Page 1 of 1

simple MD5 help

Posted: Tue Dec 09, 2008 5:25 am
by barrowvian
~pickle | Please use [ code=html ], [ code=php ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too.


Basically, Im using the following code for a simple project that I've been messing around with. It does what I need it to do in terms of allowing the user to register etc. Now I want to look at validatation and security.

Code: Select all

<div id="content"> 
<?php
 
// Check if he wants to register:
if (!empty($_POST[username]))
{
    // Check if passwords match.
    if ($_POST[password] != $_POST[password2])
            exit("Error - Passwords don't match. Please go back and try again.");
 
    require_once("connect.php");
 
    //$password = md5($password);
 
    // Register him.
    $query = mysql_query("INSERT INTO members 
    (username, firstname, lastname, password)
    VALUES  ('$_POST[username]','$_POST[firstname]','$_POST[lastname]','$_POST[password]')")
 
    or die ("Error - Couldn't register user.");
    
    echo "Congratulations $_POST[username]! You've successfully registered!<br /><br />
        Please continue to the <a href='login.php'><b>login</b></a> page in order to access all of the wonderful members features.";
    exit();
}
 
?>
        <form action="register.php" method="post">
            <table width="75%" border="0" align="center" cellpadding="3" cellspacing="1">
                <tr>
                    <td width="100%"><label>Desired Username: <input type="text" name="username" size="25" value=""></label></td>
                </tr>
                <tr>
                    <td width="100%"><label>First Name: <input type="text" name="firstname" size="25" value=""></label></td>
                </tr>
                <tr>
                    <td width="100%"><label>Last Name: <input type="text" name="lastname" size="25" value=""></label></td>
                </tr>
                <tr>
                    <td width="100%"><label>Password: <input type="password" name= "password" size="25" value=""></label></td>
                </tr>
                <tr>
                    <td width="100%"><label>Verify Password: <input type="password" name="password2" size="25" value=""></label></td>
                </tr>
                <tr>
                    <td width="100%"><input type="submit" value="Register"></td>
                </tr>
            </table>
        </form>
</div>
What I need to do is use the MD5 function to encrypt the database passwords. It's probably quite simple but Ive tried a couple of methods and havent managed to get it working yet. Any help is greatly appreciated. Thanks


~pickle | Please use [ code=html ], [ code=php ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too.

Re: simple MD5 help

Posted: Tue Dec 09, 2008 6:00 am
by papa
VALUES ( '$_POST[username]', '$_POST[firstname]', '$_POST[lastname]', '$password')

Make sure the table column for password has enough space for the encryption.

Re: simple MD5 help

Posted: Wed Dec 10, 2008 5:51 am
by barrowvian
Pickle - Sorry, I'll sort it out next time.

Papa - I've implemented your suggestion, yes it works in terms of that it encrypts the password within the database and still allows the user to register, however, it will not let me login with the newly created account.

Any suggestions?

Re: simple MD5 help

Posted: Wed Dec 10, 2008 6:07 am
by papa
As simple misstake I did was to make my password column too short, like varchar(25).

Do you match the password registered in the database with md5($user_input) ?

Re: simple MD5 help

Posted: Wed Dec 10, 2008 6:45 am
by barrowvian
this is what i insert from the register page;

Code: Select all

 <?php
    $password = md5($_POST[password]); 
 
    // Register him.
    $query = mysql_query("INSERT INTO members 
    (username, firstname, lastname, password)
    VALUES  ('$_POST[username]','$_POST[firstname]','$_POST[lastname]','$password')")
 
    or die ("Error - Couldn't register user."); ?>
 
and this is the query that i run in the login page;

Code: Select all

    
<?php $query = mysql_query("SELECT * FROM members
                            WHERE username = '$_POST[username]'
                            AND password = '$_POST[password]'")
or header("location: http://localhost/dbmodule/login.php"); ?>
 
Im assuming that I'll need to change the password = ' ' part on the login, but what would I need to change that too?

Thanks

Re: simple MD5 help

Posted: Wed Dec 10, 2008 7:00 am
by papa

Code: Select all

 
("SELECT * FROM members
               WHERE username = '".$_POST['username']."'
                        AND password = '".md5($_POST['password'])."'")
 
Might work.

Re: simple MD5 help

Posted: Wed Dec 10, 2008 7:34 am
by barrowvian
Works perfectly. Thanks Papa you've been a huge help I really appreciate it! :D

Re: simple MD5 help

Posted: Wed Dec 10, 2008 7:55 am
by papa
Glad to help!