Inmortal Posted December 23, 2007 Share Posted December 23, 2007 Tried to use md5 for encryption for a register/login system. Everything works fine in the register script but when trying to evaluate the password on the login page I don't get the same hash as before with the exact same 'password'. Tried sha1 also and got the same result??? Can this have something to do with the charset?? Including snippets from the code login validation script snippet: [pre]require('../include/connect_db.php'); $sql = 'SELECT uid, email, password FROM sc_users WHERE email = "' . $_POST[txtEmail] . '"'; $result = mysql_query($sql) or die ('Fel på SQL syntax'); $count = mysql_num_rows($result); if($count != 0) { // Email Registred, check password and set cookie. $rad = mysql_fetch_array($result); $hash_password = chop(md5($_POST[txtPassword])); echo $hash_password . '<br />'; echo $rad[password]; if($hash_password == $rad[password]) { //echo ('<br /> Lösenordet stämmer <br />'); } else { //echo ('lösenordet stämmer inte <br />'); }[/pre] The register script: [pre]$encrypted_password = chop(md5($_POST[txtPassword])); // Encrypt password[/pre] Quote Link to comment Share on other sites More sharing options...
shocker-z Posted December 23, 2007 Share Posted December 23, 2007 Do you actually get a different md5 password echo'd back? to the one that's in the database? Try changing if($count != 0) { to if($count !== 0) { Also when calling an array using the key name outside of double quotes use quotes e.g. $rad['password'] Try this require('../include/connect_db.php'); $sql = 'SELECT uid, email, password FROM sc_users WHERE email = "' . $_POST[txtEmail] . '"'; $result = mysql_query($sql) or die ('Fel på SQL syntax'); $count = mysql_num_rows($result); if($count !== 0) { // Email Registred, check password and set cookie. $rad = mysql_fetch_array($result); $hash_password = chop(md5($_POST['txtPassword'])); echo $hash_password . ' '; echo $rad[password]; if($hash_password == $rad['password']) { //echo (' Lösenordet stämmer '); } else { //echo ('lösenordet stämmer inte '); } Regards Liam Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted December 23, 2007 Share Posted December 23, 2007 md5 string has a make length so if you exceed it those extra characters should be ignored Quote Link to comment Share on other sites More sharing options...
corbin Posted December 23, 2007 Share Posted December 23, 2007 Can you tell us an example password and the two different hashes for it? (Just make a password like apple or something), and that might help in knowing what's going wrong. Quote Link to comment Share on other sites More sharing options...
Inmortal Posted December 23, 2007 Author Share Posted December 23, 2007 First of all, thanx for all quick responds...I made the exampel encryption as you said and this is the response... the word apple.. as rendered in the login script: d41d8cd98f00b204e9800998ecf8427e as rendered and stored int DB: 1f3870be274f6c49b3e31a0c6728957f the field in the db i varchar 50. As I've understood. the md5 hash has 32 in length. Can't figure one thing out tough...the meta data has charset utf-8...and changed to this in db...didn't help. maybe i missunderstand all that....pretty new at php and mysql. Quote Link to comment Share on other sites More sharing options...
shocker-z Posted December 23, 2007 Share Posted December 23, 2007 what if u just have a simple test page <?php echo md5($_POST['txtPassword']); ?> then refresh a couple of times, does this change? also exit the browser to start a new session and test. if that never changes then its a problem in the way you insert to your database.. your not md5'in the password then encrypting when inserting in the table are you? Regards Liam Quote Link to comment Share on other sites More sharing options...
corbin Posted December 23, 2007 Share Posted December 23, 2007 C:\Users\Corbin>php -r "echo md5('apple');" 1f3870be274f6c49b3e31a0c6728957f C:\Users\Corbin>php -r "echo md5('');" d41d8cd98f00b204e9800998ecf8427e C:\Users\Corbin> Just as a I suspected.... The value of the password entered isn't being passed to the md5 call in the script.... Can you show us your form? Quote Link to comment Share on other sites More sharing options...
Inmortal Posted December 23, 2007 Author Share Posted December 23, 2007 Thank you for your help... Kind of embarising error. Earlier changed the name of the Textfield but forgot to upload the the file. The return I got at the login script must have been null from the post variable that didn't exist, or something like that. Again, sorry for taking up your time... Quote Link to comment Share on other sites More sharing options...
shocker-z Posted December 23, 2007 Share Posted December 23, 2007 Haha, We all make mistakes, trust me, anyone that has programmed more than a month or so will have made atleast 1 silly mistake. It's how we learn Liam Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.