ok, so i have a login program that I would like to use md5 encryption for more security, however, I have tried implementing it and when I use md5 to encrypt a password when i add a user it encrypts it one way (looks like this 83cbb8d742f5) but when i use md5 with the login form to test the password the user entered it encrypts the exact same text differently (looks like this c059df4171a96cf96f5364dcb8dde0f3)
i dont know why its encrypting it differently!
heres the code i use:
// function that adds user to database
function adduser($userid, $name, $pass)
{
$md5pass=md5('$pass');
$query = "INSERT INTO users (login, fname, pword) VALUES ('$userid','$name','$md5pass')";
$result=mysql_query($query);
if(isset($result))
return true;
else
return false;
}
// function to display login
function displogin()
{
echo "<form method='POST' action='login.php'>";
echo "<p>";
echo "Login: <input type='text' name='username' size='13' value='$log'><br>";
echo "Password: <input type='password' name='password' size='11'><br>";
echo "<input type='submit' value='Submit' name='B1'><input type='reset' value='Reset' name='B2'></p>";
echo "</form>";
}
// the function that tests the entered password
function login($user,$pass)
{
$query="SELECT * FROM users WHERE login = '$user' AND pword='$pass'";
$result=mysql_query($query);
if(!$result)
return false;
if(mysql_num_rows($result)>0)
return true;
else
return false;
}
// code on login page to call login() and test password entered
$username = $HTTP_POST_VARS['username'];
$passwd = $HTTP_POST_VARS['password'];
if($username && $passwd)
{
$passwd = md5('$passwd');
if(login($username, $passwd))
{
$HTTP_SESSION_VARS['user'] = $username;
$HTTP_SESSION_VARS['password'] = $passwd;
}
else
{
echo "Error logging in";
displogin();
exit;
}
}
also, i know the code works because it worked fine before i tried using password encryption, so its something with that pesky md5!
:p
all help is greatly appreciated!
