12-11-2008, 12:02 PM
|
#1 (permalink)
|
|
The Contributor
Join Date: Oct 2008
Location: UK
Posts: 30
Thanks: 0
|
Password Hashing
Hey I'm having some problems with hashing passwords into a database and then comparing them to a user input.
Here's my code:
PHP Code:
if(isset($_REQUEST['username'])){
session_start();
$con = mysql_connect("localhost","","") or die('Could not connect: ' . mysql_error());
mysql_select_db("normo_mydb") or die(mysql_error());
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = md5($_POST['password']);
$result = mysql_query("SELECT Password FROM Users WHERE Username = '$username'");
$row = mysql_fetch_array($result);
$num = mysql_num_rows($result);
if($num != "0" && $password == $row['Password']) {
header('location:new.php');
}
else {
session_unset();
session_destroy();
}
mysql_close($con);
}
if(isset($_REQUEST['userReg'])){
session_start();
$con = mysql_connect("localhost","","") or die('Could not connect: ' . mysql_error());
mysql_select_db("normo_mydb") or die(mysql_error());
$_SESSION['userReg'] = $_POST['userReg'];
$_SESSION['passReg'] = md5($_POST['passReg']);
$sql = mysql_query("INSERT INTO Users
(Username, Password) VALUES('$userReg','$passReg')") or die(mysql_error());
echo "You are now registered!";
mysql_close($con);
}
I have the script running fine without hashing the passwords, just when I add the MD5 function it goes wrong.
I do manage to hash the password into the database but it doesn't work when the user logs in.
Also it doesn't hash the password every time. Sometimes it just enters the password as plain text into the database.
Any help would be appreciated. :) |
|
|
|
Join the friendly bunch on IRC...
Threaded Mode
