User name and password encryption
Posted: Sun Sep 26, 2010 11:23 am
Hi,
Im trying to create a secure log on as an exercise to improve my php and sql skills. I am trying to encrypt the password sent to the data base as an md5 hash so that admins cannot see the plain text of passwords, nor can any unwanted hackers.
I have managed to set up a page which creates the users login:
<?php
//create a connection to database
$con = mysql_connect("localhost","root","root");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("test", $con);
//username and password from main_login
$myusername=$_POST['username'];
$mypassword=$_POST['mypassword'];
//encrypt
$encrypted_mypassword=md5($mypassword);
//insert data to table
$sql="INSERT INTO members (username, password)
VALUES
('$myusername','$encrypted_mypassword')";
//validation message
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "Your account has been added to the Data Base, Thank you for your time.";
mysql_close($con)
?>
which pulls the data from a html form. The password is sent to my server as an md5 hash value. My problem is with the actual login in page below, i keep getting invalid username or password. im sure its a simple problem but i cant see it as im new to php
any help would be appreciated. below is the code
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="root"; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password from login form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
//encrypt password
$encrypted_mypassword = md5($mypassword);
// To protect from MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($encrypted_mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($encrypted_mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername'
AND password='$encrypted_mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $encrypted_mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("encrypted_mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
Im trying to create a secure log on as an exercise to improve my php and sql skills. I am trying to encrypt the password sent to the data base as an md5 hash so that admins cannot see the plain text of passwords, nor can any unwanted hackers.
I have managed to set up a page which creates the users login:
<?php
//create a connection to database
$con = mysql_connect("localhost","root","root");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("test", $con);
//username and password from main_login
$myusername=$_POST['username'];
$mypassword=$_POST['mypassword'];
//encrypt
$encrypted_mypassword=md5($mypassword);
//insert data to table
$sql="INSERT INTO members (username, password)
VALUES
('$myusername','$encrypted_mypassword')";
//validation message
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "Your account has been added to the Data Base, Thank you for your time.";
mysql_close($con)
?>
which pulls the data from a html form. The password is sent to my server as an md5 hash value. My problem is with the actual login in page below, i keep getting invalid username or password. im sure its a simple problem but i cant see it as im new to php
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="root"; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password from login form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
//encrypt password
$encrypted_mypassword = md5($mypassword);
// To protect from MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($encrypted_mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($encrypted_mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername'
AND password='$encrypted_mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $encrypted_mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("encrypted_mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>