1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

md5 problem in login

Discussion in 'PHP' started by amber.long83, Dec 7, 2009.

  1. amber.long83

    amber.long83 New Member

    Joined:
    Nov 3, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    0
    Home Page:
    Problem in my login script. In my script password in md5 hash in the registration. registration is successful and the password is in md5 form in the database table.
    But whenever I try to login is not == with md5 password in the database.

    Code
    Code:
     
     <?php
     include 'dbconnect.php';
     
     if(!$_POST['submit'])
     {
     ?>
     
     <html>
     ...
     <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
           <p>Username&nbsp;:</br>
           <input type="text" name="username" maxlength="20">
           </p>
           <p>Password&nbsp;:</br>
           <input type="password" name="password" maxlength="20">
           </p>
           <p>
           <input type="submit" name="submit" value="Submit">
           </p>
           </form>
     ...
     </html>
     <?php
     }
     else
     {
       $username = cleanString($_POST['username']);
       $password = cleanString($_POST['password']);
     
     if($username && $password)
     {
         $password = md5($password);
         $sql="SELECT id,username FROM `users` WHERE `username`='$username' AND `password`='$password'";
         $query=mysql_query($sql) or die(mysql_error());
     
         if(mysql_num_rows($query) > 0)
         {
               $row = mysql_fetch_assoc($query);
               $_SESSION['id'] = $row['id'];
               $_SESSION['username'] = $row['username'];
                
          
               echo "<script type=\"text/javascript\">window.location=\"members_area.php\"</script>";
         }
         else
        {
             echo "<script type=\"text/javascript\">
             alert(\"Your username or password is incorrect\");
             window.location=\"index.php\"</script>";
        }     
     }
     else
     {             
         echo "<script type=\"text/javascript\">
         alert(\"You need to input your username and password\");
         window.location=\"index.php\"</script>";
     }
     }
    ?> 
    Anyone can please help me for correct my problem

    Thanks in Advnace
     
    Last edited by a moderator: Dec 7, 2009
  2. pete_bisby

    pete_bisby New Member

    Joined:
    Nov 11, 2007
    Messages:
    48
    Likes Received:
    2
    Trophy Points:
    0
    Occupation:
    Software Developer/Analyst, PB
    Location:
    Manchester, England
    Home Page:
    Has the password been encrypted using PHP or MySQL?

    If MySQL is checking the validity of the password then let MySQL encrypt the password, not PHP. There may be subtle differences between PHP and MySQL regarding encryption.

    Amend the SQL code so MySQL encrypts then checks the validity - just for consistency purposes:
    PHP:
    $sql "SELECT `id`, `username` FROM `users` WHERE `username`='$username' AND `password`=MD5($password)";
     
  3. amber.long83

    amber.long83 New Member

    Joined:
    Nov 3, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    0
    Home Page:
    Thanks for help me
     

Share This Page