TalkPHP - View Single Post

Normo · 12-11-2008, 12:02 PM

Hey I'm having some problems with hashing passwords into a database and then comparing them to a user input.

Here's my code:

PHP Code:


			
if(isset($_REQUEST['username'])){
session_start();
$con = mysql_connect("localhost","","") or die('Could not connect: ' . mysql_error());

mysql_select_db("normo_mydb") or die(mysql_error());


$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = md5($_POST['password']);
$result = mysql_query("SELECT Password FROM Users WHERE Username = '$username'");
$row = mysql_fetch_array($result);
$num = mysql_num_rows($result);

if($num != "0" && $password == $row['Password']) {
header('location:new.php');
}
else {
session_unset();
session_destroy();
}

mysql_close($con);
}
if(isset($_REQUEST['userReg'])){
session_start();
$con = mysql_connect("localhost","","") or die('Could not connect: ' . mysql_error());

mysql_select_db("normo_mydb") or die(mysql_error());

$_SESSION['userReg'] = $_POST['userReg'];
$_SESSION['passReg'] = md5($_POST['passReg']);
$sql = mysql_query("INSERT INTO Users
(Username, Password) VALUES('$userReg','$passReg')") or die(mysql_error());
echo "You are now registered!";

mysql_close($con);
}

I have the script running fine without hashing the passwords, just when I add the MD5 function it goes wrong.

I do manage to hash the password into the database but it doesn't work when the user logs in.

Also it doesn't hash the password every time. Sometimes it just enters the password as plain text into the database.

Any help would be appreciated. :)

12-11-2008, 12:02 PM	#1 (permalink)
Normo The Contributor Join Date: Oct 2008 Location: UK Posts: 30 Thanks: 0	Password Hashing Hey I'm having some problems with hashing passwords into a database and then comparing them to a user input. Here's my code: PHP Code: if(isset($_REQUEST['username'])){ session_start(); $con = mysql_connect("localhost","","") or die('Could not connect: ' . mysql_error()); mysql_select_db("normo_mydb") or die(mysql_error()); $_SESSION['username'] = $_POST['username']; $_SESSION['password'] = md5($_POST['password']); $result = mysql_query("SELECT Password FROM Users WHERE Username = '$username'"); $row = mysql_fetch_array($result); $num = mysql_num_rows($result); if($num != "0" && $password == $row['Password']) { header('location:new.php'); } else { session_unset(); session_destroy(); } mysql_close($con); } if(isset($_REQUEST['userReg'])){ session_start(); $con = mysql_connect("localhost","","") or die('Could not connect: ' . mysql_error()); mysql_select_db("normo_mydb") or die(mysql_error()); $_SESSION['userReg'] = $_POST['userReg']; $_SESSION['passReg'] = md5($_POST['passReg']); $sql = mysql_query("INSERT INTO Users (Username, Password) VALUES('$userReg','$passReg')") or die(mysql_error()); echo "You are now registered!"; mysql_close($con); } I have the script running fine without hashing the passwords, just when I add the MD5 function it goes wrong. I do manage to hash the password into the database but it doesn't work when the user logs in. Also it doesn't hash the password every time. Sometimes it just enters the password as plain text into the database. Any help would be appreciated. :)