[SOLVED] md5 Hashing

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
partiallynothing
Forum Commoner
Posts: 61
Joined: Fri Nov 21, 2003 5:02 pm
Location: connecticut, usa

[SOLVED] md5 Hashing

Post by partiallynothing »

I am trying to add md5 hashing to my website login and registration. I can't get it to log in correctly.

register.inc.php

Code: Select all

<?php
//include files
include('db/db.inc.php');

//date
$currentdate = date("Y-m-d");

//check for post submission
if (isSet($_POST['submit'])) {

	//check that both fields have something in them
   if (empty($_POST['username']) || empty($_POST['password1']) || empty($_POST['password2']) || empty($_POST['firstname']) || empty($_POST['lastname']) || empty($_POST['email'])) {
        echo "<head><meta http-equiv=refresh content="2;
        URL=register.php"></head><b>You did not fill in all fields!</b><BR>Please wait.  You will be redirected in two seconds.";
        exit;
   }
   if (($_POST['password1']) != ($_POST['password2'])) {
   		echo "<head><meta http-equiv=refresh content="2;
        URL=register.php"></head><b>Your passwords do not match!</b><BR>Please wait.  You will be redirected in two seconds.";
        exit;
   }
	
      //mysql query
      $query = "SELECT * FROM users WHERE username ='{$_POST['username']}'";
      $result = mysql_query($query) or die(mysql_error());
	  
	  //check for username already in database
      if (mysql_num_rows($result) == "0" || mysql_num_rows($result) > 1) {
	  	//encrypt password
		$password = $_POST['password'];
		$encpassword = md5($password);
		
		//submit information
		$query = "INSERT INTO users VALUES ('', '{$_POST['username']}', '$encpassword', '{$_POST['firstname']}', '{$_POST['lastname']}', '{$_POST['email']}', '00-00-0000', '$currentdate', '1', '1', '2', '1', '3')";
	    $result = mysql_query($query) or die(mysql_error());
		
		//display confirmation and redirect
        echo "<head><meta http-equiv=refresh content="2;
        URL=index.php"></head><b>Registration Successful!</b><BR>Please wait.  You will be redirected in two seconds.";
	
	} else {
		echo "<head><meta http-equiv=refresh content="2;
        URL=register.php"></head><b>Username Already Taken!</b><BR>Please wait.  You will be redirected in two seconds.";
		exit;
		}

} else {

//print login forum
echo <<< FORM
<div align="center">All fields required.</div>
<style type="text/css"> .style9 {font-family: Verdana; font-size: 10px; color: #333333; } </style>
<form action="{$_SERVER['PHP_SELF']}" method="post">
   <table align="center" border="0" cellspacing="0" cellpadding="3">
      <tr>
         <td><span class="style9">Desired Username:</span></td>
         <td><input type="text" name="username" maxlength="40"></td>
      </tr>
	  <tr>
         <td><span class="style9">Password:</span></td>
         <td><input type="password" name="password1" maxlength="40"></td>
      </tr>
	  <tr>
         <td><span class="style9">Confirm Password:</span></td>
         <td><input type="password" name="password2" maxlength="40"></td>
      </tr>
      <tr>
         <td><span class="style9">First Name:</span></td>
         <td><input type="test" name="firstname" maxlength="50"></td>
      </tr>
	  <tr>
         <td><span class="style9">Last Name:</span></td>
         <td><input type="test" name="lastname" maxlength="50"></td>
      </tr>
	  <tr>
         <td><span class="style9">E-mail Address:</span></td>
         <td><input type="test" name="email" maxlength="50"></td>
      </tr>
      <tr>
         <td colspan="2" align="center"><input type="submit" name="submit" value="Register">
         <input type="hidden" name="submit" value="submitted" /></td>
      </tr>
   </table>
</form>
FORM;
}
?>
login.inc.php

Code: Select all

<?php
//include files
include('db/db.inc.php');

//currentdate
$currentdate = date("Y-m-d");

//check for post submission
if(isSet($_POST['submit'])) {

//check that both fields have something in them
   if(empty($_POST['username']) || empty($_POST['password'])) {
          echo "<head><meta http-equiv=refresh content="2;
        URL=index.php"></head><b>Login Invalid</b><BR>Please wait.  You will be redirected in two seconds.";
        exit;
   }

		     //encrypt pass
   $password = $_POST['password']; 
   $encpassword = md5($password);
   
