md5()'d values not matching

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

md5()'d values not matching

Post by s.dot »

I have a join page which inserts the value of a chosen md5'd password into a database

then my login script md5s the given password and checks to see if it matches the value in the database

however my values are not matching, can someone tell me why?

Here is my join code which inserts the value into the database

Code: Select all

$password = mysql_real_escape_string(strip_tags($_POST['password']));
$password3 = md5($password);
$sql4 = "INSERT INTO users (username, password, email, acode, timesignedup, activated) VALUES('$lowerusername', '$password3', '$email', '$acode', '$timesignedup', 'n')";
And here is my validation code that checks to see if a given password is equal to the database password

Code: Select all

$uname = strtolower(mysql_real_escape_string(strip_tags($_POST['username'])));
$password = md5(mysql_real_escape_string(strip_tags($_POST['password'])));
$query = "SELECT * FROM users WHERE username = '$uname' AND password = '$password'";
The value of my database password is "df53ca268240ca76670c8566e" but when I echo the value of $password in the validation code I get the value of "df53ca268240ca76670c8566ee54568a"

These two values are almost identical with the exception that e54568a is appended to the md5()'d password posted from the login form. This makes me think that an additional character or two is inserted into the validation script when executing.
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

the first md5 hash isn't actually an MD5 hash becuase all hashes are 32 characters. The second one is correct.

What i thinik is happening is that you are inserting the md5 password into a field that is only allowing 25 characters and not 32.

Check your table structure
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Correct.

Post by s.dot »

You're absolutely correct. That's the first time I've dealt with a table structure issue.

I probably would've went nuts looking for an error in the code.

Thanks a bunch.
Post Reply