edd12345678 Posted November 11, 2011 Share Posted November 11, 2011 Hi Guys, I wonder If I can call on this forums help once again. I am trying to add salt to my md5 password hash. However I think I am getting the syntax slightly wrong as it is not working properly. It works in the fact that when someone logs in and they have a 1 next to the member type it will direct them to the teachers page . However if no values are entered into the log in form and someone clicks log in it will still direct them to the students page when I thought it would direct them to log in failed. The code for the log in form is: //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); $salt = "salt"; $EncryptedPassword=md5($password, $salt); //Create query $qry="SELECT * FROM users WHERE username='$login' AND password='$EncryptedPassword'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['id']; $_SESSION['SESS_FIRST_NAME'] = $member['FirstName']; $_SESSION['SESS_LAST_NAME'] = $member['LastName']; $_SESSION['SESS_LAST_NAME'] = $member['Member_Type']; session_write_close(); } //if the member has an id equal to 0 send them to the member page if($member['Member_Type'] == 0){ header("Location: Student-Page.php"); //if the member has an id equal to 1 send them to the admin page } elseif($member['Member_Type'] == 1){ header("Location: Teachers-Page.php"); } // regardless of the outcome, we need to exit, so it can be done once after both checks exit(); } else { //Login failed header("location: login-failed.php"); exit(); } In case you need it the code for the registration form where the password is originally salted upon creation is: <?php //Start session session_start(); //Include database connection details require_once('config.php'); //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER ,DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $username = clean($_POST['username']); $FirstName = clean($_POST['FirstName']); $LastName = clean($_POST['LastName']); $Member_Type = clean($_POST['Member_Type']); $password = clean($_POST['password']); $Cpassword = clean($_POST['Cpassword']); $salt = "salt"; $EncryptedPassword = md5($password,$salt); //Check for duplicate login ID if($username != '') { $qry = "SELECT * FROM users WHERE username='$username'"; $result = mysql_query($qry); if($result) { if(mysql_num_rows($result) > 0) { } @mysql_free_result($result); } else { //die("query failed"); } } //Create INSERT query $qry = "INSERT INTO users(username, password, FirstName, LastName, Member_Type) VALUES('$username','$EncryptedPassword','$FirstName','$LastName','$Member_Type')"; $result = @mysql_query($qry); //Check whether the query was successful or not if($result) { header("location: register-success.php"); exit(); }else { die("Query Failed"); } ?> If someone could take a look and point me in the right direction. Also if there are any other mistakes let me know I would be very grateful. Thanks in advance. Edd Link to comment https://forums.phpfreaks.com/topic/250925-problem-when-adding-salt-to-md5-hash/ Share on other sites More sharing options...
edd12345678 Posted November 11, 2011 Author Share Posted November 11, 2011 Apologies, I have now resolved this issue. myself. Thanks anyone who was looking into it. Link to comment https://forums.phpfreaks.com/topic/250925-problem-when-adding-salt-to-md5-hash/#findComment-1287303 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.