posted August 18, 2009 Share Posted August 18, 2009 EDIT: Umm.. me too slow Your need to use md5 for the password in your login script: Quote $password = md5($_POST['password']); Link to comment https://forums.phpfreaks.com/topic/170868-solved-md5-password-help/#findComment-901188 Share on other sites More sharing options...
wargolchaos Posted August 18, 2009 Author Share Posted August 18, 2009 $gUser = mysql_query("SELECT * FROM test WHERE username='".$username."' AND password='".md5($password)."' LIMIT 1") or die(mysql_error()); Sorry, this is the code im using. By mistake I posted the version that I switched for testing. Link to comment https://forums.phpfreaks.com/topic/170868-solved-md5-password-help/#findComment-901193 Share on other sites More sharing options...
ignace Posted August 18, 2009 Share Posted August 18, 2009 Quote EDIT: dam ignace beat me to the punch HAHA seems like we all are very competitive and eager to show off our skills The whole fun part about this virtual competition is that only the OP is actually gaining something from this Link to comment https://forums.phpfreaks.com/topic/170868-solved-md5-password-help/#findComment-901199 Share on other sites More sharing options...
wargolchaos Posted August 18, 2009 Author Share Posted August 18, 2009 Thanks guys, I got it now. I found my error. $username = mysql_escape_string($_POST['username']); $password = md5($_POST['password']); It was the md5(password) Thanks again! Link to comment https://forums.phpfreaks.com/topic/170868-solved-md5-password-help/#findComment-901202 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.