md5

[squiblo]

Hi, i have this login script but without md5 for the password and im not sure where to type it in, could some please show me where the md5 for the password goes?

 

<?php

error_reporting(E_ALL);
ini_set('display_errors', 'off');
$host=""; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name=""; // Database name 
$tbl_name=""; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

if(isset($_POST['Login'])){
// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];
$mycompany=$_POST['mycompany']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$mycompany = stripslashes($mycompany);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$mycompany = mysql_real_escape_string($mycompany);
//$_SESSION['myusername']=$dbusername;

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword' and company='$mycompany'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword and $mycompany, table row must be 1 row

if($count==1){
session_register("myusername");
session_register("mypassword");
session_register("mycompany"); 
header("location:index.php");
}
else
{
header("location:wrong_login.php");
}
}

?>

[mellis95]

If the password is stored as MD5 already, try this.

 

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password=MD5('$mypassword') and company='$mycompany'";