MD5 help . . .

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
DuFF
Forum Contributor
Posts: 495
Joined: Tue Jun 24, 2003 7:49 pm
Location: USA

MD5 help . . .

Post by DuFF »

Hey, I've made a simple sign-in script that checks if the username and password are the same in the MySQL database. For some reason it does not work because the MD5 encryption screws up. I echoed the variables from one try and here is what I got:

Code: Select all

DBName=duff
DBPass=25d55ad283aa400af464
FormName=duff
FormPass=25d55ad283aa400af464c76d713c07ad
As you can see the passwords are almost the same, but the FormPass has some extra on it. I am 100% sure that the passwords entered before the encryption were the exact same. This has happened with every member password I create during my testing. Anyone have any ideas?

Heres my code:

addmember.php

Code: Select all

<?php
echo "
<b>Add A Member</b><br>
<form action='$PHP_SELF' method='post'  enctype='multipart/form-data' name='ADDMEMBER' onsubmit='return ValidateForm()'>
Member Name: <input type='text' name='membername' maxlength='20'>
<BR><BR>
Password: <input type='password' name='memberpassword' maxlength='20'>
<BR><BR>
Password Again: <input type='password' name='memberpassword2' maxlength='20'>
<BR><BR>
E-mail: <input type='text' name='memberemail' maxlength='30'>
<BR><BR><BR>
<input type='hidden' name='action' value='submit'>
<input type='submit' name='submit' value='Submit'>  <input type='Button' value='Cancel' onclick='javascript:history.back()'>
</form><BR>";
if ($action == 'submit')
{
        if($memberpassword!==$memberpassword2)
        {
        die("<font color='red'><CENTER>Passwords did not match!</CENTER></font>");
        }
        $membername=strtolower($membername);
        $memberpassword=md5("$memberpassword");
        include("header.php");
        mysql_connect(localhost,$username,$password);
        @mysql_select_db($database) or die( "Unable to select database");
        $name_check = mysql_query("SELECT name FROM members WHERE name='$membername'") or die(mysql_error());
        if (mysql_num_rows($name_check) == 1) {
          die("<font color='red'><CENTER>Username already in use!</CENTER></font>");
        }
        else {
        $query = "INSERT INTO members VALUES ('$membername','$memberpassword','$memberemail')";
                if  (mysql_query($query))
                {
                echo "<BR><BR><CENTER>Member Added Successfully!</CENTER><br>";
                }
                        else
                        {
                        die("<font color='red'><CENTER>Add Member Failed!</CENTER></font>");
                        }
        }

 mysql_close();
}
?>
login.php

Code: Select all

<?php
echo "
<b>Login</b><br>
<form action='$PHP_SELF' method='post'  enctype='multipart/form-data' name='LOGIN' onsubmit='return ValidateForm()'>
Member Name: <input type='text' name='membername' maxlength='20'>
<BR><BR>
Password: <input type='password' name='memberpassword' maxlength='20'>
<BR><BR><BR>
<input type='hidden' name='action' value='login'>
<input type='submit' name='submit' value='Login'>  <input type='Button' value='Cancel' onclick='javascript:history.back()'>
</form><BR>";

if ($action == 'login')
{
        $membername=strtolower($membername);
        $memberpassword=md5("$memberpassword");
        include("header.php");
        mysql_connect(localhost,$username,$password);
        @mysql_select_db($database) or die( "Unable to select database");
        $query = "SELECT * FROM members WHERE name='$membername'" or die(mysql_error());
        $result=mysql_query($query);
        $num=mysql_numrows($result);
        $i=0;
        while ($i < $num) {
        $dbname=mysql_result($result,$i,"name");
        $dbpassword=mysql_result($result,$i,"password");
        $email=mysql_result($result,$i,"email");
        ++$i;
        }
        echo"DBNAME=$dbname<BR>DBPASS=$dbpassword<BR>MEMBERNAME=$membername<BR>PASS=$memberpassword<BR>";
        if ($memberpassword == $dbpassword)
        {
        echo "<CENTER>Login successful!<BR>This page will automatically redirect you to the index in 3 seconds . . .</CENTER>";
        echo "<meta http-equiv='refresh' content='3; url=index.php'>";
        }
                else
                {
                echo "<font color='red'><CENTER>Please recheck your username and password!</CENTER></font>";
                }


 mysql_close();
}
?>
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

How large is your password field in the database?
MD5 will return a 32 character long hash. I suspect your password field is only 20 characters so the database is chopping off parts of the hash.
User avatar
m@ndio
Forum Regular
Posts: 163
Joined: Fri Jun 06, 2003 12:09 pm
Location: UK

Post by m@ndio »

what field type are you storing the encrypted password in?
User avatar
DuFF
Forum Contributor
Posts: 495
Joined: Tue Jun 24, 2003 7:49 pm
Location: USA

Post by DuFF »

thanks a ton nielsene, you were right, I was storing it in my database as a Varchar(20) so it didn't have enough room.
Post Reply