thenewperson Posted November 3, 2009 Share Posted November 3, 2009 Having problem using md5 on the password part. When i put the md5 in for password it generated the code like normal and inserted into the database. However when i type the normal password it says password incorrect. The confirm php that is included in file is the login information. registernext.php (file which clears tests than sends confirmation email) <?php include('confirm.php'); //test to see if username is alphanumeric $test=$_POST[username]; if(!eregi(("[^A-Za-z0-9]"),$test)){ //test for duplicate names $query="SELECT * FROM users WHERE user_name ='$_POST[username]'"; $result=mysql_query($query); $num=mysql_num_rows($result); if ($num == 0){ //test for duplicate email $query2="SELECT * FROM users WHERE user_email = '$_POST[email]'"; $result2=mysql_query($query2); $num2=mysql_num_rows($result2); if($num2==0){ //if emails and passwords match up if(($_POST['pass']==$_POST['pass2'])&&($_POST['email']==$_POST['email2'])){ //generate random confirmation code $confirm_code=md5(uniqid(rand())); //get rid of all html from hackers $name=strip_tags($_POST['username']); $email=strip_tags($_POST['email']); $pass=md5(strip_tags($_POST['pass'])); $gender=strip_tags($_POST['gender']); $birthday = strip_tags($_POST['birthday']) . strip_tags($_POST['birthmonth']) . strip_tags($_POST['birthyear']); //insert data into database $sql="INSERT INTO temp SET code='$confirm_code',user_name='$name',user_email='$email',user_password='$pass', user_gender='$gender',user_birthday='$birthday'"; $result=mysql_query($sql); if($result){ $message="your confirm link \r\n"; $message.="Click on this link to activate your account \r\n"; $message.="http://likeftp.com/confirmation.php?passkey=$confirm_code"; $sentmail=mail($email,'Registration Confirmation',"$message"); header("Location:thankyou.php"); } else{ echo "Error "; } //if your email succesfully sent if($sentmail){ echo "Your confirmation link has been sent to your email"; } else{ echo "Cannot send confirmation link to your email address"; } }else{ header("Location:usernametaken.html"); } }else{ header("Location:invalidname.html"); } } } ?> confirmation.php file (what happens when the email link is clicked) <?php include('confirm.php'); //set variable $passkey=$_GET['passkey']; $sql1="SELECT * FROM temp WHERE code='$passkey'"; $result1=mysql_query($sql1); //if sucessfully queried if($result1){ //how many rows have key $count=mysql_num_rows($result1); //if passkey is in database, retrieve data if($count==1){ $rows=mysql_fetch_array($result1); $namex=$rows['user_name']; $emailx=$rows['user_email']; $passwordx=$rows['user_password']; $genderx=$rows['user_gender']; $birthdayx=$rows['user_birthday']; //takeoutspace $name=str_replace(' ','',$namex); $email=str_replace(' ','',$emailx); $password=str_replace(' ','',$passwordx); $gender=str_replace(' ','',$genderx); $birthday=str_replace(' ','',$birthdayx); //insert into users table $sql2="INSERT INTO users SET user_name='$name', user_email='$email',user_password='$password', user_gender='$gender', user_birthday='$birthday'"; $result=mysql_query($sql2); } } ?> Quote Link to comment Share on other sites More sharing options...
gizmola Posted November 3, 2009 Share Posted November 3, 2009 You didn't provide the code for login, so there's no way to know. Also, when you insert the row, I don't see you doing any md5() on it. Quote Link to comment Share on other sites More sharing options...
mikesta707 Posted November 3, 2009 Share Posted November 3, 2009 Make sure that the length of your password field in the table is long enough for md5 hashes. I usually use 64-128 character lengths for my password fields. This usually is what gets a lot of people, as if your string is longer than the max length, the string is truncated Quote Link to comment Share on other sites More sharing options...
damdempsel Posted November 3, 2009 Share Posted November 3, 2009 On your log in page, you have to make sure that the password they typed is md5 encrypted before you compare it to the password on the database. If we could see the log in code it would be helpful. Quote Link to comment Share on other sites More sharing options...
thenewperson Posted November 3, 2009 Author Share Posted November 3, 2009 thank you lots. Didnt know i had to use md5 on login to check password to. Just automaticaly assumed password jim would be 3993s9ssfdo9. Got it solved now just had to add md5 to password login Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.