Hi,
My project consists of a registration form and a login form.
Registration details are goes into the the database.(phpMyadmin)
I use md5 algorithm to encrypt users password.
Thereafter users should be able to login to the system via login form.
But the md5 does not supporting decrypting password.
Can anyone give me a solution.
Thanks,
Heshan.
php with md5 algorithm
Moderator: General Moderators
-
internet-solution
- Forum Contributor
- Posts: 220
- Joined: Thu May 27, 2010 6:27 am
- Location: UK
Re: php with md5 algorithm
In your login form take user input as password, then encrypt with md5 (use the same salt as you did during registration), then match this encrypted password with the encrypted password stored in mySQL.
Re: php with md5 algorithm
Can you show me by giving an example code?
It will be useful for me,
Thank you,
Heshan.
It will be useful for me,
Thank you,
Heshan.
-
internet-solution
- Forum Contributor
- Posts: 220
- Joined: Thu May 27, 2010 6:27 am
- Location: UK
Re: php with md5 algorithm
Code: Select all
$userID = $_POST['txtUserId'];
$userPass = $_POST['txtPassword'];
$hashPass = md5($userPass);
//open db connection etc
$query = sprintf("SELECT * FROM `user` WHERE userName='%s' AND password = '%s'",
mysql_real_escape_string($userID),
$hashPass);
$result =mysql_query($query) or die('Query failed. ' . mysql_error());
if (mysql_num_rows($result) == 1)
{
//successful login
//do something useful here
exit;
}
else
{
$errorMessage = 'Sorry, wrong user id / password';
exit;
}
Last edited by internet-solution on Thu Jul 15, 2010 9:24 am, edited 1 time in total.
Re: php with md5 algorithm
You should not use the PASSWORD() function here, just password='%s' (with %s being the md5 checksum of the password).internet-solution wrote: SELECT * FROM `user` WHERE userName='%s' AND password = PASSWORD('%s')
TS, obviously md5($userPass) is also what you store when the user registers.
See also the MySQL PASSWORD() manual entry:
Furthermore, you should use better hashing (e.g. sha512 instead of md5) and add dynamic salt. Check out Mordred's Password hashing howto and hownotto article.The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead.
Re: php with md5 algorithm
Thank you all for your support
