Jump to content

LOGIN problem - md5 password possibly?

OilSheikh

By OilSheikh
in PHP Coding Help

 Share

Recommended Posts

OilSheikh Member

OilSheikh

Posted
Posted

Hi guys,

 

Here's my code for a LOGIN page. Now, thing is PHP correctly encrypts my password in md5 and stores in database together with the username and all other registration details. But, when I go to the Login screen and try to enter the password, it keeps on telling me that password is incorrect ! WOOT?!

 

Please help me out guys. This is very urgent  :'(

 

Here's my code:

 

<!-- PROPERTY OF W04087073  -->

<html>

<head>
<title>Login to your Account or Register for a new Account</title>
<link rel="stylesheet" href="styler.css">
</head>

<body>

<?php include("menu.php"); 

  include("SQL.php"); 
  
#########	CHECKS THAT FIELDS ARE NOT EMPTY	##########

if (isset($_POST ['submit']))
{
	if (!$_POST ['username'] | !$_POST ['pass'])
	{
		die ('<br><br><br><font face="Verdana" size="4" color = red>ERROR: Please make sure that all Information is provided.</font> <br><br> <input type="button" value="  Retry  " onClick="history.go(-1)"> ');
	}


#########	CHECKS IF username EVEN EXISTS !	##########

$check = mysql_query("SELECT * FROM customer WHERE username = '".$_POST['username']."' ")
or die(mysql_error());
$check2 = mysql_num_rows($check);

if ($check2 == 0)
{
    	 die ('<br><br><br><font face="Verdana" size="4" color = red>ERROR : The Username you have entered does not exist. <br><br>If you are a New User, please <a href = "register.php"><u>Register</u></a> first. </font> <br><br> <input type="button" value="  Retry  " onClick="history.go(-1)">');
}

while ($check3 = mysql_fetch_array($check))
{
$_POST['pass'] = md5($_POST['pass']);

if ($_POST['pass'] != $check3['password'])
{
	die ('<br><br><br><font face="Verdana" size="4" color = red>ERROR : The Password does not match the existing one for the Username. <br><br>If you are a New User, please <a href = "register.php"><u>Register</u></a> first. </font> <br><br> <input type="button" value="  Retry  " onClick="history.go(-1)">');
}

else
{
header ("Location: acc.php");
}

}



	}
else
{
?>


<br><br><br>
<h2>Please Log in to view Your Account<br><br></h2>
<h3>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

<table border="0" width="101%" cellspacing="1" id="table1" bordercolorlight="#0066FF" height="75">
<tr>
	<td width="106" height="48">Username</td>
	<td height="48" width="259"> <input type = "text" name = "username" size="34" maxlength ="7" style = "color:blue"></td>
	<td height="48" width="32"> </td>
	<td height="95" rowspan="2">Are you a New User ? Please Register.</td>
</tr>
<tr>
	<td width="106" height="47">Password</td>
	<td height="47" width="259"> <input type = "text" name = "pass" size="34" maxlength = "7" style = "color:blue"></td>
	<td height="47" width="32"> </td>
</tr>
<tr>
	<td width="106"> </td>
	<td width="259"> </td>
	<td width="32"> </td>
	<td> </td>
</tr>
<tr>
	<td width="106"> </td>
	<td width="259">
	<p align="center">
	<input type = "submit" name = "submit" value = "" style="background : url(login1.jpg);	width:107px; height:25px; ">
	</td>
	<td width="32"> 
	</td>
	<td>
	<a href="register.php">
	<img border="0" src="login2reg.jpg" width="101" height="20"></a></td>
</tr>
<tr>
	<td width="106"> </td>
	<td width="259"> 
	</td>
	<td width="32"> 
	</td>
	<td> 
	</td>
</tr>
<tr>
	<td width="365" colspan="2"><font size="2">Forgotten your Password?  
	<span style="background-color: #FFFFFF">
	<a href="recover.php">Recover your password</a>.</span></font></td>
	<td width="32"> 
	</td>
	<td> 
	</td>
</tr>
</table>
</form>
</h3>



<?php include("base.php"); ?>



</body>

</html>

<?php
}
?>

Link to comment
https://forums.phpfreaks.com/topic/46951-login-problem-md5-password-possibly/
Share on other sites
Glyde Newbie

Glyde

Posted
Posted

What is the error message printed because I see a few problems with this script.

 

1) It's very unsafe seeing that any user can just go to "acc.php" and nothing would stop them.  Use sessions or cookies to identify the user.

2) Whenever you want to make an OR statement, use ||, not |.  They are different.

3) If you are going to modify $_POST data, usually it's not smart to set the modified data to a $_POST key, in case you want to access the raw data later.

