MD5 Password Check

NZ_Kiwis · Apr 16, 2011

I've entered a password into my MySQL database

$Pass = md5($_POST['UserPass']);

How can i now check it

$Pass = $row['UserPassword']

if ($EnteredPass == $Pass){
...
}

THis does not work, why?

leatherback · Apr 16, 2011

You need to check what is in the database, against the MD5()'d submitted value:

$EnteredPass = md5($_POST['UserPass']);

select FIELD from DATABASETABLE where username = $username and UserPassword = $enteredPass

NZ_Kiwis · Apr 16, 2011

I get no rows

$Pass = md5($_POST['UserPassword']);

$result = mysql_query ("SELECT * FROM MYTABLE WHERE Username = '$User' AND UserPassword = '$Pass'");
	$row = mysql_fetch_array($result);
	$num_rows = mysql_num_rows($result);


if ($num_rows == 0){
	echo "No rows";

NZ_Kiwis · Apr 16, 2011

MY ERROR
WRONG POST BEING PICKED UP

piersk · Apr 18, 2011

Just as an aside, I'd use sha1() rather than md5(). I remember reading something somewhere that there is less chance of collisions. The best would be to use bcrypt (in the crypt() function)

MD5 Password Check

NNZ_Kiwis

Lleatherback

NNZ_Kiwis

NNZ_Kiwis

Ppiersk