Problem in my login script. In my script password in md5 hash in the registration. registration is successful and the password is in md5 form in the database table. But whenever I try to login is not == with md5 password in the database. Code Code: <?php include 'dbconnect.php'; if(!$_POST['submit']) { ?> <html> ... <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <p>Username :</br> <input type="text" name="username" maxlength="20"> </p> <p>Password :</br> <input type="password" name="password" maxlength="20"> </p> <p> <input type="submit" name="submit" value="Submit"> </p> </form> ... </html> <?php } else { $username = cleanString($_POST['username']); $password = cleanString($_POST['password']); if($username && $password) { $password = md5($password); $sql="SELECT id,username FROM `users` WHERE `username`='$username' AND `password`='$password'"; $query=mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($query) > 0) { $row = mysql_fetch_assoc($query); $_SESSION['id'] = $row['id']; $_SESSION['username'] = $row['username']; echo "<script type=\"text/javascript\">window.location=\"members_area.php\"</script>"; } else { echo "<script type=\"text/javascript\"> alert(\"Your username or password is incorrect\"); window.location=\"index.php\"</script>"; } } else { echo "<script type=\"text/javascript\"> alert(\"You need to input your username and password\"); window.location=\"index.php\"</script>"; } } ?> Anyone can please help me for correct my problem Thanks in Advnace
Has the password been encrypted using PHP or MySQL? If MySQL is checking the validity of the password then let MySQL encrypt the password, not PHP. There may be subtle differences between PHP and MySQL regarding encryption. Amend the SQL code so MySQL encrypts then checks the validity - just for consistency purposes: PHP: $sql = "SELECT `id`, `username` FROM `users` WHERE `username`='$username' AND `password`=MD5($password)";