MD5

[Mr_J]

Hi all,

'Hope it is ok to post this here'

 

I have a simple login form and registration that connects to table on database.

everything worked and I decided to add md5 to my password to protect it a bit.

 

When I 'Register' the md5 password $_POST to table in DB stay the same. i.e. [username]John [password]123 (md5: 5f77gj8vg2903nj38)

and the same for

[username]Jill [password]abc (md5: 5f77gj8vg2903nj38)

 

Register.php  - Form

<form action="registrar.php" method="POST">
    <p><label>Username:</label> <input type="text" name="username" style="width:200px;" ></p>
    <p><label>Password:</label> <input type="password" name="password" style="width:200px;" ></p>
    <p><label>Email:</label>
<input type="text" name="email" style="width:200px;" ></p>
<p><input type="submit" value="Register" class="sub_but">
<input class="sub_but" type="reset" value="Reset" ></p>
</form>

 

registrar.php - Processor

 

<?php

 

$host="localhost";

$username="username";

$password="password";

$db_name="database";

$tbl_name="members";

 

// Connect to server and select databse.

mysql_connect("$host", "$username", "$password")or die("cannot connect");

mysql_select_db("$db_name")or die("cannot select DATABASE");

 

$wagwoord = md5("password"); //this is what I added

//Collect user information

$username = $_POST['username'];

$password = (md5($_POST['password']) == $wagwoord); //previous: $password = $_POST['password']

$email = $_POST['email'];

 

//Write to table the user information

mysql_query("INSERT INTO members (username, password, email) VALUES ('$username', '$wagwoord', '$email')") //previous $password

 

?>

<html>

  <head></head>

  <body>

  <p>Thank you. Your Registration was Successfull. Please <span class="red">login</span> below.</p>

  <iframe src="login.php"></iframe>

  </body>

  </html>

 

I have a problem to read/get value of the MD5 password as well. I basically used the same method.

 

Any help appreciated

 

[Mchl]

[edit]

Gah... too sleepy

 

$wagwoord = md5("password"); //this is what I added 

 

should be

 

$wagwoord = md5($_POST['password']); //this is what I added 

 

also make sure a field in database is able to store at least 32 characters (that's how long MD5 hashes are)

[Mr_J]

I changed it but now there is NO value for $password in DB...

wagwoord = md5($_POST['mypassword']);
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=(md5($_POST['mypassword']) == $wagwoord);
$myemail=$_POST['myemail'];

 

 

[Mchl]

Did I tell you to use $_POST['mypassword']? I guess not. The field in your form has name="password" so you need to use $_POST['password']

 

<?php
//connct to database...

$password = md5($_POST['password']);
$username = mysql_real_escape_string($_POST['username']);
$email= mysql_real_escape_string($_POST['email']);

mysql_query("INSERT INTO members (username, password, email) VALUES ('$username', '$password', '$email')");

[Mr_J]

Thanks,

I got confused where I use 'mypassword' in the Login.php form...

 

 

[Mchl]

No problem.

Take special attention to mysql_real_escape_string function. It's there to protect you against SQL injections. Learn how to use it, and use it.

[Mr_J]

Thank you.

Will do. ::Peace

I am still learning and only started a while ago with mysql...