md5 problem in login

amber.long83's Avatar, Join Date: Nov 2009
Go4Expert Member
Problem in my login script. In my script password in md5 hash in the registration. registration is successful and the password is in md5 form in the database table.
But whenever I try to login is not == with md5 password in the database.

Code
Code:
 
 <?php
 include 'dbconnect.php';
 
 if(!$_POST['submit'])
 {
 ?>
 
 <html>
 ...
 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
       <p>Username&nbsp;:</br>
       <input type="text" name="username" maxlength="20">
       </p>
       <p>Password&nbsp;:</br>
       <input type="password" name="password" maxlength="20">
       </p>
       <p>
       <input type="submit" name="submit" value="Submit">
       </p>
       </form>
 ...
 </html>
 <?php
 }
 else
 {
   $username = cleanString($_POST['username']);
   $password = cleanString($_POST['password']);
 
 if($username && $password)
 {
     $password = md5($password);
     $sql="SELECT id,username FROM `users` WHERE `username`='$username' AND `password`='$password'";
     $query=mysql_query($sql) or die(mysql_error());
 
     if(mysql_num_rows($query) > 0)
     {
           $row = mysql_fetch_assoc($query);
           $_SESSION['id'] = $row['id'];
           $_SESSION['username'] = $row['username'];
            
      
           echo "<script type=\"text/javascript\">window.location=\"members_area.php\"</script>";
     }
     else
    {
         echo "<script type=\"text/javascript\">
         alert(\"Your username or password is incorrect\");
         window.location=\"index.php\"</script>";
    }     
 }
 else
 {             
     echo "<script type=\"text/javascript\">
     alert(\"You need to input your username and password\");
     window.location=\"index.php\"</script>";
 }
 }
?>
Anyone can please help me for correct my problem

Thanks in Advnace

Last edited by shabbir; 7Dec2009 at 18:18.. Reason: Code blocks
pete_bisby's Avatar, Join Date: Nov 2007
Go4Expert Member
Has the password been encrypted using PHP or MySQL?

If MySQL is checking the validity of the password then let MySQL encrypt the password, not PHP. There may be subtle differences between PHP and MySQL regarding encryption.

Amend the SQL code so MySQL encrypts then checks the validity - just for consistency purposes:
PHP Code:
$sql "SELECT `id`, `username` FROM `users` WHERE `username`='$username' AND `password`=MD5($password)"
amber.long83's Avatar, Join Date: Nov 2009
Go4Expert Member
Quote:
Originally Posted by pete_bisby View Post
Has the password been encrypted using PHP or MySQL?

If MySQL is checking the validity of the password then let MySQL encrypt the password, not PHP. There may be subtle differences between PHP and MySQL regarding encryption.

Amend the SQL code so MySQL encrypts then checks the validity - just for consistency purposes:
PHP Code:
$sql "SELECT `id`, `username` FROM `users` WHERE `username`='$username' AND `password`=MD5($password)"
Thanks for help me