Page 1 of 1

md5 checking passwords

Posted: Fri May 23, 2003 4:14 am
by gasoga
Hi

I want to be able to check the password the user submits to their corresponding one in the data base and i am using the following code:

Code: Select all

<?php
$db = mysql_connect($dbhost, $dbuser, $dbpass); 
	mysql_select_db($dbname,$db) or die (mysql_error); 


	$Q01 = "SELECT  Password
			FROM $dbtable 
			WHERE UserName='$UserName'";
	$R01 =  mysql_query($Q01) or die("Bad Q01:".mysql_error()); 
	$info = mysql_fetch_array($R01);
	if(md5($Password) != $info[Password])
		{
		echo( "Your Password is Incorect");
		ViewHeader($SmartID);
		//header("Location: home.php");
		ViewFooter();
		exit;
		}



?>
For some reason when i submit my password it encrypts it again but the encryption is dofferent from the one in the data base! Any ideas why this is happeneing??

Posted: Fri May 23, 2003 5:21 am
by volka
which version of php do you use?
is register_globals enabled?
how did you put the password into the table?

Posted: Fri May 23, 2003 5:29 am
by tr3s
how is $password differ from $info['password']? if it's just the stored password lacks some characters from the original password, then maybe the encrypted password exceeds the maximum number of characters your password field allows. check it...

and of course, make sure your field type is able to store string formats (e.g. varchar)

this is just a hint...

good luck!

Posted: Fri May 23, 2003 9:00 am
by Jim
I'm almost certain I know what your problem is.

Ensure that the field holding your passwords in MySQL is set at varchar(32).

I'm guessing the password field you have is set to something like varchar(20) or somesuch...

But you have to remember that md5() is 32-bit encryption, which means that the text you enter turns in to a 32-letter/digit string.

If you don't have enough space for the password in your database, you won't be able to match passwords and your script won't run.