 

Fix these things up, and also, ensure that the registration script is working correctly (make sure that the MD5'd password is stored in the database).

 

It might be useful to see the registration.

jakebur01 Advanced Member

jakebur01

Posted
Posted

The PHP MD5() function does not encrypt a string in the same way as the standard *nix MD5SUM function.

 

If you want to access an encrypted string in a  MySQL database from different programs in *nix, and also from PHP, use the MySQL MD5() function, as in:

 

UPDATE users SET pwd=md5('mypass') WHERE user='myuser';

 

This will generate the same encrypted string as in PHP md5('mypass').

Glyde Newbie

Glyde

Posted
Posted

The PHP MD5() function does not encrypt a string in the same way as the standard *nix MD5SUM function.

 

If you want to access an encrypted string in a  MySQL database from different programs in *nix, and also from PHP, use the MySQL MD5() function, as in:

 

UPDATE users SET pwd=md5('mypass') WHERE user='myuser';

 

This will generate the same encrypted string as in PHP md5('mypass').

He's using md5() from PHP to generate his passwords during registration as well I would assume.  Most systems do rely on PHP do to the md5() conversions, though I guess MySQL can do them just as easily.

OilSheikh Member

OilSheikh

Posted
  • Author
Posted

Thanks for the replies, guys.

 

Glyde, here is the Registration PHP Code , as requested.

 


<!-- PROPERTY OF W04087073  -->


<html>

<head>
<title>Please Log in to view Your Account</title>
<link rel="stylesheet" href="styler.css">
</head>


<body>

<?php

include("SQL.php"); 

#########	CHECKS THAT FIELDS ARE NOT EMPTY	##########

if (isset($_POST ['submit']))
{
	if (!$_POST ['fname'] | !$_POST ['sname'] | !$_POST ['address'] | !$_POST ['postcode'] | 			         !$_POST ['email'] | !$_POST ['username'] | !$_POST ['pass'] | !$_POST ['confpass'] )
	{
		die ('<font face="Verdana" size="4" color = red>ERROR: Please make sure that all Information is provided.</font> <br><br> <input type="button" value="  Retry  " onClick="history.go(-1)"> ');
	}


#########	CHECKS THAT TYPED AND CONFIRMED PASSWORDS MATCH	##########

if($_POST['pass'] != $_POST['confpass'])
{
	die ('<font face="Verdana" size="4" color = red>ERROR : The Passwords did not match. Please confirm the password entered.</font> <br><br> <input type="button" value="  Retry  " onClick="history.go(-1)"> ');
}

#########	CHECKS THAT Username is at least 4 characters	##########
function checkusername ($uname)
{
if (strlen($uname) < 4)
{
    	 die ('<font face="Verdana" size="4" color = red>ERROR : Username should be at least 4 characters </font> <br><br> <input type="button" value="  Retry  " onClick="history.go(-1)"> ');

} 	
return $uname;

}

  if (isset($_POST['username'])) 
  {
    checkusername($_POST['username']);
  }

#########	CHECKS THAT  Password is at least 4 characters	##########

function checkpass ($passw)
{
if (strlen($passw) < 4)
{
    	 die ('<font face="Verdana" size="4" color = red>ERROR : Password should be at least 4 characters </font> <br><br> <input type="button" value="  Retry  " onClick="history.go(-1)"> ');

} 	
return $passw;

}

  if (isset($_POST['pass'])) 
  {
    checkpass($_POST['pass']);
  }

#########	CHECKS IF username ALREADY EXISTS	##########
$checkuname = $_POST['username'];
$check = mysql_query("SELECT username FROM customer WHERE username = '$checkuname'")
or die(mysql_error());
$check2 = mysql_num_rows($check);

if ($check2 !=0)
{
    	 die ('<font face="Verdana" size="4" color = red>ERROR : Sorry, the username <u>'.$_POST['username'].'</u> is not available. Please try a different username. </font> <br><br> <input type="button" value="  Retry  " onClick="history.go(-1)"> ');

}

#########	ENCRYPT PASSWORD	##########

$_POST['pass'] = md5($_POST['pass']);

#########	ADD THE USER TO THE DATABASE	##########

$add = "INSERT INTO customer (username, password, Firstname, Surname, address, postcode, email) VALUES ('".$_POST['username']."','".$_POST['pass']."', '".$_POST['fname']."', '".$_POST['sname']."', '".$_POST['address']."', '".$_POST['postcode']."', '".$_POST['email']."' ) " ;
$adduser = mysql_query($add);  

?>

<h2> Registration Successful </h2>
<br><br>
<h3>You have successfully completed Registration. You may now Login..</h3>
<br>
<form method = "post" action = "login.php">
<input type="submit" value="LOGIN">
</form>

