Jump to content

User log in

Darnel

By Darnel
in PHP Coding Help

 Share

Recommended Posts

Darnel Newbie

Darnel

Posted
Posted

Hi, I'm having some problems with this code. I have a password reset utility code which works and encrypts the password with md5 by using the password recovery page.

But in order for a user with a reset password to login I have to use this code in my page.

 $username = addslashes($_POST['username']);
   $salt = 'random_stuff_15545';
       $password = md5($_POST['password'].$salt);

 

But when I have this code above the users that have NOT reset their passwords can NOT log in.

 

So for these users who have not reset their password i use this code[but with this code the users that reset their pass cannot log in]:

 $username = addslashes($_POST['username']);
       $password = md5($_POST['password']);

 

How can I allow both types of users to log in? Cheers

 

Link to comment
Share on other sites
Darnel Newbie

Darnel

Posted
  • Author
Posted

If I understand right all the passwords are salt'ed in my database. The problem is when a user resets their password they can no longer log if there is no $salt. And if I do have $salt then the normal users can't log in.  :shrug:

 

sorry i'm new at this

Link to comment
Share on other sites
mikesta707 Member

mikesta707

Posted
Posted

Well the first thing you need to do is check to see if all passwords are indeed salted before you add them into your database. I would check your registration script to find this out.

 

If they are (and I suspect they are not, or at least they use a different salt) than your login script with the salt should work, theoretically.

Link to comment
Share on other sites
Darnel Newbie

Darnel

Posted
  • Author
Posted

Ah I found the problem since for some reason I have two registration forms and in one the $salt was missing so now I have a database with some salted and some not salted passwords. Is there a way to update all my password fields in mysql?

Link to comment
Share on other sites
mikesta707 Member

mikesta707

Posted
Posted

Not really. Since you used a Hash there is no way to take the hashed string and return it to its original string, so unless you know all the passwords to all the accounts, and can go through each 1 by 1, comparing the hashed password to the hash you have in the table, I don't really see a way of rectifying the situation, short of clearing the database and starting over. Is your website in production? Or are you just testing it? If its in production, and the usernames and passwords are from actual users, I guess you learned the lesson to always fully test your features before you unveil them to the public

Link to comment
Share on other sites
Darnel Newbie

Darnel

Posted
  • Author
Posted

Not really. Since you used a Hash there is no way to take the hashed string and return it to its original string, so unless you know all the passwords to all the accounts, and can go through each 1 by 1, comparing the hashed password to the hash you have in the table, I don't really see a way of rectifying the situation, short of clearing the database and starting over. Is your website in production? Or are you just testing it? If its in production, and the usernames and passwords are from actual users, I guess you learned the lesson to always fully test your features before you unveil them to the public

 

Yes the website is live I bought it from someone else...

 

I updated everything so all new users will be alright. As for the old users they will not be able to log in until they reset their password using the forgot password  link. I guess I got F*****  :shrug: .

Lesson learned and experience gained in the process. Thanks for your help clearing this mess I really appreciate it.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.