Possible md5 encrypting error
-
hello, i am hoping someone will be able to help me with this, i have a basic login form using md5 encryption.... Login.php (the form)
<?php echo '<div id="errors">'.$err.'</div>'; ?><br/>
<table><tr><td>
<form method="post" action="login_go.php">Username:
</td><td>
<input typ="text" name="user">
</td></tr><tr><td>
Password:
</td><td>
<input type="password" name="passcode">
</td></tr><tr><td>
<input type="submit" value="Log In"></td></tr></table><br/>login_go.php (the processing)
<?php
session_start();
Include("connect.php");
$username = ($_POST['user']);
$password = md5($_POST['passcode']);
$q = mysql_query("SELECT * FROM users WHERE user = '$username' AND pass = '$password'") or die (mysql_error());
$r = mysql_num_rows($q);if ($r == 1) { $\_SESSION\['logged'\] = TRUE; $\_SESSION\['user'\] = $username; $\_SESSION\['email'\] = $email; $\_SESSION\['date'\] = $joined; header("Location: members.php"); exit(); // Stops the rest of the script. } else { $err.='Incorrect username/password!'; Include("login.php"); }?>
On my database, the password is encrypted correctly but when i come to login i only need to enter the user and i gain access, and when i put a password into it, i then get an error .... what have i done wrong ? ? Thanks Steve
-
hello, i am hoping someone will be able to help me with this, i have a basic login form using md5 encryption.... Login.php (the form)
<?php echo '<div id="errors">'.$err.'</div>'; ?><br/>
<table><tr><td>
<form method="post" action="login_go.php">Username:
</td><td>
<input typ="text" name="user">
</td></tr><tr><td>
Password:
</td><td>
<input type="password" name="passcode">
</td></tr><tr><td>
<input type="submit" value="Log In"></td></tr></table><br/>login_go.php (the processing)
<?php
session_start();
Include("connect.php");
$username = ($_POST['user']);
$password = md5($_POST['passcode']);
$q = mysql_query("SELECT * FROM users WHERE user = '$username' AND pass = '$password'") or die (mysql_error());
$r = mysql_num_rows($q);if ($r == 1) { $\_SESSION\['logged'\] = TRUE; $\_SESSION\['user'\] = $username; $\_SESSION\['email'\] = $email; $\_SESSION\['date'\] = $joined; header("Location: members.php"); exit(); // Stops the rest of the script. } else { $err.='Incorrect username/password!'; Include("login.php"); }?>
On my database, the password is encrypted correctly but when i come to login i only need to enter the user and i gain access, and when i put a password into it, i then get an error .... what have i done wrong ? ? Thanks Steve
First, you should really escape the
$_POST['user']value before putting it into an SQL query:$username = mysql_real_escape_string($_POST['user']);
As for why it logs you in when the password is left blank, my guess is that the hashed password is actually the MD5 hash of an empty string. In other words, the correct password is a blank password.
SELECT MD5('')gives me d41d8cd98f00b204e9800998ecf8427e - is that what you have? -
First, you should really escape the
$_POST['user']value before putting it into an SQL query:$username = mysql_real_escape_string($_POST['user']);
As for why it logs you in when the password is left blank, my guess is that the hashed password is actually the MD5 hash of an empty string. In other words, the correct password is a blank password.
SELECT MD5('')gives me d41d8cd98f00b204e9800998ecf8427e - is that what you have? -
yeh actually, i have just took the md5 encrypting off and it inserts nothing into the db and i do get d41d8cd98f00b204e9800998ecf8427e .... how do i fix this ?
modified on Friday, April 23, 2010 6:19 PM