AbydosGater Posted November 23, 2006 Share Posted November 23, 2006 Hey i tryed to add md5ing passwords to my script.. And its gone wrong somewhere along the way..First before i edited any code i ran a quick echo md5(mypass) in another script so i could find out the md5 value of my password was, and from there i copyed and pasted it to my database, and im sure i got it all! so my new password is encrypted...The main body of my login code is..[code]<?php$formaction = $_SERVER['PHP_SELF'];$loginform = "<form action=$formaction method=post name=loginform>Username:<br><input type=text name=username size=20 class=field1><br>Password:<br><input type=password name=password size=20 class=field1><br><br><input type=submit value=login class=button1 name=login><br><br><a href=register.php>Click Here To Register</a></form>";if (!$_SESSION['user'] && !$_POST['login']){ // No session + No Form Login... Display the form...echo $loginform;} elseif ($_POST['username']){ //if the form has been submitted... The ifs + elses between this and next comment arnt that important just checking if the login details are correct...$username = $_POST['username'];$password = $_POST['password'];$password = md5($password); //HERE//--- $result = mysql_query("SELECT * FROM sf_users WHERE username='$username'") or die(mysql_error()); $user = mysql_fetch_array( $result );if ($user['member_id'] == ""){echo "<font color=\"#FF0000\"><b>Unknown username, please try again</b></font>";echo $loginform;} else {$dbusername = $user['username'];$dbpassword = $user['password'];if ($username == $dbusername && $password == $dbpassword){ session_register("user"); $result = mysql_query("SELECT * FROM sf_users WHERE username='$username'") or die(mysql_error()); $_SESSION['user'] = mysql_fetch_array($result); $uname = $_SESSION['user']['username']; echo "$uname.. Signing in"; echo $_SESSION['user']['username'] . "You have logged in...Please wait"; echo "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=members.php\">";} else if ($username == $dbusername && $password != $dbpassword){ //HEREecho "<font color=\"#FF0000\"><b>Your Password is incorrect</b>...$password</font>";echo $loginform;} else {echo "<font color=\"#FF0000\"><b>Unknown System Error!<br> Please ensure your Cases are correct!</b></font>";}};?>[/code]Please dont mind all of it, i know its long.. The main bits are after the two //HERES...I added in the md5 on the first HEREjust to md5 what the user entered to match it up to whats in the database from when they register...And when i log in with the right password.. It is comming up as incorrect password.. and as you can see it echos the entered password just after displaying that error, and i have matched that up to the database password and its correct, so why didnt the second HERE, why didnt the two passwords match??I also tried commenting out the line that md5s the entered password and just entered the exact value from the database, it worked fine, so the error is on that first //HERE, so where did i go wrong?Can anyone help?Please?Thanks! Link to comment https://forums.phpfreaks.com/topic/28254-added-md5-to-login-script-gone-wrong-no-reason/ Share on other sites More sharing options...
Psycho Posted November 23, 2006 Share Posted November 23, 2006 You stated that you ran a quick script to find out the MD5 value of your password previously. Is it not possible that the MD5 value that you have in your database is not correct? Perhaps one of the values you are converting to MD5 has a whitespace character that you did not strip off.Try this. Before the first "HERE" add this line:[b]echo "Entered password: [".$password."]<br>";[/b]After the "HERE" line enter this[b]echo "MD5 Entered password: [".$password."]<br>";[/b]Then on the line just before where you check the username and password against the db values add this:[/b]echo "DB Password: [".$dbpassword."]<br>";[/b]See if the values are what you expect. By the way, checking the entered username against the username from the query result is not necessary since your query only pulled the record(s) that matched the username in the first place. Link to comment https://forums.phpfreaks.com/topic/28254-added-md5-to-login-script-gone-wrong-no-reason/#findComment-129226 Share on other sites More sharing options...
AbydosGater Posted November 23, 2006 Author Share Posted November 23, 2006 Ohh thanks, did this and noticed i had a limit of charsin the password field to 30, when my pass was longer..All fixed.. Thanks Link to comment https://forums.phpfreaks.com/topic/28254-added-md5-to-login-script-gone-wrong-no-reason/#findComment-129235 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.