md5 password problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

tito85
Forum Contributor
Posts: 104
Joined: Sat Mar 13, 2010 11:26 am

md5 password problem

Post by tito85 »

Hi,

I am using this code in a user registration script for the password to be Encrypted in the database and it is working.

Code: Select all

$password = md5($_POST['txtPassword']);
The post will then insert the password in the database.

However when trying to sign into the system the password is not being validated.

This is part of the login script:

Code: Select all

if (isset($_POST['btnLogin'])) {
      //getting information from Form posted
      $username = $_POST['txtUsername'];
      $password = md5($_POST['txtPassword']);
      //building the query with the database
      $select = "SELECT * FROM users WHERE UserName = '" . mysql_real_escape_string($username) . "' AND Password = '" . $password . "'";
Any help please why it is not working?
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: md5 password problem

Post by Apollo »

Are you sure the checksum which you are validating against is equal to what's stored in the database?

Alternatively, can it be something stupid like a Username vs UserName case difference?
tito85
Forum Contributor
Posts: 104
Joined: Sat Mar 13, 2010 11:26 am

Re: md5 password problem

Post by tito85 »

To be honest I don't know about the checksum.

I only did the md5 on the mentioned line of code and nothing else.

Any idea where to check the checksum?

The database I am using is MySQL in phpMyAdmin
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: md5 password problem

Post by Apollo »

print the query you're performing, and look in phpMyAdmin to see if it matches with whatever is in the database.
tito85
Forum Contributor
Posts: 104
Joined: Sat Mar 13, 2010 11:26 am

Re: md5 password problem

Post by tito85 »

Sorry but I am confused, can't understand... :?
lcarron000
Forum Newbie
Posts: 13
Joined: Thu May 20, 2010 2:51 pm

Re: md5 password problem

Post by lcarron000 »

Run this code and compare the string to what is stored in the password field in your database table.

Code: Select all

<?php
$password = md5("put your password here");
echo $password;
?>
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: md5 password problem

Post by pickle »

You should also make sure quotes aren't magically being inserted by a PHP directive. The password, d83b'3k would become d83b\'3k. Do this to get rid of that slash if it's been entered:

Code: Select all

$password = (get_magic_quotes_gpc()) ? stripslashes($_POST['txtPassword']) : $_POST['txtPassword'];
$password = md5($password);
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
tito85
Forum Contributor
Posts: 104
Joined: Sat Mar 13, 2010 11:26 am

Re: md5 password problem

Post by tito85 »

Hi,

It seems like I solved the problem.

The database had a limit of 30 characters for the password field and when a password is Encrypted becomes longer than 30 characters.

Thanks all for helping!
Last edited by tito85 on Tue May 25, 2010 1:57 pm, edited 1 time in total.
mikosiko
Forum Regular
Posts: 757
Joined: Wed Jan 13, 2010 7:22 pm

Re: md5 password problem

Post by mikosiko »

tito85 wrote:Hi,

I tried the mention code below and the result is different from what was stored in the database.

Code: Select all

<?php
$password = md5("put your password here");
echo $password;
?>
However no slashes are present in the result or in what it is stored in the database.

Any other ideas please?
not trying to insult your inteligence, but.... hope that you are NOT saying that you used EXACTLY the same code that you posted ... or you did?

just to be sure... you should have used something like this

Code: Select all

<?php
$password = md5("put here the value of your txtPassword variable");
echo $password;
?>
if was not clear before... should be clear now
tito85
Forum Contributor
Posts: 104
Joined: Sat Mar 13, 2010 11:26 am

Re: md5 password problem

Post by tito85 »

Hi,

Of course not. I just used that as a test and changed the "put your password here" with the password used before. Then I noticed that the output was longer than what was stored in the db. I modified the lenght of the data that can be stored and it worked.

Thanks for noting!
mikosiko wrote:
tito85 wrote:Hi,

I tried the mention code below and the result is different from what was stored in the database.

Code: Select all

<?php
$password = md5("put your password here");
echo $password;
?>
However no slashes are present in the result or in what it is stored in the database.

Any other ideas please?
not trying to insult your inteligence, but.... hope that you are NOT saying that you used EXACTLY the same code that you posted ... or you did?

just to be sure... you should have used something like this

Code: Select all

<?php
$password = md5("put here the value of your txtPassword variable");
echo $password;
?>
if was not clear before... should be clear now
mikosiko
Forum Regular
Posts: 757
Joined: Wed Jan 13, 2010 7:22 pm

Re: md5 password problem

Post by mikosiko »

in my culture this :
"not trying to insult your intelligence"

is considered politeness, deference and good manners

this:
tito85 wrote:Thanks for noting!
is not.

enough said
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: md5 password problem

Post by pickle »

That might not have been a typo. He might actually have been thanking you for noting what you did.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
tito85
Forum Contributor
Posts: 104
Joined: Sat Mar 13, 2010 11:26 am

Re: md5 password problem

Post by tito85 »

In fact that’s what I meant. I am thanking you for noting the code.

Sorry if you understand it wrong.

However thanks a lot for your help!
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Re: md5 password problem

Post by s.dot »

An md5() generated hash will always be 32 characters in length. So you can set your database field type to CHAR with 32 as the length value.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
tito85
Forum Contributor
Posts: 104
Joined: Sat Mar 13, 2010 11:26 am

Re: md5 password problem

Post by tito85 »

Hi,

Yes in fact that's what I did. Before it was limited to 30 and now i've corrected the mistake.
s.dot wrote:An md5() generated hash will always be 32 characters in length. So you can set your database field type to CHAR with 32 as the length value.
Thanks for your help!
Post Reply