Comparing Hashed Passwords

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Grahamhart
Forum Commoner
Posts: 27
Joined: Wed Jun 11, 2008 6:05 am

Comparing Hashed Passwords

Post by Grahamhart »

I have created an SQL database containing a list of Username's and password's and have hashed these passwords using md5. The problem i am now having is that when i take an entered password and try to compare it to the one in the database for a match the result comes back incorrect. without the hashing it works fine.

The code I am using to compare the passwords is as follows:

$passwordhash = md5($_POST['fpassword']);
$sql = "SELECT loginName FROM Member WHERE loginName='$_POST[fusername]' AND password='$passwordhash'";
Geteburg
Forum Commoner
Posts: 25
Joined: Tue Aug 12, 2008 1:57 pm

Re: Comparing Hashed Passwords

Post by Geteburg »

Check if MD5 hash is the same when you submit form as the one in DB. If it is, do the same for SQL query, echo it and check that the output of SQL echo has what it should have.

Code: Select all

 
$passwordhash = md5($_POST['fpassword']);
echo $passwordhash; // <--- this should match the entry in table
 
And btw, at least do mysql_real_escape_string($_POST[fusername]). Cause right now you are sql-injection ready :) NEVER trust the input that users add.
Grahamhart
Forum Commoner
Posts: 27
Joined: Wed Jun 11, 2008 6:05 am

Re: Comparing Hashed Passwords

Post by Grahamhart »

Thanks I will try this, i will be adding anti injection to this later, i like to get one thing working at a time :)
Grahamhart
Forum Commoner
Posts: 27
Joined: Wed Jun 11, 2008 6:05 am

Re: Comparing Hashed Passwords

Post by Grahamhart »

Ah seems you were right after returning it just turns out the table was setup wrong and needed a bigger VAR.

Thanks,
Post Reply