md5 checking passwords

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
gasoga
Forum Commoner
Posts: 36
Joined: Thu Apr 17, 2003 4:15 am
Location: Ireland

md5 checking passwords

Post by gasoga »

Hi

I want to be able to check the password the user submits to their corresponding one in the data base and i am using the following code:

Code: Select all

<?php
$db = mysql_connect($dbhost, $dbuser, $dbpass); 
	mysql_select_db($dbname,$db) or die (mysql_error); 


	$Q01 = "SELECT  Password
			FROM $dbtable 
			WHERE UserName='$UserName'";
	$R01 =  mysql_query($Q01) or die("Bad Q01:".mysql_error()); 
	$info = mysql_fetch_array($R01);
	if(md5($Password) != $info[Password])
		{
		echo( "Your Password is Incorect");
		ViewHeader($SmartID);
		//header("Location: home.php");
		ViewFooter();
		exit;
		}



?>
For some reason when i submit my password it encrypts it again but the encryption is dofferent from the one in the data base! Any ideas why this is happeneing??
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

which version of php do you use?
is register_globals enabled?
how did you put the password into the table?
tr3s
Forum Newbie
Posts: 17
Joined: Mon May 19, 2003 10:29 am
Location: Philippines
Contact:

Post by tr3s »

how is $password differ from $info['password']? if it's just the stored password lacks some characters from the original password, then maybe the encrypted password exceeds the maximum number of characters your password field allows. check it...

and of course, make sure your field type is able to store string formats (e.g. varchar)

this is just a hint...

good luck!
Jim
Forum Contributor
Posts: 238
Joined: Fri Apr 19, 2002 5:26 am
Location: Near Austin, Texas

Post by Jim »

I'm almost certain I know what your problem is.

Ensure that the field holding your passwords in MySQL is set at varchar(32).

I'm guessing the password field you have is set to something like varchar(20) or somesuch...

But you have to remember that md5() is 32-bit encryption, which means that the text you enter turns in to a 32-letter/digit string.

If you don't have enough space for the password in your database, you won't be able to match passwords and your script won't run.
Post Reply