        //mysql query
   $query = "SELECT * FROM users WHERE username ='{$_POST['username']}' AND password = '$encpassword'";
   $result = mysql_query($query) or die(mysql_error());
       
          //check for results
      if(mysql_num_rows($result) == "0" || mysql_num_rows($result) > 1) {
                 echo "<head><meta http-equiv=refresh content="2;
        URL=index.php"></head><b>Login Invalid</b><BR>Please wait.  You will be redirected in two seconds.";
      
          //define session variables
          } else {
            $row = mysql_fetch_array($result);
        $_SESSION['auth'] = "1";
        $_SESSION['id'] = $row['id'];
        $_SESSION['username'] = $row['username'];
        $_SESSION['firstname'] = $row['firstname'];
        $_SESSION['lastname'] = $row['lastname'];
        $_SESSION['email'] = $row['email'];
        $_SESSION['dateofbirth'] = $row['dateofbirth'];
        $_SESSION['datecreated'] = $row['datecreated'];
        $_SESSION['userlevel'] = $row['userlevel'];
        $_SESSION['pref_backcolor'] = $row['pref_backcolor'];
        $_SESSION['pref_top'] = $row['pref_top'];
        $_SESSION['pref_middle'] = $row['pref_middle'];
                $_SESSION['pref_bottom'] = $row['pref_bottom'];
        echo "<head><meta http-equiv=refresh content="2;
        URL=index1.php"></head><b>Login Successful!</b><BR>Please wait.  You will be redirected in two seconds.";
      }

} else {

//print login forum
echo <<< FORM

<style type="text/css">
<!--
.style9 {font-family: Verdana; font-size: 10px; color: #333333; }
-->
</style>

<form action="{$_SERVER['PHP_SELF']}" method="post">
   <table align="center" border="0" cellspacing="0" cellpadding="3">
      <tr>
         <td><span class="style9">Username:</span></td>
         <td><input type="text" name="username" maxlength="40"></td>
      </tr>
      <tr>
         <td><span class="style9">Password:</span></td>
         <td><input type="password" name="password" maxlength="50"></td>
      </tr>
      <tr>
         <td colspan="2" align="center"><input type="submit" name="submit" value="Signin">
         <input type="hidden" name="submit" value="submitted" /></td>
      </tr>
   </table>
</form>
<div align="center">Not a member? <a href="register.php">Register</a>.</div>
FORM;
} 
?>
I get two different hashes with the same password, what am I doing wrong?! Thanks!
User avatar
Pyrite
Forum Regular
Posts: 769
Joined: Tue Sep 23, 2003 11:07 pm
Location: The Republic of Texas
Contact:

Post by Pyrite »

Code: Select all

//check for username already in database
      if (mysql_num_rows($result) == "0" || mysql_num_rows($result) > 1) {
        //encrypt password
      $password = $_POST['password'];
      $encpassword = md5($password);
Shouldn't $_POST['password'] be password1 ?
microthick
Forum Regular
Posts: 543
Joined: Wed Sep 24, 2003 2:15 pm
Location: Vancouver, BC

Post by microthick »

Is your varchar field actually inserting the whole hashed password? it's quite long.
microthick
Forum Regular
Posts: 543
Joined: Wed Sep 24, 2003 2:15 pm
Location: Vancouver, BC

Post by microthick »

Pyrite wrote:

Code: Select all

//check for username already in database
      if (mysql_num_rows($result) == "0" || mysql_num_rows($result) > 1) {
        //encrypt password
      $password = $_POST['password'];
      $encpassword = md5($password);
Shouldn't $_POST['password'] be password1 ?
Pyrite is right in pointing out this error.

You might be inserting the hash of an empty string dude.
User avatar
DuFF
Forum Contributor
Posts: 495
Joined: Tue Jun 24, 2003 7:49 pm
Location: USA

Post by DuFF »

microthick wrote: Is your varchar field actually inserting the whole hashed password? it's quite long.
This is definitely possible, I did this the first time I used MD5. Make sure that the password category in your db is either a varchar or text field and it must be 32 characters long! All MD5 hashes are 32 characters. If the 2 hashes you are seeing are different lengths then I'm pretty sure this is the problem.
User avatar
partiallynothing
Forum Commoner
Posts: 61
Joined: Fri Nov 21, 2003 5:02 pm
Location: connecticut, usa

Post by partiallynothing »

Thanks a lot! I had the $_POST variable labeled wrong!
Post Reply