[SOLVED] md5 Hashing
Posted: Sat Dec 06, 2003 7:14 pm
I am trying to add md5 hashing to my website login and registration. I can't get it to log in correctly.
register.inc.php
login.inc.php
I get two different hashes with the same password, what am I doing wrong?! Thanks!
register.inc.php
Code: Select all
<?php
//include files
include('db/db.inc.php');
//date
$currentdate = date("Y-m-d");
//check for post submission
if (isSet($_POST['submit'])) {
//check that both fields have something in them
if (empty($_POST['username']) || empty($_POST['password1']) || empty($_POST['password2']) || empty($_POST['firstname']) || empty($_POST['lastname']) || empty($_POST['email'])) {
echo "<head><meta http-equiv=refresh content="2;
URL=register.php"></head><b>You did not fill in all fields!</b><BR>Please wait. You will be redirected in two seconds.";
exit;
}
if (($_POST['password1']) != ($_POST['password2'])) {
echo "<head><meta http-equiv=refresh content="2;
URL=register.php"></head><b>Your passwords do not match!</b><BR>Please wait. You will be redirected in two seconds.";
exit;
}
//mysql query
$query = "SELECT * FROM users WHERE username ='{$_POST['username']}'";
$result = mysql_query($query) or die(mysql_error());
//check for username already in database
if (mysql_num_rows($result) == "0" || mysql_num_rows($result) > 1) {
//encrypt password
$password = $_POST['password'];
$encpassword = md5($password);
//submit information
$query = "INSERT INTO users VALUES ('', '{$_POST['username']}', '$encpassword', '{$_POST['firstname']}', '{$_POST['lastname']}', '{$_POST['email']}', '00-00-0000', '$currentdate', '1', '1', '2', '1', '3')";
$result = mysql_query($query) or die(mysql_error());
//display confirmation and redirect
echo "<head><meta http-equiv=refresh content="2;
URL=index.php"></head><b>Registration Successful!</b><BR>Please wait. You will be redirected in two seconds.";
} else {
echo "<head><meta http-equiv=refresh content="2;
URL=register.php"></head><b>Username Already Taken!</b><BR>Please wait. You will be redirected in two seconds.";
exit;
}
} else {
//print login forum
echo <<< FORM
<div align="center">All fields required.</div>
<style type="text/css"> .style9 {font-family: Verdana; font-size: 10px; color: #333333; } </style>
<form action="{$_SERVER['PHP_SELF']}" method="post">
<table align="center" border="0" cellspacing="0" cellpadding="3">
<tr>
<td><span class="style9">Desired Username:</span></td>
<td><input type="text" name="username" maxlength="40"></td>
</tr>
<tr>
<td><span class="style9">Password:</span></td>
<td><input type="password" name="password1" maxlength="40"></td>
</tr>
<tr>
<td><span class="style9">Confirm Password:</span></td>
<td><input type="password" name="password2" maxlength="40"></td>
</tr>
<tr>
<td><span class="style9">First Name:</span></td>
<td><input type="test" name="firstname" maxlength="50"></td>
</tr>
<tr>
<td><span class="style9">Last Name:</span></td>
<td><input type="test" name="lastname" maxlength="50"></td>
</tr>
<tr>
<td><span class="style9">E-mail Address:</span></td>
<td><input type="test" name="email" maxlength="50"></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" name="submit" value="Register">
<input type="hidden" name="submit" value="submitted" /></td>
</tr>
</table>
</form>
FORM;
}
?>Code: Select all
<?php
//include files
include('db/db.inc.php');
//currentdate
$currentdate = date("Y-m-d");
//check for post submission
if(isSet($_POST['submit'])) {
//check that both fields have something in them
if(empty($_POST['username']) || empty($_POST['password'])) {
echo "<head><meta http-equiv=refresh content="2;
URL=index.php"></head><b>Login Invalid</b><BR>Please wait. You will be redirected in two seconds.";
exit;
}
//encrypt pass
$password = $_POST['password'];
$encpassword = md5($password);
//mysql query
$query = "SELECT * FROM users WHERE username ='{$_POST['username']}' AND password = '$encpassword'";
$result = mysql_query($query) or die(mysql_error());
//check for results
if(mysql_num_rows($result) == "0" || mysql_num_rows($result) > 1) {
echo "<head><meta http-equiv=refresh content="2;
URL=index.php"></head><b>Login Invalid</b><BR>Please wait. You will be redirected in two seconds.";
//define session variables
} else {
$row = mysql_fetch_array($result);
$_SESSION['auth'] = "1";
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
$_SESSION['firstname'] = $row['firstname'];
$_SESSION['lastname'] = $row['lastname'];
$_SESSION['email'] = $row['email'];
$_SESSION['dateofbirth'] = $row['dateofbirth'];
$_SESSION['datecreated'] = $row['datecreated'];
$_SESSION['userlevel'] = $row['userlevel'];
$_SESSION['pref_backcolor'] = $row['pref_backcolor'];
$_SESSION['pref_top'] = $row['pref_top'];
$_SESSION['pref_middle'] = $row['pref_middle'];
$_SESSION['pref_bottom'] = $row['pref_bottom'];
echo "<head><meta http-equiv=refresh content="2;
URL=index1.php"></head><b>Login Successful!</b><BR>Please wait. You will be redirected in two seconds.";
}
} else {
//print login forum
echo <<< FORM
<style type="text/css">
<!--
.style9 {font-family: Verdana; font-size: 10px; color: #333333; }
-->
</style>
<form action="{$_SERVER['PHP_SELF']}" method="post">
<table align="center" border="0" cellspacing="0" cellpadding="3">
<tr>
<td><span class="style9">Username:</span></td>
<td><input type="text" name="username" maxlength="40"></td>
</tr>
<tr>
<td><span class="style9">Password:</span></td>
<td><input type="password" name="password" maxlength="50"></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" name="submit" value="Signin">
<input type="hidden" name="submit" value="submitted" /></td>
</tr>
</table>
</form>
<div align="center">Not a member? <a href="register.php">Register</a>.</div>
FORM;
}
?>