Page 1 of 2

md5 password problem

Posted: Tue May 25, 2010 8:18 am
by tito85
Hi,

I am using this code in a user registration script for the password to be Encrypted in the database and it is working.

Code: Select all

$password = md5($_POST['txtPassword']);
The post will then insert the password in the database.

However when trying to sign into the system the password is not being validated.

This is part of the login script:

Code: Select all

if (isset($_POST['btnLogin'])) {
      //getting information from Form posted
      $username = $_POST['txtUsername'];
      $password = md5($_POST['txtPassword']);
      //building the query with the database
      $select = "SELECT * FROM users WHERE UserName = '" . mysql_real_escape_string($username) . "' AND Password = '" . $password . "'";
Any help please why it is not working?

Re: md5 password problem

Posted: Tue May 25, 2010 8:35 am
by Apollo
Are you sure the checksum which you are validating against is equal to what's stored in the database?

Alternatively, can it be something stupid like a Username vs UserName case difference?

Re: md5 password problem

Posted: Tue May 25, 2010 8:44 am
by tito85
To be honest I don't know about the checksum.

I only did the md5 on the mentioned line of code and nothing else.

Any idea where to check the checksum?

The database I am using is MySQL in phpMyAdmin

Re: md5 password problem

Posted: Tue May 25, 2010 8:57 am
by Apollo
print the query you're performing, and look in phpMyAdmin to see if it matches with whatever is in the database.

Re: md5 password problem

Posted: Tue May 25, 2010 9:09 am
by tito85
Sorry but I am confused, can't understand... :?

Re: md5 password problem

Posted: Tue May 25, 2010 10:04 am
by lcarron000
Run this code and compare the string to what is stored in the password field in your database table.

Code: Select all

<?php
$password = md5("put your password here");
echo $password;
?>

Re: md5 password problem

Posted: Tue May 25, 2010 10:08 am
by pickle
You should also make sure quotes aren't magically being inserted by a PHP directive. The password, d83b'3k would become d83b\'3k. Do this to get rid of that slash if it's been entered:

Code: Select all

$password = (get_magic_quotes_gpc()) ? stripslashes($_POST['txtPassword']) : $_POST['txtPassword'];
$password = md5($password);

Re: md5 password problem

Posted: Tue May 25, 2010 1:47 pm
by tito85
Hi,

It seems like I solved the problem.

The database had a limit of 30 characters for the password field and when a password is Encrypted becomes longer than 30 characters.

Thanks all for helping!

Re: md5 password problem

Posted: Tue May 25, 2010 1:56 pm
by mikosiko
tito85 wrote:Hi,

I tried the mention code below and the result is different from what was stored in the database.

Code: Select all

<?php
$password = md5("put your password here");
echo $password;
?>
However no slashes are present in the result or in what it is stored in the database.

Any other ideas please?
not trying to insult your inteligence, but.... hope that you are NOT saying that you used EXACTLY the same code that you posted ... or you did?

just to be sure... you should have used something like this

Code: Select all

<?php
$password = md5("put here the value of your txtPassword variable");
echo $password;
?>
if was not clear before... should be clear now

Re: md5 password problem

Posted: Tue May 25, 2010 2:27 pm
by tito85
Hi,

Of course not. I just used that as a test and changed the "put your password here" with the password used before. Then I noticed that the output was longer than what was stored in the db. I modified the lenght of the data that can be stored and it worked.

Thanks for noting!
mikosiko wrote:
tito85 wrote:Hi,

I tried the mention code below and the result is different from what was stored in the database.

Code: Select all

<?php
$password = md5("put your password here");
echo $password;
?>
However no slashes are present in the result or in what it is stored in the database.

Any other ideas please?
not trying to insult your inteligence, but.... hope that you are NOT saying that you used EXACTLY the same code that you posted ... or you did?

just to be sure... you should have used something like this

Code: Select all

<?php
$password = md5("put here the value of your txtPassword variable");
echo $password;
?>
if was not clear before... should be clear now

Re: md5 password problem

Posted: Tue May 25, 2010 2:40 pm
by mikosiko
in my culture this :
"not trying to insult your intelligence"

is considered politeness, deference and good manners

this:
tito85 wrote:Thanks for noting!
is not.

enough said

Re: md5 password problem

Posted: Tue May 25, 2010 2:43 pm
by pickle
That might not have been a typo. He might actually have been thanking you for noting what you did.

Re: md5 password problem

Posted: Tue May 25, 2010 2:52 pm
by tito85
In fact that’s what I meant. I am thanking you for noting the code.

Sorry if you understand it wrong.

However thanks a lot for your help!

Re: md5 password problem

Posted: Tue May 25, 2010 2:54 pm
by s.dot
An md5() generated hash will always be 32 characters in length. So you can set your database field type to CHAR with 32 as the length value.

Re: md5 password problem

Posted: Tue May 25, 2010 2:55 pm
by tito85
Hi,

Yes in fact that's what I did. Before it was limited to 30 and now i've corrected the mistake.
s.dot wrote:An md5() generated hash will always be 32 characters in length. So you can set your database field type to CHAR with 32 as the length value.
Thanks for your help!