MD5 help . . .
Posted: Mon Jun 30, 2003 3:43 pm
Hey, I've made a simple sign-in script that checks if the username and password are the same in the MySQL database. For some reason it does not work because the MD5 encryption screws up. I echoed the variables from one try and here is what I got:
As you can see the passwords are almost the same, but the FormPass has some extra on it. I am 100% sure that the passwords entered before the encryption were the exact same. This has happened with every member password I create during my testing. Anyone have any ideas?
Heres my code:
addmember.php
login.php
Code: Select all
DBName=duff
DBPass=25d55ad283aa400af464
FormName=duff
FormPass=25d55ad283aa400af464c76d713c07adHeres my code:
addmember.php
Code: Select all
<?php
echo "
<b>Add A Member</b><br>
<form action='$PHP_SELF' method='post' enctype='multipart/form-data' name='ADDMEMBER' onsubmit='return ValidateForm()'>
Member Name: <input type='text' name='membername' maxlength='20'>
<BR><BR>
Password: <input type='password' name='memberpassword' maxlength='20'>
<BR><BR>
Password Again: <input type='password' name='memberpassword2' maxlength='20'>
<BR><BR>
E-mail: <input type='text' name='memberemail' maxlength='30'>
<BR><BR><BR>
<input type='hidden' name='action' value='submit'>
<input type='submit' name='submit' value='Submit'> <input type='Button' value='Cancel' onclick='javascript:history.back()'>
</form><BR>";
if ($action == 'submit')
{
if($memberpassword!==$memberpassword2)
{
die("<font color='red'><CENTER>Passwords did not match!</CENTER></font>");
}
$membername=strtolower($membername);
$memberpassword=md5("$memberpassword");
include("header.php");
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$name_check = mysql_query("SELECT name FROM members WHERE name='$membername'") or die(mysql_error());
if (mysql_num_rows($name_check) == 1) {
die("<font color='red'><CENTER>Username already in use!</CENTER></font>");
}
else {
$query = "INSERT INTO members VALUES ('$membername','$memberpassword','$memberemail')";
if (mysql_query($query))
{
echo "<BR><BR><CENTER>Member Added Successfully!</CENTER><br>";
}
else
{
die("<font color='red'><CENTER>Add Member Failed!</CENTER></font>");
}
}
mysql_close();
}
?>Code: Select all
<?php
echo "
<b>Login</b><br>
<form action='$PHP_SELF' method='post' enctype='multipart/form-data' name='LOGIN' onsubmit='return ValidateForm()'>
Member Name: <input type='text' name='membername' maxlength='20'>
<BR><BR>
Password: <input type='password' name='memberpassword' maxlength='20'>
<BR><BR><BR>
<input type='hidden' name='action' value='login'>
<input type='submit' name='submit' value='Login'> <input type='Button' value='Cancel' onclick='javascript:history.back()'>
</form><BR>";
if ($action == 'login')
{
$membername=strtolower($membername);
$memberpassword=md5("$memberpassword");
include("header.php");
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query = "SELECT * FROM members WHERE name='$membername'" or die(mysql_error());
$result=mysql_query($query);
$num=mysql_numrows($result);
$i=0;
while ($i < $num) {
$dbname=mysql_result($result,$i,"name");
$dbpassword=mysql_result($result,$i,"password");
$email=mysql_result($result,$i,"email");
++$i;
}
echo"DBNAME=$dbname<BR>DBPASS=$dbpassword<BR>MEMBERNAME=$membername<BR>PASS=$memberpassword<BR>";
if ($memberpassword == $dbpassword)
{
echo "<CENTER>Login successful!<BR>This page will automatically redirect you to the index in 3 seconds . . .</CENTER>";
echo "<meta http-equiv='refresh' content='3; url=index.php'>";
}
else
{
echo "<font color='red'><CENTER>Please recheck your username and password!</CENTER></font>";
}
mysql_close();
}
?>