4 {{ upvoteCount | shortNum }}
4 {{ upvoteCount | shortNum }}

MD5 LOGIN HELP?

by Deadly Designs
3 replies
When a user registers for my site then their password is encrypted in md5, but they are not able to login. I have my login page below, i tried to ude the MD%() string where the code selects the pass but no luck, what do i do?


PHP Code:
<?php
session_start(); 
if( $_SESSION["logging"]&& $_SESSION["logged"])
{
     print_secure_content();
}
else {
    if(!$_SESSION["logging"])
    {  
    $_SESSION["logging"]=true;
    loginform();
    }
       else if($_SESSION["logging"])
       {
         $number_of_rows=checkpass();
         if($number_of_rows==1)
            {    
             $_SESSION[user]=$_POST[userlogin];
             $_SESSION[logged]=true;
             print"<h1>you have loged in successfully</h1>";
             print_secure_content();
            }
            else{
                   print "wrong pawssword or username, please try again";    
                   echo $ttt;    
                loginform();
            }
        }
     }

function loginform()
{
print "please enter your login information to proceed with our site";
print ("<table border='2'><tr><td>username</td><td><input type='text' name='userlogin' size'20'></td></tr><tr><td>password</td><td><input type='password' name='password' size'20'></td></tr></table>");
print "<input type='submit' >";    
print "<h3><a href='registerform.php'>register now!</a></h3>";    
}

function checkpass()
{
$servername="supremecenter48.com";
$username="bignixs1_f4rwrld";
$conn=  mysql_connect($servername,$username,"cool23")or die(mysql_error());
mysql_select_db("bignixs1_f4rwrld",$conn);
$sql="select * from users where user='$_POST[userlogin]' and pass='$_POST[password]'";
$result=mysql_query($sql,$conn) or die(mysql_error());
return  mysql_num_rows($result);
}

function print_secure_content()
{
    print("<b><h1>hi mr.$_SESSION[user]</h1>");
    print "<br><h2>only a logged in user can see this</h2><br><a href='logout.php'>Logout</a><br>";    
    
}
?>
#login #md5
  • Profile picture of the author Speedyapoc
    Firstly, I suggest hiding your usernames and passwords for your database.

    I don't really see you actually MD5(ing) any passwords in this script. In semi-psuedo code, it would look like this:

    __________________________________________________ ______

    function register(bla bla bla) {

    // Consider the $password variable being our POST'd password
    $password = $_POST['password'];

    $password = md5($password);

    mysql_query('insert into `bla` (`bla`,`password`) VALUES (\'' . $bla . '\',\'' . $password . '\');');

    }

    __________________________________________________ ______

    This inserts an MD5'd password into the database.

    __________________________________________________ ______

    function login(bla, bla) {

    $enteredPassword = md5($_POST['password']);

    $q = mysql_query('SELECT * FROM `users` WHERE bla=bla AND `password` = \'' . $enteredPassword . '\';');

    }

    __________________________________________________ ______

    Basically, you add an MD5'd password into the database, so MD5 version of the password that they enter into the login form should equal the one in the database. However, MD5 its self is frowned upon. I would suggest adding a couple salts to the algorithm.
    {{ DiscussionBoard.errors[4468966].message }}
    • Profile picture of the author Deadly Designs
      i did not include the registration form and i will change md5's to salts and I need to learn how to sanitize too
      {{ DiscussionBoard.errors[4474354].message }}
      • Profile picture of the author unnatural
        To sanitize in PHP you can use the mysql_real_escape_string() function.

        Of course that's just basic sanitizing, it really depends on what kind of data your going to input. For example if you're sanitizing a blog comment you may want to remove/parse links etc. before saving in the database.

        For further sanitizing you can also look into MySQL prepare statements.
        {{ DiscussionBoard.errors[4476334].message }}

Trending Topics