Hi Still learning and along way to go here (roscor newbie)

I have used the MD5 method to securely insert passwords into my database, Now I am trying to check the users details and password. I cannot retrieve the info and my return is user is not known.

here is my code[/code]$user='username';
$password='password';
include("dbinfo.inc.php");
$conn = mysql_connect($host, $username, $password) or die(mysql_error());
mysql_select_db($database,$conn) or die(mysql_error());
$sql = "SELECT * from landlordlo where username='$user' and password=MD5('$password')";


Any advice would be very much appreciated,

    Try encrypting the variable before sending it to the database.

    ##Get Password From Log-In##
$password = md5($_POST['password']);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";

      Do you know you are using the same password to connect to your database as you are using to check the users credentials? I don't think that's what you meant to do...

        Thanks for the quick return,

        The database is still not returning any result, Ill keep trying

        Cheers roscor

          Hi i'm using $passw and not $password so there is no problems with the data base connection. I just forgot to ammend in my post !

          cheers

            I am confused(not very hard i must admit), I am just looking through other threads on MD5.

            Q1. is MD5 a one way string,

            Q2. If I post a members details(new member loging on) using MD5 as I have tried when the member tries to then log in they cannot due to the database holding the password in encrypted form.

            Am i going about this the wrong way?

              You are correct about MD5 being a one way algorithm.

              When the user picks their password (let's say, for example, they choose "EasterBunny69"), you encrypt it with MD5 and you get: 4&hEs#&.@df23bTii$#4h

              So you store that in the database.

              Then, later. the user tries to log into your web site so you ask them their password. They correctly type "EasterBunny69". You immediately MD5 the answer they just gave you and, of course, you get: 4&hEs#&.@df23bTii$#4h

              And when you compare that string to the string in the database, you will see that they are the same so you know that this must be the right person. And if anyone gets a look at your database, they will see that the user's password encrypts to "4&hEs#&.@df23bTii$#4h" but they won't know what to type that could cause MD5 to come up with that result.

                just what i wanted, an explanation that was easy to understand,

                many thanks etully,

                roscor

                  Sorted it now, just for others here's my code.

                  <H1>Login Form</H1>
<H3>You need to be Member, if not follow the link above and Register</H3>
<FORM METHOD="POST" ACTION="logon.php">
<P><STRONG>Username:</STRONG><BR>
<INPUT TYPE="text" NAME="username" value="<? echo $_SESSION['reg_username']; ?>"></p>
<P><STRONG>Password:</STRONG><BR>
<INPUT TYPE="password" NAME="password" value="<? echo  $_SESSION['reg_password']; ?>"></p>
<P><INPUT TYPE="SUBMIT" NAME="submit" VALUE="login">&nbsp;&nbsp;<input type="reset" name="reset"></P>

                  logon.php

                  include("dbinfo.inc.php");

$passw = md5($_POST['password']);
$user=$_POST['username'];


$conn = mysql_connect($host, $username, $password) or die(mysql_error());
mysql_select_db($database,$conn) or die(mysql_error());
$sql = "SELECT *  from landlordlo where username='$user' and password='$passw'";
$result = mysql_query($sql,$conn) or die(mysql_error());
if (mysql_num_rows($result) == 1) {
//if authorized, get the values of username	
$landlordloid=mysql_result($result,0, 'id');
$user = mysql_result($result,0, 'username');
$passw =mysql_result($result,0, 'password');
$date =mysql_result($result,0, 'datejoined');
$_SESSION['reg_username']=$user;
$_SESSION['reg_password']=$passw;
$_SESSION['reg_id']=$landlordloid;
$_SESSION['reg_datejoined']=$date;
}
 else 
{

die("You Input Incorrect Details Please Try Again, Thank You");
}
?>
                    Write a Reply...