User name and password encryption

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
barffy
Forum Newbie
Posts: 11
Joined: Mon Aug 30, 2010 6:15 am

User name and password encryption

Post by barffy »

Hi,

Im trying to create a secure log on as an exercise to improve my php and sql skills. I am trying to encrypt the password sent to the data base as an md5 hash so that admins cannot see the plain text of passwords, nor can any unwanted hackers.

I have managed to set up a page which creates the users login:


<?php

//create a connection to database
$con = mysql_connect("localhost","root","root");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("test", $con);


//username and password from main_login
$myusername=$_POST['username'];
$mypassword=$_POST['mypassword'];

//encrypt
$encrypted_mypassword=md5($mypassword);

//insert data to table
$sql="INSERT INTO members (username, password)
VALUES
('$myusername','$encrypted_mypassword')";
//validation message

if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "Your account has been added to the Data Base, Thank you for your time.";

mysql_close($con)
?>

which pulls the data from a html form. The password is sent to my server as an md5 hash value. My problem is with the actual login in page below, i keep getting invalid username or password. im sure its a simple problem but i cant see it as im new to php :oops: any help would be appreciated. below is the code

<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="root"; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password from login form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

//encrypt password
$encrypted_mypassword = md5($mypassword);

// To protect from MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($encrypted_mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($encrypted_mypassword);


$sql="SELECT * FROM $tbl_name WHERE username='$myusername'
AND password='$encrypted_mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $encrypted_mypassword and redirect to file "login_success.php"

session_register("myusername");
session_register("encrypted_mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}

?>
barffy
Forum Newbie
Posts: 11
Joined: Mon Aug 30, 2010 6:15 am

Re: User name and password encryption

Post by barffy »

something i have just noticed, what ever password i enter i always get the same hash value of 'd41d8cd98f00b204e9800998ecf8427e'
Perhaps this is my problem. Any idea's anyone?

kind Regards

Harry
barffy
Forum Newbie
Posts: 11
Joined: Mon Aug 30, 2010 6:15 am

Re: User name and password encryption

Post by barffy »

Typical, i spend 8 hours trying to work out my simple error, at my wits end i post my problem on a forum and within the hour i solve the problem myself.
Im really sorry to have wasted anyones time.

Regards

Harry
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: User name and password encryption

Post by John Cartwright »

barffy wrote:Typical, i spend 8 hours trying to work out my simple error, at my wits end i post my problem on a forum and within the hour i solve the problem myself.
Im really sorry to have wasted anyones time.

Regards

Harry
You would be suprised how often after communicating a problem outloud to a colleague, or writting the problem out on a forum, I will have that eureka moment.
Post Reply