Go4Expert

Go4Expert (http://www.go4expert.com/)
-   PHP (http://www.go4expert.com/forums/php/)
-   -   md5 problem in login (http://www.go4expert.com/forums/md5-login-t20300/)

amber.long83 7Dec2009 16:05

md5 problem in login
 
Problem in my login script. In my script password in md5 hash in the registration. registration is successful and the password is in md5 form in the database table.
But whenever I try to login is not == with md5 password in the database.

Code
Code:


 <?php
 include 'dbconnect.php';
 
 if(!$_POST['submit'])
 {
 ?>
 
 <html>
 ...
 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
      <p>Username&nbsp;:</br>
      <input type="text" name="username" maxlength="20">
      </p>
      <p>Password&nbsp;:</br>
      <input type="password" name="password" maxlength="20">
      </p>
      <p>
      <input type="submit" name="submit" value="Submit">
      </p>
      </form>
 ...
 </html>
 <?php
 }
 else
 {
  $username = cleanString($_POST['username']);
  $password = cleanString($_POST['password']);
 
 if($username && $password)
 {
    $password = md5($password);
    $sql="SELECT id,username FROM `users` WHERE `username`='$username' AND `password`='$password'";
    $query=mysql_query($sql) or die(mysql_error());
 
    if(mysql_num_rows($query) > 0)
    {
          $row = mysql_fetch_assoc($query);
          $_SESSION['id'] = $row['id'];
          $_SESSION['username'] = $row['username'];
           
     
          echo "<script type=\"text/javascript\">window.location=\"members_area.php\"</script>";
    }
    else
    {
        echo "<script type=\"text/javascript\">
        alert(\"Your username or password is incorrect\");
        window.location=\"index.php\"</script>";
    }   
 }
 else
 {           
    echo "<script type=\"text/javascript\">
    alert(\"You need to input your username and password\");
    window.location=\"index.php\"</script>";
 }
 }
?>

Anyone can please help me for correct my problem

Thanks in Advnace

pete_bisby 13Dec2009 19:24

Re: md5 problem in login
 
Has the password been encrypted using PHP or MySQL?

If MySQL is checking the validity of the password then let MySQL encrypt the password, not PHP. There may be subtle differences between PHP and MySQL regarding encryption.

Amend the SQL code so MySQL encrypts then checks the validity - just for consistency purposes:
PHP Code:

$sql "SELECT `id`, `username` FROM `users` WHERE `username`='$username' AND `password`=MD5($password)"


amber.long83 19Dec2009 11:51

Re: md5 problem in login
 
Quote:

Originally Posted by pete_bisby (Post 61627)
Has the password been encrypted using PHP or MySQL?

If MySQL is checking the validity of the password then let MySQL encrypt the password, not PHP. There may be subtle differences between PHP and MySQL regarding encryption.

Amend the SQL code so MySQL encrypts then checks the validity - just for consistency purposes:
PHP Code:

$sql "SELECT `id`, `username` FROM `users` WHERE `username`='$username' AND `password`=MD5($password)"


Thanks for help me


All times are GMT +5.5. The time now is 10:17.