Help with md5

[mat3000000]

This code was working until I tried to protect it with md5, What am I doing wrong? Do I need to change my DB table or is it the php?

 

<?php  
session_start();

if (isset($_SESSION['rest']) || isset($_SESSION['chef'])){header('Location: index.php');}

$username = $_POST['username'];
$password = $_POST['password'];

$errors = array();

if($username == 'User Name' || $username == ''){
  $errors[] = 'Please enter a valid username';
}

if($password == 'Password' || $password == ''){
  $errors[] = 'Please enter a valid password';
}

$link = mysql_connect("*****","****","*******") or die ("Could not connect!");
mysql_select_db("*****");


$query = "SELECT * FROM `users` WHERE `username`='$username' AND `password`='".md5($_POST['password'])."'";


$result = mysql_query($query);


$numrows = mysql_num_rows($result);


if ($numrows!=1){
$errors[] = 'Username or Password Incorrect';
} else{



$row = mysql_fetch_array($result);
$type = $row['type'];

if ($type=="0") {
$_SESSION['chef'] = $username;
header("Location: chefpanel.php");
}else{
$_SESSION['rest'] = $username;
header("Location: restpanel.php");
}}
?>

[Pikachu2000]

Is the password stored in the database as an md5() hash, or is it stored in plain text?

[gizmola]

md5() simply takes a string and runs the md5 hash algorithm on it, turning it into a hash value.  It's also what is called a 1-way hash, in that it is not like encrypt/decrypt where the value can be unencrypted. 

 

If you stored md5() version of the passwords when the accounts were created, then you can expect that this query might work.  If not, then these will never match.  The password column would need to be a 32 character string for this to work.

[jcbones]

Check your table structure to make sure the column will hold a md5 hash.

 

The password column would need to be a 32 character string

[mat3000000]

Had set the limit of pass field to 30 chars! oops!

Thanks For all the help guys!