bytesize Posted October 28, 2010 Share Posted October 28, 2010 I would like to add md5 encryption into the create and login functions but I'm having difficulties with the process. user.php - create user and login functions <?php function create_user($params) { db_connect_posts(); $query = sprintf("INSERT INTO users SET users.screen_name = '%s', users.user_email = '%s', users.user_pwd = '%s', users.image = '%s', created_at = NOW()" , mysql_real_escape_string($params['screen_name']), mysql_real_escape_string($params['user_email']), mysql_real_escape_string($params['user_pwd']), mysql_real_escape_string($params['image']) ); $result = mysql_query($query); if(!$result) { return false; } else { return true; } } function login($username, $password) { db_connect_posts(); $query = sprintf("SELECT * FROM users WHERE user_email = '%s' AND user_pwd = '%s'" , mysql_real_escape_string($username), mysql_real_escape_string($password) ); $result = mysql_query($query); $number_of_posts = mysql_num_rows($result); if($number_of_posts == 0) { return false; } $row = mysql_fetch_array($result); $_SESSION['user'] = $row; return true; } ?> Register form: <form action="<?php echo '/'.APP_ROOT.'/'; ?>sessions/signup" method="post"> <fieldset> <legend>Register</legend> <div> <label>Screen Name</label> <input name="user[screen_name]" size="40" type="text" /> </div> <div> <label>E-mail</label> <input name="user[user_email]" size="40" type="text" /> </div> <div> <label>Password</label> <input name="user[user_pwd]" size="40" type="password" /> </div> <div> <label>Image</label> <input name="user[image]" size="40" type="text" /> </div> <input type="submit" name="Register" value="Register" /> </fieldset> </form> Login form: <form action="<?php echo '/'.APP_ROOT.'/'; ?>sessions/login_user" method="post"> <fieldset> <legend>Login</legend> <div> <label>E-mail</label> <input name="user[user_email]" size="40" type="text" /> </div> <div> <label>Password</label> <input name="user[user_pwd]" size="40" type="password" /> </div> <input type="submit" value="Login" /> </fieldset> </form> Link to comment https://forums.phpfreaks.com/topic/217117-md5-encryption-is-not-working/ Share on other sites More sharing options...
revraz Posted October 28, 2010 Share Posted October 28, 2010 MD5 is a hash and not encryption. Where are you trying to use it? You need to store the MD5 Password when you write it to the DB, then compare a MD5 Password to the stored value in the DB. Link to comment https://forums.phpfreaks.com/topic/217117-md5-encryption-is-not-working/#findComment-1127630 Share on other sites More sharing options...
bytesize Posted October 28, 2010 Author Share Posted October 28, 2010 I want to add it to the user_pwd field in the database in both functions. Link to comment https://forums.phpfreaks.com/topic/217117-md5-encryption-is-not-working/#findComment-1127635 Share on other sites More sharing options...
sharal Posted October 28, 2010 Share Posted October 28, 2010 <?php function create_user($params) { db_connect_posts(); $query = sprintf("INSERT INTO users SET users.screen_name = '%s', users.user_email = '%s', users.user_pwd = '%s', users.image = '%s', created_at = NOW()" , mysql_real_escape_string($params['screen_name']), mysql_real_escape_string($params['user_email']), mysql_real_escape_string(md5($params['user_pwd'])), /* the md5 function wrapping around the password string hashes the password with the md5 algorithm. the string "hello world" will always produce the same hash value, hence you can compare the inserted hashed password when you log your users in by, hashing the password from the login formula before comparing with the password, that is already in the database */ mysql_real_escape_string($params['image']) ); $result = mysql_query($query); if(!$result) { return false; } else { return true; } } function login($username, $password) { db_connect_posts(); $query = sprintf("SELECT * FROM users WHERE user_email = '%s' AND user_pwd = '%s'" , mysql_real_escape_string($username), // hashing the password again before comparing. mysql_real_escape_string(md5($password)) ); $result = mysql_query($query); $number_of_posts = mysql_num_rows($result); if($number_of_posts == 0) { return false; } $row = mysql_fetch_array($result); $_SESSION['user'] = $row; return true; } ?> Link to comment https://forums.phpfreaks.com/topic/217117-md5-encryption-is-not-working/#findComment-1127713 Share on other sites More sharing options...
Andy-H Posted October 28, 2010 Share Posted October 28, 2010 I would like to add md5 encryption into the create and login functions but I'm having difficulties with the process. user.php - create user and login functions <?php function create_user($params) { db_connect_posts(); $query = sprintf("INSERT INTO users VALUES ( users.screen_name = '%s', users.user_email = '%s', users.user_pwd = '%s', users.image = '%s', created_at = NOW() )" , mysql_real_escape_string($params['screen_name']), mysql_real_escape_string($params['user_email']), md5($params['user_pwd']), // doesn't require escaping as md5 hashes to //alphanumeric chars mysql_real_escape_string($params['image']) ); // not sure if your insert syntax was correct??? $result = mysql_query($query); if(!$result) { return false; } else { return true; } } function login($username, $password) { db_connect_posts(); $query = sprintf("SELECT * FROM users WHERE user_email = '%s' AND user_pwd = '%s'" , mysql_real_escape_string($username), md5($password) //need to compare as md5 hashed too. ); $result = mysql_query($query); $number_of_posts = mysql_num_rows($result); if($number_of_posts == 0) { return false; } $row = mysql_fetch_array($result); /* mysql_fetch_row / mysql_fetch_assoc is faster as it only fetches one set of values, alternatively use MYSQL_NUM/MYSQL_ASSOC flags with fetch array */ $_SESSION['user'] = $row; return true; } ?> Register form: <form action="<?php echo '/'.APP_ROOT.'/'; ?>sessions/signup" method="post"> <fieldset> <legend>Register</legend> <div> <label>Screen Name</label> <input name="user[screen_name]" size="40" type="text" /> </div> <div> <label>E-mail</label> <input name="user[user_email]" size="40" type="text" /> </div> <div> <label>Password</label> <input name="user[user_pwd]" size="40" type="password" /> </div> <div> <label>Image</label> <input name="user[image]" size="40" type="text" /> </div> <input type="submit" name="Register" value="Register" /> </fieldset> </form> Login form: <form action="<?php echo '/'.APP_ROOT.'/'; ?>sessions/login_user" method="post"> <fieldset> <legend>Login</legend> <div> <label>E-mail</label> <input name="user[user_email]" size="40" type="text" /> </div> <div> <label>Password</label> <input name="user[user_pwd]" size="40" type="password" /> </div> <input type="submit" value="Login" /> </fieldset> </form> Link to comment https://forums.phpfreaks.com/topic/217117-md5-encryption-is-not-working/#findComment-1127720 Share on other sites More sharing options...
bytesize Posted October 28, 2010 Author Share Posted October 28, 2010 Thank you! It works with the escape removed. Are you saying the INSERT should use VALUES instead of SET? I'm using SET and it seems to work. Link to comment https://forums.phpfreaks.com/topic/217117-md5-encryption-is-not-working/#findComment-1127760 Share on other sites More sharing options...
Andy-H Posted October 28, 2010 Share Posted October 28, 2010 If it works leave it as is, I wasn't sure but it must be valid syntax. Link to comment https://forums.phpfreaks.com/topic/217117-md5-encryption-is-not-working/#findComment-1127768 Share on other sites More sharing options...
revraz Posted October 29, 2010 Share Posted October 29, 2010 Yes, you can use either, Values is just more common. Link to comment https://forums.phpfreaks.com/topic/217117-md5-encryption-is-not-working/#findComment-1127937 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.