User Registration form & login page w/ md5 password hash

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
redzonne
Forum Newbie
Posts: 8
Joined: Sun Mar 06, 2005 12:27 pm
Location: Los Angeles

User Registration form & login page w/ md5 password hash

Post by redzonne »

On a user registration form, I am able store the user login and md5(password) on my mysql db. I am running into a problem of putting a script together correctly that would validate the database login and md5-ed password.

Registration page (http://www.realestatenetfind.com/agents ... _code.phps)

Login page (http://www.realestatenetfind.com/sellhome_code.phps)

Any suggestions? :cry:
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

from a quick look.. the login page looks okay, other than SQL injection potentials.. What's the specific problem?
User avatar
redzonne
Forum Newbie
Posts: 8
Joined: Sun Mar 06, 2005 12:27 pm
Location: Los Angeles

Post by redzonne »

The problem was that with MD5 encryption the correct login and password entered was not being accepted/validated...

But, nevermind - I figured it out. The problem was in my table setting in the Mysql database. The passwords column was set VARCHAR (30) and md5 encryptions assigns encryption string 30 +.

The password encryption was saving a depricated version that ofcourse would never match the full version presented by the login script, so I just increased the VARCHAR to 50 and now the login page validation works.

Thanks lots....
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

MD5 uses 32 characters in hex-hash form.
Post Reply