Hi, I have been coding a sign-up script for a site that I am creating. Can you tell me how I should go about turning the password into an md5' hash.

<? 


$check = "select id from $table where username = '".$_POST['username']."';"; 
$qry = mysql_query($check) or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry); 
if ($num_rows != 0) { 
echo "Sorry, there the username $username is already taken.<br>";
echo "<a href=/?register>Try again</a>";
exit; 
} else {

// insert the data
$insert = mysql_query("insert into $table values ('NULL', '".$_POST['username']."','".$_POST['email']."','".$_POST['fullname']."','".$_POST['day']."','".$_POST['month']."','".$_POST['year']."','".$_POST['gender']."','".$_POST['country']."' ")
or die("Could not insert data because ".mysql_error());

// print a success message
echo "Your user account has been created!<br>"; 
echo "Now you can <a href=/?login>log in</a>"; 
}

?>

Connecting to mysql etc. is all done above using functions in functions.php, hope you lot here can help.

Regards,
-Chris

you can turn the password into an md5 hash by doing
$newpassword = md5($_POST['password']);

http://www.php.net/md5

drew010:

Thank you. So I can then just insert $newpassword into the database?

Also, do deal with the logging in section. When the user types into the password box their normal password, shall I use the same process to check it?

Regards,
-Chris

yes, just store $newpassword in the database, and when they submit the pw again to log in, you can do something like:

$sql = "SELECT password FROM $table WHERE username = '{$_POST['username']}'";
$res = mysql_query($sql);

if (!mysql_num_rows($res)) {
  echo "Invalid username.";
} else {
  $data = mysql_fetch_array($res);
  if (md5($_POST['password']) != $data['password']) {
    echo "Invalid username/password.";
  } else {
    //initiate session
  }
}

Thanks.

can you see the problem in:

$insert = mysql_query("INSERT INTO `users` ( `id` , `username` , `password` , `day` , `month` , `year` , `sex` , `country` , `name` , `website` , `email` , `clan` , `config` , `game` , `bio` , `manufacturer` , `os` , `cpu` , `memory` , `hd` , `gcard` , `scard` , `headphones` , `monitor` , `mousepad` , `mouse` , `keyboard` ) '
        . ' VALUES ( \'\', \'$_POST['username']\', \'$newpassword\', \'$_POST['day']\', \'$_POST['month']\', \'$_POST['year']\', \'$_POST['sex']\', \'$_POST['country']\', \'$_POST['name']\', \'\', \'$_POST['email']\', \'\', \'\', \'\', \'\', \'\', \'\', \'\', \'\', \'\', \'\', \'\', \'\', \'\', \'\', \'\', \'\' );'
        . ' "; ) or die("Could not insert data because ".mysql_error());

I get the error :

Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/bo0/acsd/create.php on line 21

I messed around with it and change it to:

$insert = mysql_query("INSERT INTO $table ( `id` , `username` , `password` , `day` , `month` , `year` , `sex` , `country` , `name` , `website` , `email` , `clan` , `config` , `game` , `bio` , `manufacturer` , `os` , `cpu` , `memory` , `hd` , `gcard` , `scard` , `headphones` , `monitor` , `mousepad` , `mouse` , `keyboard` ) VALUES ( \'\', '.$_POST["username"].', '.$newpassword.', '.$_POST["day"].', '.$_POST["month"].', '.$_POST["year"].', '.$_POST["sex"].', .'$_POST["country"].', .'$_POST["name"].', \'\', .'$_POST["email"].', \'\', \'\', \'\', \'\', \'\', \'\', \'\', \'\', \'\', \'\', \'\', \'\', \'\', \'\', \'\', \'\' ) "); or die("Could not insert data because ".mysql_error());

Now I get:

Parse error: parse error, unexpected '\"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/bo0/a/b/c/make.php on line 20