Jump to content

[SOLVED] md5 password help

wargolchaos

By wargolchaos
in PHP Coding Help

 Share

Recommended Posts

wargolchaos Newbie

wargolchaos

Posted
Posted

My script works without the md5 but not with the md5.

 

I cant figure out what im doing wrong. Its driving me crazy.. Please help.

 

Heres my sql.

CREATE TABLE `users` (
  `id` int(10) NOT NULL auto_increment,
  `username` varchar(50) NOT NULL,
  `password` varchar(32) NOT NULL,
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

 

Heres how I added a single user to test the database.

<?php
mysql_connect("localhost", "----", "----") or die(mysql_error()); 
mysql_select_db("-------") or die(mysql_error());

$username = 'testuser';
$password = 'testpass';

mysql_query("INSERT INTO test (username, password) VALUES('". mysql_escape_string($username) ."', '".md5($password)."' ) ") or die(mysql_error()); 

?>

 

And here is my login script

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
</head>
<body>

<div id="wrap">

	<?php 

	mysql_connect("localhost", "-----", "-----") or die(mysql_error());
	mysql_select_db("--------") or die(mysql_error());

	if(isset($_POST['username']) && isset($_POST['password'])){
		// Verify
		$username = mysql_escape_string($_POST['username']);
		$password = $_POST['password'];

		$gUser = mysql_query("SELECT * FROM test WHERE username='".$username."' AND password='".$password."' LIMIT 1") or die(mysql_error());
		$verify = mysql_num_rows($gUser);

		if($verify > 0){
			echo '<h2>Login Complete</h2>
			      <p>Thanks for logging in!</p>';
		}else{
			echo '<h2>Login Failed</h2>
			      <p>Sorry your login credentials are incorrect.';
		}
	}else{
	?>
	<h2>Login</h2>
	<p>Please enter your login credentials to get access to the download area</p>

	<form method="post" action="">
		<fieldset>
			<label for="username">Username:</label><input type="text" name="username" value="" />
			<label for="password">Password:</label><input type="text" name="password" value="" />
			<input type="submit" value="Login" />
		</fieldset>
	</form>

	<?php
	}
	?>
	   
</div>

</body>
</html>

 

 

Link to comment
Share on other sites
mikesta707 Member

mikesta707

Posted
Posted

you have to MD5 the posted password also. A normal password will never equal its MD5'ed counter part

 

so

 

$gUser = mysql_query("SELECT * FROM test WHERE username='".$username."' AND password='".md5($password)."' LIMIT 1") or die(mysql_error());

 

should fix your problem

 

EDIT: dam ignace beat me to the punch

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.