<?php
}
else
{
?>


<h2>Registration for New Users<br></h2>
<table border="0" width="101%" cellspacing="1" id="table2" bordercolorlight="#0066FF" height="33">
<tr>
	<td width="365"><font size="2" ><h3>
	<font color="#990033">You Must Supply all 
	Information requested in this Form.</font></h3></font></td>
</tr>
</table>


<h3>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0" width="101%" cellspacing="0" id="table1" bordercolorlight="#0066FF" height="482" cellpadding="0">
<tr>
	<td width="254" height="48" bgcolor="#DDDDDD">First Name</td>
	<td height="48" width="508" bgcolor="#DDDDDD"><input type = "text" name = "fname" size="34" maxlength ="25" style = "color:blue"></td>
</tr>
<tr>
	<td width="254" height="47" bgcolor="#DDDDDD">Surname</td>
	<td height="47" width="508" bgcolor="#DDDDDD"><input type = "text" name = "sname" size="34" maxlength = "25" style = "color:blue"></td>
</tr>
<tr>
	<td width="254" bgcolor="#DDDDDD" height="108">Address</td>
	<td width="508" bgcolor="#DDDDDD" height="108">
	<textarea cols = "29" rows = "6" name = "address" style = "color:blue"></textarea></td>
</tr>
<tr>
	<td width="254" bgcolor="#DDDDDD" height="44">Post Code</td>
	<td width="508" bgcolor="#DDDDDD" height="44">
	<input type = "text" name = "postcode" size="18" maxlength = "9" value = "AA00 0AA" style = "color:blue">
	</td>
</tr>
<tr>
	<td width="254"> </td>
	<td width="508"> 
	</td>
</tr>
<tr>
	<td width="254" bgcolor="#DDDDDD">E-mail Address</td>
	<td width="508" bgcolor="#DDDDDD">
	<input type = "text" name = "email" size="34" maxlength ="50" value = "[email protected]" style = "color:blue"></td>
</tr>
<tr>
	<td width="254"> </td>
	<td width="508"> 
	</td>
</tr>
<tr>
	<td width="254" bgcolor="#DDDDDD">Choose a Username</td>
	<td width="508" bgcolor="#DDDDDD">
	<input type = "text" name = "username" size="34" maxlength ="7" style = "color:blue" 
	> <font size="2" color="#990033"> 
	( Between 4 -7 Characters ) </font>

	</td>


</tr>
<tr>
	<td width="254" bgcolor="#DDDDDD" height="29">Choose a Password</td>
	<td width="508" bgcolor="#DDDDDD" height="29">
	<input type = "password" name = "pass" size="34" maxlength ="7" value = "1234" style = "color:blue">  
	<font size="2" color="#990033">( Between 4 -7 Characters )</font></td>
</tr>
<tr>
	<td width="254" bgcolor="#DDDDDD" height="35"><i>Confirm Password</i></td>
	<td width="508" bgcolor="#DDDDDD" height="35">
	<input type = "password" name = "confpass" size="34" maxlength ="7" value = "1234" style = "color:blue"> </td>
</tr>
<tr>
	<td width="254" bgcolor="#FFFFFF" height="19"> </td>
	<td width="508" bgcolor="#FFFFFF" height="19"> 
	</td>
</tr>
<tr>
	<td width="254" bgcolor="#FFFFFF"> </td>
	<td width="508" bgcolor="#FFFFFF">

	<input type = "submit" name = "submit" value = "" style="background : url(register.jpg);width:155px; height:35px; ">

</tr>
</table>

</form>
<font size="2"><br><br>Your Details will STRICTLY NOT be shared by us with any other 
Party and are governed by the Data Protection Act 2000.<br>Your E-mail Address 
will ONLY be used to correspond with you regarding your Order.</font><br>



</body>

</html>

<?php
}
?>

 

 

And, the MD5'd password IS stored in the database. - http://www.freewebs.com/zahidworld/md5.jpg

Glyde Newbie

Glyde

Posted
Posted

That is not at all an md5 encryption.  md5 produces a 32 byte string, meaning it will have 32 characters.  The entry in the database looks like it has 7.  Check the data type of the password column and make sure it can accept 32 characters.

 

The data type should be at least VARCHAR(32)

OilSheikh Member

OilSheikh

Posted
  • Author
Posted

Ooooooh, I see. I didn't know that md5 was 32 bytes. My bad. No wonder the MD5'ed passwords looked longer on some PHP Tutorial sites.

 

 

You know what? I tried changing Field size to 32 and it now works!  :o

 

Thanks a lot Glyde.  :D

 

Now... lemme go and do the Session part.  8)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.