Page 1 of 1

md5()'d values not matching

Posted: Mon Mar 14, 2005 5:05 am
by s.dot
I have a join page which inserts the value of a chosen md5'd password into a database

then my login script md5s the given password and checks to see if it matches the value in the database

however my values are not matching, can someone tell me why?

Here is my join code which inserts the value into the database

Code: Select all

$password = mysql_real_escape_string(strip_tags($_POST['password']));
$password3 = md5($password);
$sql4 = "INSERT INTO users (username, password, email, acode, timesignedup, activated) VALUES('$lowerusername', '$password3', '$email', '$acode', '$timesignedup', 'n')";
And here is my validation code that checks to see if a given password is equal to the database password

Code: Select all

$uname = strtolower(mysql_real_escape_string(strip_tags($_POST['username'])));
$password = md5(mysql_real_escape_string(strip_tags($_POST['password'])));
$query = "SELECT * FROM users WHERE username = '$uname' AND password = '$password'";
The value of my database password is "df53ca268240ca76670c8566e" but when I echo the value of $password in the validation code I get the value of "df53ca268240ca76670c8566ee54568a"

These two values are almost identical with the exception that e54568a is appended to the md5()'d password posted from the login form. This makes me think that an additional character or two is inserted into the validation script when executing.

Posted: Mon Mar 14, 2005 5:20 am
by JayBird
the first md5 hash isn't actually an MD5 hash becuase all hashes are 32 characters. The second one is correct.

What i thinik is happening is that you are inserting the md5 password into a field that is only allowing 25 characters and not 32.

Check your table structure

Correct.

Posted: Mon Mar 14, 2005 5:59 am
by s.dot
You're absolutely correct. That's the first time I've dealt with a table structure issue.

I probably would've went nuts looking for an error in the code.

Thanks a bunch.