scottybwoy Posted September 17, 2007 Share Posted September 17, 2007 I have a signup form that encrypts the password into md5 format, which then stores it in to the database. I then have a login section that translates the password into md5 to check against the stored version. However the one that is entered and posted via a password field, results in a different md5 hash, is this due to the nature of the password field or post, if so what is the best way to store an encrypted password and then compare it? Thanks in advance. Quote Link to comment https://forums.phpfreaks.com/topic/69648-solved-md5-and-post/ Share on other sites More sharing options...
rarebit Posted September 17, 2007 Share Posted September 17, 2007 I assume that the form use's a js md5 function and the main comparison is done by php's md5. I'd check the js version! Quote Link to comment https://forums.phpfreaks.com/topic/69648-solved-md5-and-post/#findComment-349951 Share on other sites More sharing options...
BlueSkyIS Posted September 17, 2007 Share Posted September 17, 2007 i use the md5 password without this issue. the fact that a form field is in use will not affect the value of the md5 created for the password text. Quote Link to comment https://forums.phpfreaks.com/topic/69648-solved-md5-and-post/#findComment-349953 Share on other sites More sharing options...
wildteen88 Posted September 17, 2007 Share Posted September 17, 2007 Shouldn't make a difference whether you use a password or a text input filed. Both get submitted as plain text. The password input field just hides the characters being typed. This has no affect on how it is submitted. Quote Link to comment https://forums.phpfreaks.com/topic/69648-solved-md5-and-post/#findComment-349955 Share on other sites More sharing options...
scottybwoy Posted September 17, 2007 Author Share Posted September 17, 2007 hmm, well no i'm not using a js md5 func, it's pure php. The php md5's the pass during signup and converts the one entered at login, however the one created at signup is 5f4dcc3b5aa765d61d8327deb882cf99 and when inserted at login returns d41d8cd98f00b204e9800998ecf8427e Any more suggestions? Quote Link to comment https://forums.phpfreaks.com/topic/69648-solved-md5-and-post/#findComment-350059 Share on other sites More sharing options...
GingerRobot Posted September 17, 2007 Share Posted September 17, 2007 Well that just doesn't make sense. Are you 100% sure you're entering the same password? Perhaps there's an extra character in one of them somewhere? The string 'password' generates your first hash - 5f4dcc3b5aa765d61d8327deb882cf99 - so the register appears to be working ok; perhaps there is an issue with your login script. Quote Link to comment https://forums.phpfreaks.com/topic/69648-solved-md5-and-post/#findComment-350065 Share on other sites More sharing options...
scottybwoy Posted September 17, 2007 Author Share Posted September 17, 2007 This is what is invoked when login is clicked: <?php $username = $_POST['username']; $password = $_POST['password']; $password = md5($password); Central::login($username, $password); ?> This is the login script: <?php function login($username, $password) { echo $password; $sql = "SELECT f_name FROM members WHERE email = '" . $username . "' AND password = '" . $password . "'"; if ($qry = mysql_query(mysql_real_escape_string($sql))) { $_SESSION['USERNAME'] = mysql_result($qry, 0); } else { trigger_error("You did not enter valid credentials, Please try again.", E_USER_WARNING); } } ?> The echo is just to tell me what it's looking for. Should be really simple. Can you see where it's going wrong? Quote Link to comment https://forums.phpfreaks.com/topic/69648-solved-md5-and-post/#findComment-350077 Share on other sites More sharing options...
GingerRobot Posted September 17, 2007 Share Posted September 17, 2007 Well, where do you apply the md5() function in your login script? Quote Link to comment https://forums.phpfreaks.com/topic/69648-solved-md5-and-post/#findComment-350080 Share on other sites More sharing options...
scottybwoy Posted September 17, 2007 Author Share Posted September 17, 2007 See $password = md5($password); in the first bit of code before its sent to the login script, it shouldn't matter where it is should it? Quote Link to comment https://forums.phpfreaks.com/topic/69648-solved-md5-and-post/#findComment-350088 Share on other sites More sharing options...
rarebit Posted September 17, 2007 Share Posted September 17, 2007 What about when you create the form input, does the value have a space in it e.g. ' ', if it does you'd need to use trim()... dunno Quote Link to comment https://forums.phpfreaks.com/topic/69648-solved-md5-and-post/#findComment-350132 Share on other sites More sharing options...
scottybwoy Posted September 17, 2007 Author Share Posted September 17, 2007 tried trim already no joy, does anyone have a working script that may be a bit better, they wouldn't mind posting me. The strange thing is it's the same php engine working on the script and it's the same browser posting the data, has me baffled. Quote Link to comment https://forums.phpfreaks.com/topic/69648-solved-md5-and-post/#findComment-350142 Share on other sites More sharing options...
rarebit Posted September 17, 2007 Share Posted September 17, 2007 I just tried this... $p = $_POST['nowt']; $sum = md5($p); echo $sum; Obviously the form element 'nowt' doesn't exist, but it gave the following sum: d41d8cd98f00b204e9800998ecf8427e Look similar? Look for a spelling mistake in your form! lol don't you just love the manytrix... Quote Link to comment https://forums.phpfreaks.com/topic/69648-solved-md5-and-post/#findComment-350155 Share on other sites More sharing options...
scottybwoy Posted September 17, 2007 Author Share Posted September 17, 2007 LOL!!!! How silly I have been, I didn't even have a name for the input field! Thanks for all your time over my schoolboy error! lol Quote Link to comment https://forums.phpfreaks.com/topic/69648-solved-md5-and-post/#findComment-350181 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.