[SOLVED] Password md5

[Kemik]

Hello,

 

I've made a registration script that md5's the password when inserting to the database. The login script also md5's the password field so it can see if there is a match.

 

A few hours ago I login fine, but I since changed the table name (checked and yes, all references to the old table has been changed) and edited the register/login files slightly. The only thing is, I cannot remember what I edited.

 

I've searched, gone through the files over and over but the login form won't let me login. I've used echo statements to output the passed variables and found the password the form is giving me (in md5 format) is different to the one in the database. I'm 100% certain it's the same text I'm entering as I've created another two accounts and tried it.

 

Does anyone have any idea why the md5's might be different? I'm going insane trying to look for where I went wrong but I cannot see anything.

 

Let me know if you want me to upload the files.

[hostfreak]

It would definitely help if you showed us some files. Are you getting any errors?

[teng84]

yahhhh show a bit of this code

 

[Kemik]

Login function

 

<?php

function login()
{
	//$this->rapyd->auth->trylogin_bycookie(); 
	if (is_logged()){

		redirect("user/imloggedinalready");
	  
	} else {

		$this->rapyd->load('dataform');
		$this->load->library('encrypt');

      		$form = new DataForm("user/login/process");
      
      		$form->nick = new inputField("Username", "user_");
      		$form->nick->rule = "required";
      
     		$form->pass = new passwordField("Password", "pass_");
      		$form->pass->rule = "required";
      
      		$form->submit("btn_submit", "login");  

      		$form->build_form(); 
      		$data["form"] = $form->output;

		if ($form->on_show() || $form->on_error()){
			// hmm...
		}

		if ($form->on_success()){

			//is a valid user						
			$valid_user = $this->rapyd->auth->trylogin(
			$this->input->post("user_"),
			$this->input->post("pass_"));

			if ($valid_user){
				redirect('user');
			} else {
				$form->error_string = "Wrong username or password";
			}

			$form->build_form(); 
      			$data["form"] = $form->output;
			  
		}

		$this->load->view('login_view', $data);	
	}	
}
?>

 

Part of the trylogin() function. (Return is always FALSE when the username and password don't match. I can confirm it's a password problem as I tried commenting out the password bit of the which and got a TRUE)

 

<?php
function trylogin($username, $password, $cookie = true, $max_role=1)
  {
    $this->init();

    // Check details in DB
    $this->db->where($this->field_username, $username);
    $password_hash = ($this->password_encrypted)? $this->ci->encrypt->hash($password, 'md5'): $password;
    $this->db->where("password", $password_hash);
    $this->db->where("active", "y");
    $query = $this->db->get("users", 1);
  
    // If user/pass is OK then should return 1 row containing username,fullname
    $return = $query->num_rows();
    $row = $query->row();
?>

 

I don't get errors as it's only passing back a true or false if the query comes back with any rows found.

Btw, my tabs are better than this. Honest.. it's just the copy and paste that sucks

[Kemik]

I've been testing some passwords by echoing md5();

 

The register script, and login form give:

dd2f43e7d0f14dcc7d679344d65f (with a few on the end)

 

The $password_hash in trylogin() gives:

f5a904a606881710e86bec998112369ecbb (with a few on the end).

 

This is weird :S

 

Edit: Solved. The login function uses a hash, not md5. I removed the md5 on the password and the script automatically hashed the password. A benefit of the passwordField apparently.

 

Thanks guys.