I have created an SQL database containing a list of Username's and password's and have hashed these passwords using md5. The problem i am now having is that when i take an entered password and try to compare it to the one in the database for a match the result comes back incorrect. without the hashing it works fine.
The code I am using to compare the passwords is as follows:
$passwordhash = md5($_POST['fpassword']);
$sql = "SELECT loginName FROM Member WHERE loginName='$_POST[fusername]' AND password='$passwordhash'";
Comparing Hashed Passwords
Moderator: General Moderators
Re: Comparing Hashed Passwords
Check if MD5 hash is the same when you submit form as the one in DB. If it is, do the same for SQL query, echo it and check that the output of SQL echo has what it should have.
And btw, at least do mysql_real_escape_string($_POST[fusername]). Cause right now you are sql-injection ready
NEVER trust the input that users add.
Code: Select all
$passwordhash = md5($_POST['fpassword']);
echo $passwordhash; // <--- this should match the entry in table
-
Grahamhart
- Forum Commoner
- Posts: 27
- Joined: Wed Jun 11, 2008 6:05 am
Re: Comparing Hashed Passwords
Thanks I will try this, i will be adding anti injection to this later, i like to get one thing working at a time 
-
Grahamhart
- Forum Commoner
- Posts: 27
- Joined: Wed Jun 11, 2008 6:05 am
Re: Comparing Hashed Passwords
Ah seems you were right after returning it just turns out the table was setup wrong and needed a bigger VAR.
Thanks,
Thanks,