SitePoint Sponsor

User Tag List

Results 1 to 6 of 6

Thread: Md5 login help!

  1. #1
    SitePoint Member
    Join Date
    Aug 2011
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Md5 login help!

    When a user registers for my site then their password is encrypted in md5, but they are not able to login. I have my login page below, i tried to ude the MD5() string where the code selects the pass but no luck, what do i do?


    PHP Code:
    <?php
    session_start
    ();
    if( 
    $_SESSION["logging"]&& $_SESSION["logged"])
    {
         
    print_secure_content();
    }
    else {
        if(!
    $_SESSION["logging"])
        { 
        
    $_SESSION["logging"]=true;
        
    loginform();
        }
           else if(
    $_SESSION["logging"])
           {
             
    $number_of_rows=checkpass();
             if(
    $number_of_rows==1)
                {   
                 
    $_SESSION[user]=$_POST[userlogin];
                 
    $_SESSION[logged]=true;
                 print
    "<h1>you have loged in successfully</h1>";
                 
    print_secure_content();
                }
                else{
                       print 
    "wrong pawssword or username, please try again";   
                       echo 
    $ttt;   
                    
    loginform();
                }
            }
         }

    function 
    loginform()
    {
    print 
    "please enter your login information to proceed with our site";
    print (
    "<table border='2'><tr><td>username</td><td><input type='text' name='userlogin' size'20'></td></tr><tr><td>password</td><td><input type='password' name='password' size'20'></td></tr></table>");
    print 
    "<input type='submit' >";   
    print 
    "<h3><a href='registerform.php'>register now!</a></h3>";   
    }

    function 
    checkpass()
    {
    $servername="*******";
    $username="*******";
    $conn=  mysql_connect($servername,$username,"cool23")or die(mysql_error());
    mysql_select_db("*******",$conn);
    $sql="select * from users where user='$_POST[userlogin]' and pass='$_POST[password]'";
    $result=mysql_query($sql,$conn) or die(mysql_error());
    return  
    mysql_num_rows($result);
    }

    function 
    print_secure_content()
    {
        print(
    "<b><h1>hi mr.$_SESSION[user]</h1>");
        print 
    "<br><h2>only a logged in user can see this</h2><br><a href='logout.php'>Logout</a><br>";   
       
    }
    ?>
    Last edited by AnthonySterling; Aug 15, 2011 at 00:32. Reason: removed credentials

  2. #2
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    5,072
    Mentioned
    103 Post(s)
    Tagged
    0 Thread(s)
    You need to run the submitted password through the md5() function before using it in the query but before that you need to sanitize both the username and password as your script is vulnerable to SQL injection attack. Also have a read of this which is about prepared statements.
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  3. #3
    SitePoint Member
    Join Date
    Aug 2011
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I will read that now and how do i sanitize and run the submitted password through the md5() function?

    sorry I am a beginner

  4. #4
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    5,072
    Mentioned
    103 Post(s)
    Tagged
    0 Thread(s)
    For getting the md5 hash of a password (once it has been sanitized):

    PHP Code:
    $password_hash=md5($sanitized_password); 
    To use prepared statements you'll need to switch to using the mysqli_* extension instead of the mysql_* extension.
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  5. #5
    SitePoint Member
    Join Date
    Aug 2011
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    so prepared statements prevent sql injections

  6. #6
    SitePoint Enthusiast Wuiqed's Avatar
    Join Date
    Dec 2006
    Location
    Sweden
    Posts
    52
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That's correct. However, there is no need sanitize the password since you're hashing it.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •