PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
tito85
Forum Contributor
Posts: 104 Joined: Sat Mar 13, 2010 11:26 am
Post
by tito85 » Tue May 25, 2010 8:18 am
Hi,
I am using this code in a user registration script for the password to be Encrypted in the database and it is working.
Code: Select all
$password = md5($_POST['txtPassword']);
The post will then insert the password in the database.
However when trying to sign into the system the password is not being validated.
This is part of the login script:
Code: Select all
if (isset($_POST['btnLogin'])) {
//getting information from Form posted
$username = $_POST['txtUsername'];
$password = md5($_POST['txtPassword']);
//building the query with the database
$select = "SELECT * FROM users WHERE UserName = '" . mysql_real_escape_string($username) . "' AND Password = '" . $password . "'";
Any help please why it is not working?
Apollo
Forum Regular
Posts: 794 Joined: Wed Apr 30, 2008 2:34 am
Post
by Apollo » Tue May 25, 2010 8:35 am
Are you sure the checksum which you are validating against is equal to what's stored in the database?
Alternatively, can it be something stupid like a Usern ame vs UserN ame case difference?
tito85
Forum Contributor
Posts: 104 Joined: Sat Mar 13, 2010 11:26 am
Post
by tito85 » Tue May 25, 2010 8:44 am
To be honest I don't know about the checksum.
I only did the md5 on the mentioned line of code and nothing else.
Any idea where to check the checksum?
The database I am using is MySQL in phpMyAdmin
Apollo
Forum Regular
Posts: 794 Joined: Wed Apr 30, 2008 2:34 am
Post
by Apollo » Tue May 25, 2010 8:57 am
print the query you're performing, and look in phpMyAdmin to see if it matches with whatever is in the database.
tito85
Forum Contributor
Posts: 104 Joined: Sat Mar 13, 2010 11:26 am
Post
by tito85 » Tue May 25, 2010 9:09 am
Sorry but I am confused, can't understand...
lcarron000
Forum Newbie
Posts: 13 Joined: Thu May 20, 2010 2:51 pm
Post
by lcarron000 » Tue May 25, 2010 10:04 am
Run this code and compare the string to what is stored in the password field in your database table.
Code: Select all
<?php
$password = md5("put your password here");
echo $password;
?>
pickle
Briney Mod
Posts: 6445 Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:
Post
by pickle » Tue May 25, 2010 10:08 am
You should also make sure quotes aren't magically being inserted by a PHP directive. The password,
d83b'3k would become
d83b\'3k . Do this to get rid of that slash if it's been entered:
Code: Select all
$password = (get_magic_quotes_gpc()) ? stripslashes($_POST['txtPassword']) : $_POST['txtPassword'];
$password = md5($password);
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
tito85
Forum Contributor
Posts: 104 Joined: Sat Mar 13, 2010 11:26 am
Post
by tito85 » Tue May 25, 2010 1:47 pm
Hi,
It seems like I solved the problem.
The database had a limit of 30 characters for the password field and when a password is Encrypted becomes longer than 30 characters.
Thanks all for helping!
Last edited by
tito85 on Tue May 25, 2010 1:57 pm, edited 1 time in total.
mikosiko
Forum Regular
Posts: 757 Joined: Wed Jan 13, 2010 7:22 pm
Post
by mikosiko » Tue May 25, 2010 1:56 pm
tito85 wrote: Hi,
I tried the mention code below and the result is different from what was stored in the database.
Code: Select all
<?php
$password = md5("put your password here");
echo $password;
?>
However no slashes are present in the result or in what it is stored in the database.
Any other ideas please?
not trying to insult your inteligence, but.... hope that you are NOT saying that you used EXACTLY the same code that you posted ... or you did?
just to be sure... you should have used something like this
Code: Select all
<?php
$password = md5("put here the value of your txtPassword variable");
echo $password;
?>
if was not clear before... should be clear now
tito85
Forum Contributor
Posts: 104 Joined: Sat Mar 13, 2010 11:26 am
Post
by tito85 » Tue May 25, 2010 2:27 pm
Hi,
Of course not. I just used that as a test and changed the "put your password here" with the password used before. Then I noticed that the output was longer than what was stored in the db. I modified the lenght of the data that can be stored and it worked.
Thanks for noting!
mikosiko wrote: tito85 wrote: Hi,
I tried the mention code below and the result is different from what was stored in the database.
Code: Select all
<?php
$password = md5("put your password here");
echo $password;
?>
However no slashes are present in the result or in what it is stored in the database.
Any other ideas please?
not trying to insult your inteligence, but.... hope that you are NOT saying that you used EXACTLY the same code that you posted ... or you did?
just to be sure... you should have used something like this
Code: Select all
<?php
$password = md5("put here the value of your txtPassword variable");
echo $password;
?>
if was not clear before... should be clear now
mikosiko
Forum Regular
Posts: 757 Joined: Wed Jan 13, 2010 7:22 pm
Post
by mikosiko » Tue May 25, 2010 2:40 pm
in my culture this :
"not trying to insult your intelligence"
is considered politeness, deference and good manners
this:
tito85 wrote: Thanks for noting!
is not.
enough said
pickle
Briney Mod
Posts: 6445 Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:
Post
by pickle » Tue May 25, 2010 2:43 pm
That might not have been a typo. He might actually have been thanking you for noting what you did.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
tito85
Forum Contributor
Posts: 104 Joined: Sat Mar 13, 2010 11:26 am
Post
by tito85 » Tue May 25, 2010 2:52 pm
In fact that’s what I meant. I am thanking you for noting the code.
Sorry if you understand it wrong.
However thanks a lot for your help!
s.dot
Tranquility In Moderation
Posts: 5001 Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana
Post
by s.dot » Tue May 25, 2010 2:54 pm
An md5() generated hash will always be 32 characters in length. So you can set your database field type to CHAR with 32 as the length value.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
tito85
Forum Contributor
Posts: 104 Joined: Sat Mar 13, 2010 11:26 am
Post
by tito85 » Tue May 25, 2010 2:55 pm
Hi,
Yes in fact that's what I did. Before it was limited to 30 and now i've corrected the mistake.
s.dot wrote: An md5() generated hash will always be 32 characters in length. So you can set your database field type to CHAR with 32 as the length value.
Thanks for your help!