[Resolved] Problem inserting encrypted password into database

Drebin

Hi, I made a login/pass system using sessions and it works fine if I add the username/password myself through PHPMyAdmin. However, i'm having problems with my Registration page. When i tested it out, the password did get inserted into the database but it was not encrypted and therefore when I tried to login with than username/password, it failed since it looks for pass=password('$password')

How do I code the INSERT portion on the registration page? This is how I have it setup now:


$query = "insert into auth values 
            ('0', '".$name."', '".$password."')"; 
  $result = mysql_query($query);

I tried putting password('$password) but that gave me an error.

This is how the signup portion is coded:

$query = "select * from auth 
            WHERE name='$userid' AND pass=password('$password')";
  $result = mysql_query($query, $connect);
  if (mysql_num_rows($result) >0 )
  {
   list($auth_ID,$name,$pass)=mysql_fetch_row($result);

// if they are in the database register the user id

  $_SESSION['valid_user']=$name;
$_SESSION['id']=$auth_ID;
  }

Can somene tell me how I would insert an encrypted password through a form?

Drebin

I'm beginning to think that it could be a problem with my settings.

I tried this:

$password = password($password)

and I got an error message

I can do
$password = md5($password)

without getting an error message but I can't login properly. Even when I manually add a password with MD5 encryption it won't work.

Is there an .ini file for MySQL? I can't find it anywhere and there are no settings for MD5 or passwords in php.ini

Drebin

If it's hard to tell what I am doing wrong from the code I posted, can someone please post code showing how to insert an encrypted password into a database?

azunoman

when you md5 your password, the resulting field can be very large. Have you tried increasing the mysql field to something like varchar lenght of 60?

Drebin

No, i didn't think of that. Thanks for the tip, I'll try making the password field larger.

Drebin

I got it to work. I made the password field bigger and I also changed something else.

I changed this

$query = "select * from auth 
            WHERE name='$userid' AND pass=password('$password')";

to this

$query = "select * from auth 
            WHERE name='$userid' AND pass='$password' ";

I tried using MD5('$password') in the select query but that wouldn't work either so I just got rid of it alltogether and it now works.

Thanks for the help.

azunoman

You will want to keep the md5, else folks can see the password.

when they originally sign up...and just prior to writing out the password they have chosen:

$password = md5($password);

then of course, write it out with the other related data...

When they want to login:

take the password they have entered and:

$password = md5($password);
$query = "SELECT * FROM users WHERE name='$userid' AND password='$password'";

Drebin

When they want to login:

take the password they have entered and:
$password = md5($password);
$query = "SELECT * FROM users WHERE name='$userid' AND password='$password'"; [/B][/QUOTE] 
Yeah that's what I ended up doing. An example I saw had it setup differently and it was included in the SELECT query, but I couldn't get that to work for some reason.