The14thGOD Posted January 31, 2007 Share Posted January 31, 2007 Hey, I am working on a change password form but I'm having a little problem.heres the query:[code]<?php $query = "UPDATE user SET password=MD5('$password') , signature='$signature' , "; $query .= "avatar='$file_dir' , status='$status' WHERE username='$username' ";[/code]The problem is that when put like that, the password is the encryption. So for example it would be "aa87d6boi71948anva" rather than if then the actual password.I think that is it because if I log out and come back in the password is not the password i typed. So I did an echo and got the encryption with MD5 and got the password w/o it.Anyone know how to update and store as a MD5 encryption?Thanks in advance. Quote Link to comment Share on other sites More sharing options...
marcus Posted January 31, 2007 Share Posted January 31, 2007 [code=php:0]$newpass = md5($password);//query[/code] Quote Link to comment Share on other sites More sharing options...
The14thGOD Posted January 31, 2007 Author Share Posted January 31, 2007 Thank you. It looks like I have another error /sigh.Heres the summary:I'm trying to detect if anything is entered in the password field, and if they match.1. If they dont match then send back saying so.2. If password is blank, set password to X.3. If password exists then newpassword is Y.heres the code[code]<?php $pass_query = "SELECT * FROM user WHERE id=$user_id "; $pass_result = mysql_query($pass_query); $pass_row = mysql_fetch_array($pass_result); if ($password != $confirm_password) { $error = 'pass'; header("Location: user_prefs.php?error=$error"); exit(0); } if ($password == "") { $newpassword = md5($pass_row[password]); } elseif ($password != "") { $newpassword = md5($password); }?>[/code]it is writing to the right row so that shouldn't be a problem..thanks again. Quote Link to comment Share on other sites More sharing options...
corbin Posted January 31, 2007 Share Posted January 31, 2007 Where is $password coming from? I think you need $password = $_POST[var] where var is the name of the form field... Quote Link to comment Share on other sites More sharing options...
The14thGOD Posted January 31, 2007 Author Share Posted January 31, 2007 i have import request variables, and its comming from a form Quote Link to comment Share on other sites More sharing options...
Hypnos Posted January 31, 2007 Share Posted January 31, 2007 If you have an error, you need to paste it, and paste the line that it's from.$newpassword = md5($pass_row[password]);This doesn't look right. Aren't your passwords stored as MD5? If so, you would be MD5'ing an MD5. Quote Link to comment Share on other sites More sharing options...
The14thGOD Posted January 31, 2007 Author Share Posted January 31, 2007 Ya I was thinking that myself. Is there a way to retrieve it w/o the md5? I tried it w/o the md5 but i think it failed..ill try again.. Quote Link to comment Share on other sites More sharing options...
The14thGOD Posted January 31, 2007 Author Share Posted January 31, 2007 Hmm.. it worked..but I'm almost positive that I tried it before..maybe I mistyped something..I know I fixed something along the lines.Thanks for the help =D Quote Link to comment Share on other sites More sharing options...
Sir William Posted January 31, 2007 Share Posted January 31, 2007 What wasn't really said was how you SHOULD be checking passwords. The most common way I've seen and used is to store the md5'd password hash in the database for the user. Then when they have to authenticate, you get their username/id and password. You then retrieve the hash from the DB then md5 the submitted password. If the retrieved hash and the hashed submission match, then you're authentic. If not, error/try again/whatever. That make sense? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.