php/mysql md5 help

boske

I am trying to create a simple login using md5, I have read a bunch of tutorials/discussion boards, but I can't get this to work...

let me know what you guys think..

//connect to mysql
$dbh=mysql_connect ("localhost", "*****", "*****") or die ('I cannot connect to the database because: ' . mysql_error());

mysql_select_db("dcontrol_project"); 

if($action == "login"){

$password = md5($_POST['password']);

$sql = "SELECT * FROM client_users WHERE  password='$password' AND username='$username'";
$result = mysql_query($sql);
$r=mysql_fetch_array($result);
$num_rows = mysql_num_rows($result);
echo $num_rows;

}else{
?>

<form method="POST" action="login.php">
	<p>Username:<input type="text" name="username" size="20"></p>
	<p>Password:<input type="password" name="password" size="20"></p>
	<input type="hidden" name="action" value="login">
	<p><input type="submit" value="Submit" name="submit"><input type="reset" value="Reset" name="B2"></p>
</form>
<? } 
?>

paulnaj

Hi,

You're sometimes using $POST and sometimes not. Try ...

<?php
if($_POST['action'] == "login"){ 

$password = md5($_POST['password']); 

$sql = "SELECT * FROM client_users WHERE  password='".$password."' AND username='".$_POST['username']."'"; 
$result = mysql_query($sql); 
$r=mysql_fetch_array($result); 
$num_rows = mysql_num_rows($result); 
echo $num_rows; 

}else{ 
?>

Paul 🙂

boske

still nothing. If i go into my database, and change the md5, to text, it will work fine...

paulnaj

Hi again,

Let me get this straight.

You are storing encrypted passwords in the db. So, for example, if you ran the query...

SELECT password FROM client_users

... you'd get a list of encrypted passwords looking like ...

xxrtdgeiygns (whatever)

... and not plain text ...

mypassword
1234567

If all that's the case, then how did you create (INSERT) the encrypted passwords in the first place?

Paul.

boske

Well, at first I inserted it manually from the phpmyadmin, and select the md5. Realizing that didn't work, and from reading other sources, I created an insert query, also using the md5.

$password = md5("test2");
$query = "INSERT INTO client_users (id, username, password) VALUES(NULL, 'test2', '$password')";
mysql_query($query) or die(mysql_error());
mysql_close();

trying to get that to work aswell...unsuccessful

Maybe I am doing something wrong, i dunno its basic login with md5 encryption, so someone can't go in the database and find out everyones password. Maybe I am goign about this the wrong way...

Thanks for the help in advance..

Steve

paulnaj

Hi Steve,

Try that query ...

SELECT password FROM client_users

... and see what you get ... encrypted or plain text?

Also, what type (varchar, int ...) and size field are you using for the password field?

Paul

boske

varchar...

jeez I still can't get this thing to work

I followed htis guys tutorial to work to..

Looks like hes got it oging

http://www.swish-db.com/tutorials/view.php/tid/601

boske

well, you woudln't beleive it...(well i don't)

my varchar was set to 20, and the md5 hash was longer than 20, so it was cutting it off. I just made it longer and it works. Thanks for you help man.