English Deutsch Français Italiano Español Português 繁體中文 Bahasa Indonesia Tiếng Việt ภาษาไทย
All categories

When a user registers with my site I store their sign up information in a database with the following PHP commands:

$encrypted_password = (md5($password));
$sql = "insert into user set
username='$username',
passwd='$encrypted_password',
email='$email'";

I'm having trouble when they try to log in. I'm using the following PHP command to test whether the username/password combination exists in the database.

$result = @mysql_query( "select * from user where username = '$username' and passwd = md5('$password')");

Even if the username and password that I try to log in with does exist in the database, I get a "could not log you in" message every time. I think it might be because I'm not "decrypting" the password properly.

Does anyone have any suggestions? Do I have the syntax correct for retrieving the password from the database in the correct (unencrypted) form?

2006-10-29 10:29:30 · 3 answers · asked by Anonymous in Computers & Internet Programming & Design

3 answers

First off, MD5 is NOT an encryption algorithm, it is a hashing algorithm. You cannot "decrypt" an MD5 hash. What you can do is to run another string through MD5 and see if its hash matches the has you retrieved from storage.

What you should do is something like this (assuming $username and $password are correctly populated):

$query = "select * from user where username = '$username'"
$result = mysql_query($query);
$record = mysql_fetch_array($result);
if ($record == false) {
// there is no user registered under $username
} else {
if ($record['password'] == md5($password)) {
// successful authentication
} else {
// wrong password
}
}

__________

2006-10-30 05:39:44 · answer #1 · answered by NC 7 · 0 0

Apache is the internet server application. that's what helps something to run. you could think of of that because of the fact the beginning place. MySQL is the database device that runs on apache. very own domicile page is a server part programming languages that would additionally be put in on an apache information superhighway server. in case you're having one in each of those hard time getting started, and prefer this to be common and comparatively painless, then use a content fabric administration device, like Drupal, Joomla, or Wordpress. i for my area prefer Drupal, yet leaf by using all of them.

2016-10-20 23:33:02 · answer #2 · answered by dampier 4 · 0 0

The problem is that if you do md5('$password'), this is wrong, you don't need quotes.

either do it the following way:
$username = $_POST['username'];
$password = $_POST['password'];

$password = md5($password);

when when you write sql query you don't need to do md5 in the query just write passwd='$password;

Hope this helps.

2006-10-29 10:33:53 · answer #3 · answered by Manish 5 · 0 0

fedest.com, questions and answers