md5(md5($pass)) not working 8O
Posted: Fri Jan 27, 2006 3:46 pm
Okay,
For a login form I've made I have double encrypted the pass with md5, but it doesnt work when I login
This is the registartion script when the pass is inserted:
And this is the login page
It works fine if I dont encrypt the pass
Thanks, Tucker
For a login form I've made I have double encrypted the pass with md5, but it doesnt work when I login
This is the registartion script when the pass is inserted:
Code: Select all
<?php
session_start();
session_regenerate_id();
include('db.php');
if (isset($_POST['submit'])){
if (isset($_POST['email'])){
$email=trim($_POST['email']);
}else{
echo "-Please enter in your email!<br>";
}
if (isset($_POST['pass1'])){
$pass1=trim($_POST['pass1']);
$pass1=md5(md5($pass1));
}else{
echo "-Please enter in your desired password!<br>";
}
if (isset($_POST['pass2'])){
$pass2=trim($_POST['pass2']);
}else{
echo "-You must confirm your password above!<br>";
}
if ($pass1 !== $pass2){
echo "-Your Two Passwords do not match!<br>";
}
if (isset($_POST['real'])){
$real=trim($_POST['real']);
}else{
echo "-Please enter in your Real Name!<br>";
}
if (isset($_POST['addr'])){
$addr=trim($_POST['addr']);
}else{
echo "-Please enter in your address!<br>";
}
if (isset($_POST['country'])){
$country=trim($_POST['country']);
}else{
echo "-Please enter in your country of residence!<br>";
}
if (!isset($_POST['TOSY'])){
echo "-You did not agree to the Terms of Service!";
die();
}
if (isset($_POST['phone'])){
$phone=trim($_POST['phone']);
}else{
$phone="";
}
if (isset($_POST['state'])){
$state=trim($_POST['state']);
}else{
$state="";
}
if (isset($_POST['zip'])){
$zip=trim($_POST['zip']);
}else{
$zip="";
}
if ($email && $pass1 && $real && $addr && $country){
$sql="INSERT INTO users (id, email, password, datereg, phone, address, state, country, zip, userlvl, realname) VALUES ('','$email','$pass1',now(),'$phone','$addr','$state','$country','$zip','0','$real')";
$result=mysql_query($sql);
echo "<b>Thank You For Registering, you may now <a href='login.php'>login</a>";
}
}else{
echo "<form method='POST' action='$PHP_SELF'>
<i>* = Required Field,
If you win and the info below is inaccurate, you will not be awarded the money.</i><br>
<br>
<b>Email*:</b><input type='text' name='email'><br>
<b>Password*:</b><input type='text' name='pass1'><br>
<i>Confirm*:</i><input type='text' name='pass2'><br>
<br><b>Contact Info</b><br><br>
<b>Real Name:* (Last, First)</b><input type='text' name='real'><br>
<b>Phone:</b><input type='text' name='phone'><br>
<b>Address:*</b><input type='text' name='addr'><br>
<b>State:</b><input type='text' name='state'><br>
<b>ZIP Code:</b><input type='text' name='zip'><br>
<b>Country:*</b><input type='text' name='country'><br>
<br>
<textarea readonly>
1. The first person who guesses the number correct will win
2. I have the right to suspend accounts under suspicion of hacking / duplicate accounts.
3. You may NOT create more then one account for your self
4. If any details match another account holder, i will be informed and have the right to suspend accounts.
5. you must not try in anyway to beat the system to gain an unfair advantage of the other users.
</textarea><br>
<b>Do you Agree with the Terms of Service?*</b><br>
<i>Yes:</i><input type='radio' name='TOSY'><br>
<i>No:</i><input type='radio' name='TOSN'><br>
<input type='submit' name='submit' value='Submit'>
</form>";
}
?>Code: Select all
<?php
session_start();
session_regenerate_id();
require('db.php');
if (isset($_POST['login_submit'])){
if (!empty($_POST['email'])){
$email=trim($_POST['email']);
}else{
echo "-Please enter in your Email!<br><br>";
make_login();
}
if (isset($_POST['pass'])){
$pass=$_POST['pass'];
$pass=md5(md5($pass));
}else{
echo "-Please enter in your pass!<br><br>";
make_login();
}
if ($email && $pass){
$sql="SELECT * FROM users WHERE password=SHA('$pass') AND email='$email' LIMIT 1";
$result=mysql_query($sql);
if (mysql_num_rows($result) == '1'){
$row=mysql_fetch_array($result);
$_SESSION['id']=$row['id'];
$_SESSION['loggedin']="TRUE";
header("Location: game.php");
}else{
echo "-The email and password pair you provided are incorrect!<br><br>";
make_login();
}
}
}else{
make_login();
}
function make_login() {
echo "<form method='POST' action='$PHP_SELF'>
<b>Email:</b><input type='text' name='email'><br>
<b>Password:</b><input type='password' name='pass'><br>
<input type='submit' name='login_submit' value='Login'></form>";
echo "<br><br><a href='registar.php'>Register with Us!</a>";
}
?>Thanks, Tucker