md5 encryption

novice_php

hi evryone, im new to this php stuff, and have come across a problem. my encryption is working when registering and login in, but they are not matching up. ive shown below the queries. please help

	$name = $_POST['name'];
	$password = md5($_POST['password']);


$query = "select count(*) from user where username = '$name' and password = '$password'";

this is the query output

select count(*) from user where username = 'username' and password = '5f4dcc3b5aa765d61d8327deb882cf99' invalid login, try again

$query = "INSERT INTO user SET " . 
"username='" . $_POST['username'] . "', " . 
"first_name='" . $_POST['first_name'] . "', " . 
"last_name='" . $_POST['last_name'] . "', " . 
"password='" .md5($_POST['password']) . "', " . 
"address1='" . $_POST['address1'] . "', " . 
"address2='" . $_POST['address2'] . "', " . 
"city='" . $_POST['city'] . "', " . 
"postcode='" . $_POST['postcode'] . "'";

this is the output

select count(*) from user where username = 'username' and password = '5f4dcc3b5aa765d61d8327deb882cf99'invalid login, try again

but this is wat is stored in the db
5f4dcc3b5aa765d61d8327deb882cf

the 99 is missing from the end

scrupul0us

$query = "select * from user where username = '$name' and password = '$password'";

no need for count

make sure the password field in the db s set to 32 in length... md5 is a 32bit long hash

laserlight

scrupul0us is right, you probably need a CHAR(32) field for the password.

no need for count

Leave the count as it is. There is no need to select all, unless you want to retrieve additional information for the user.

md5 is a 32bit long hash

MD5 hashes are 128-bit hashes. As hexadecimal strings they becomes 32 characters long.

novice_php

thank you, it was the way the db was set up, it had 30 instead of 32. once again thanks

scrupul0us

laserlight wrote:
MD5 hashes are 128-bit hashes. As hexadecimal strings they becomes 32 characters long.

Hex-hash-bit... you know what I meant tho! 😃

glad ur code is working novice_php... I had the same problem two php programs ago... i was like D0H! when I figured it out

Liquid_Penguin

I am having trouble posting the encrypted password into the database. I am also new to php and using dreamweaver for it until I get thru a book I am reading. The password is encrypting ok but it won't write to the database. I have done searches and nothing shows me how with dreamweaver to correct this. Obviously dreamweaver is a bad choice but I have no other option. Any help and explanations would be appreciated.

My code is as follows

<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    

    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
$password = md5 ($_POST['password']);
$sql = "insert into users values('$password')";
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "registration_FRM")) 
{
  $insertSQL = sprintf("INSERT INTO users (user_Name, '$password', first_Name, last_Name, zipcode, country, birth_Month, birth_Day, birth_Year, gender, email_Address) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['user_Name'], "text"),
                       GetSQLValueString($_POST['password'], "text"),
                       GetSQLValueString($_POST['first_Name'], "text"),
                       GetSQLValueString($_POST['last_Name'], "text"),
                       GetSQLValueString($_POST['zipcode'], "int"),
                       GetSQLValueString($_POST['country'], "text"),
                       GetSQLValueString($_POST['birth_Month'], "text"),
                       GetSQLValueString($_POST['birth_Day'], "int"),
                       GetSQLValueString($_POST['birth_Year'], "int"),
                       GetSQLValueString($_POST['gender'], "text"),
                       GetSQLValueString($_POST['email_Address'], "text"));


  mysql_select_db($database_test $test);
  $Result1 = mysql_query($insertSQL, $test) or die(mysql_error());

  $insertGoTo = "registration_success.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
}

I placed the variable here

$insertSQL = sprintf("INSERT INTO users (user_Name, '$password', first_Name, last_Name, zipcode, country, birth_Month, birth_Day, birth_Year, gender, email_Address) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",

and am getting the following error message:

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ''912ec803b2ce49e4a541068d495ab570', first_Name, last_Name, zipc

If I place the variable here

$insertSQL = sprintf("INSERT INTO users (user_Name, password, first_Name, last_Name, zipcode, country, birth_Month, birth_Day, birth_Year, gender, email_Address) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['user_Name'], "text"),
                       GetSQLValueString($_POST['$password'], "text"),
                       GetSQLValueString($_POST['first_Name'], "text"),
                       GetSQLValueString($_POST['last_Name'], "text"),
                       GetSQLValueString($_POST['zipcode'], "int"),
                       GetSQLValueString($_POST['country'], "text"),
                       GetSQLValueString($_POST['birth_Month'], "text"),
                       GetSQLValueString($_POST['birth_Day'], "int"),
                       GetSQLValueString($_POST['birth_Year'], "int"),
                       GetSQLValueString($_POST['gender'], "text"),
                       GetSQLValueString($_POST['email_Address'], "text"));

I get the following error message:

Column 'password' cannot be null

laserlight

Replace the $_POST['$password'] with $password.

Liquid_Penguin

Thank you, That did it. I changed this one

GetSQLValueString($_POST['$password'], "text"),

GetSQLValueString($password, "text"),

But with the addition of the encrypting it isn't going to the success page now. I get the form again with a ? at the end of the same page.

Liquid_Penguin

With all the changing of the code something must of been missing. I redid the insert record wiz and it is working now.

Thanks