Good day!

I created a simple login form. I want to know is how can encrypt the password that i already in the database. Because I have no register form only login form so that the username and password is already in the database. My problem is how can I encrypt my password, when I research about encryption of password they used md5 but when I tried it it did not encrypt my password and i got an error. and also when I input my password at textbox like for example my password is "qwerty" when I type it on the password textbox it shows qwerty i want to happen is it likes a bullet?

here is my login code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<form id="form1" name="form1" method="post" action="">
  <p>
    <label for="username">Username:&nbsp;</label>
    <input type="text" name="username" id="username" />
  </p>
  <p>
    <label for="password">Password:&nbsp;</label>
    <input type="text" name="password" id="password" />
  </p>
  <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
    <input type="submit" name="submit" id="submit" value="Submit" />
  </p>

<?php
include 'connection.php';

 if (isset($_POST['submit'])) {
$username=$_POST['username']; 
$password=$_POST['password'];


$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);


/*$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);*/
//$password = md5($password);

$sql="SELECT * FROM tbllogin WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){  
header("location:machine1.php"); } else { echo "Wrong Username or Password"; } } ?> </form> </body> </html>

Thank you

    For the password field not showing letters, make it of the type "password" instead of "text".

    I am not sure why your md5()-call doesn't work, have you tried to output the variable afterwards? Also remember that you have to store the password as md5-encrypted if you are going to get a match, either that or you encrypt it once you have fetched it from the database. MD5 isn't the best hash-method today for PHP, you might want to take a look at SHA1 instead.

    http://php.net/manual/en/function.sha1.php

      Undrium;10979615 wrote:

      For the password field not showing letters, make it of the type "password" instead of "text".

      I am not sure why your md5()-call doesn't work, have you tried to output the variable afterwards? Also remember that you have to store the password as md5-encrypted if you are going to get a match, either that or you encrypt it once you have fetched it from the database. MD5 isn't the best hash-method today for PHP, you might want to take a look at SHA1 instead.

      http://php.net/manual/en/function.sha1.php

      Can you help me how can i used sha1 in my code?

        This is my experiment code as you can see I have code sha1 but I don't know how can I finalize my code what is needed and what is not

        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
        <html xmlns="http://www.w3.org/1999/xhtml">
        <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Untitled Document</title>
        </head>
        
        <body>
        <form id="form1" name="form1" method="post" action="">
          <p>
            <label for="username">Username:&nbsp;</label>
            <input type="text" name="username" id="username" />
          </p>
          <p>
            <label for="password">Password:&nbsp;</label>
            <input type="password" name="password" id="password" />
          </p>
          <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
            <input type="submit" name="submit" id="submit" value="Submit" />
          </p>
        
        <?php
        include 'connection.php';
        
         if (isset($_POST['submit'])) {
        $username=$_POST['username']; 
        $password=$_POST['password'];
        
        
        // encrypt password 
        $encrypted_mypassword=md5($password);
        
        $sql="SELECT * FROM tbllogin WHERE username='$username' and password='$encrypted_mypassword'";
        $result=mysql_query($sql);
        
        $count=mysql_num_rows($result);
        
        if($count==1){  
        header("location:machine1.php"); } else { echo "Wrong Username or Password"; } } //$username = mysql_real_escape_string($username); //$password = mysql_real_escape_string($password); //$password = mysql_real_escape_string(sha1($password)); //$sql="UPDATE `tbllogin` SET `password` = SHA1(`password`) WHERE username = $username"; //$sql="UPDATE tbllogin SET password = MD5('password') WHERE username = '$username'"; //$result=mysql_query($sql); //mysql_query("UPDATE tbllogin SET password = '$password' WHERE username = '$username'"); //$sql = "SELECT * FROM tbllogin WHERE username='$username' and password='" . md5($password) . "'"; //$sql="SELECT * FROM tbllogin WHERE username='$username' and password='$password'"; //$hashed_pass = md5($password); //$sql="SELECT * FROM tbllogin WHERE username='$username' and password='$hashed_pass'"; //$result=mysql_query($sql); ?> </form> </body> </html>

          In your last example you are using md5 when trying to validate, use sha1 instead. 🙂

            Write a Reply...