MD5, I give up

Numskull

I simply cant get the md5 encryption to work. It is easy enough to get an encrypted password typed into a form into the mySQL database. But to validate a user md5´ed password when the user tries to log in, is completely beyond me. I need some help with this. Here is my base code, what do I need to type in, in order to get it to work?

<?php
include "sqlfunctions.php";
if(isset($POST['submit']));
if($POST['adminuser']=='' OR $POST['adminpswd']==''){
errorlogin();
}else{
$adminuser=($POST['adminuser']);
$adminpswd=($_POST['adminpswd']);

dbconnect();
$sql = "SELECT * FROM adminlogin WHERE adminuser ='$adminuser' AND adminpswd ='$adminpswd'";

mysql_close();
}

ShiggyWiggy

You need to also MD5 the password they enter to check it with the string in your database, also make sure that the field for the password in your database is of size 32 or else it wont hold the full MD5 created string.

Try

dbconnect();
$sql = "SELECT * FROM adminlogin WHERE adminuser ='$adminuser' AND adminpswd ='$adminpswd2'";

mysql_close();
}

Installer

You should also not think of md5 as encryption, since it isn't. The way to use it is to compare the md5 hash of the entered password with the md5 hash stored in the db, as ShiggyWiggy demonstrates.

Numskull

Thanks both of you and merry Christmas.

Roger_Ramjet

You can also use the following mysql query form

$sql = "SELECT * FROM user WHERE
        userid = '$uid' AND password = MD5('$pwd')";

Use it when you first store the password and also when you retrieve it for comparison.