nuttycoder Posted August 22, 2007 Share Posted August 22, 2007 Hi I have a login script and I can log in no problem but the passwords are not encrypted If I change the password to be encrypted using md5 like this: $password = md5($_POST['password']); Then I can no longer log in any idea whats wrong? The full login script if (isset($_POST['login'])) { $username = $_POST['username']; $password = md5($_POST['password']); // check if the user id and password combination exist in database $sql = "SELECT username, password FROM members WHERE username = '$username' AND password = '$password'"; $result = mysql_query($sql) or die('Query failed. ' . mysql_error()); if (mysql_num_rows($result) == 1) { // the user id and password match, // set the session session_register('username'); session_register('password'); } else { $errorMessage = 'Sorry, wrong user name or password'; } } Thanks Quote Link to comment Share on other sites More sharing options...
lightningstrike Posted August 22, 2007 Share Posted August 22, 2007 Umm are the passwords hashed in the database with md5? Quote Link to comment Share on other sites More sharing options...
nuttycoder Posted August 22, 2007 Author Share Posted August 22, 2007 no i though using the md5 in the script would encrypt it Quote Link to comment Share on other sites More sharing options...
akitchin Posted August 22, 2007 Share Posted August 22, 2007 you're encrypting the input, but unless the data is encrypted in the database, then your comparison will always come out false. you're comparing the encrypted version to the unencrypted version. Quote Link to comment Share on other sites More sharing options...
MadTechie Posted August 22, 2007 Share Posted August 22, 2007 if you have clear text passwords then first backup the database and then do this UPDATE members SET password = md5(password ); ONCE only run this once! or it will double encrypt Quote Link to comment Share on other sites More sharing options...
nuttycoder Posted August 22, 2007 Author Share Posted August 22, 2007 Ok I've updated the table and looked inside the database and passwords are now encrypted but am still unable to log in Quote Link to comment Share on other sites More sharing options...
MadTechie Posted August 22, 2007 Share Posted August 22, 2007 try this $password = md5($_POST['password']); echo $password; and compare to the database Oh bugger i just thought.... how is the password field setup ? it should be char(32) Quote Link to comment Share on other sites More sharing options...
nuttycoder Posted August 22, 2007 Author Share Posted August 22, 2007 its varchar(32) i'll try changing it to char Quote Link to comment Share on other sites More sharing options...
nuttycoder Posted August 22, 2007 Author Share Posted August 22, 2007 its strange I removed the members table and rebuilt it and had the password set to char but its been created using varchar does this make a diffrence with passwords? I can login now thanks very much I really din't want to have passwords that were not encrypted not good security Thanks Quote Link to comment Share on other sites More sharing options...
MadTechie Posted August 22, 2007 Share Posted August 22, 2007 Cool, but can you click topic solved Quote Link to comment Share on other sites More sharing options...
nuttycoder Posted August 22, 2007 Author Share Posted August 22, 2007 right sure thing Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.