Checking md5 password creates different hash

Hi,

I have an admin form and when I enter a user with a test password I get the hash - 86c08921eb25e2e0fa96, first step fine.

Then when i go to the admin form, and type the password in and use md5 to check it I get a slightly longer hash as this - 86c08921eb25e2e0fa96e9c87b0ae5c9

Nothing much going on code wise.

Code to enter

$ePassword=md5($pass);
insert into tbl_usuario(Login_Usu,Pass_Usu,Nombre_Usu,Email_Usu,Estado_Usu,Administrador_Usu) values('$login','$ePassword','$name','$email',$status,$admin)

Then on the log in screen

<input type="password" name="txtpass" size="24">
$pass=md5($_POST['txtpass']);

if ($username==$data['Login_Usu']  && $pass==$data['Pass_Usu'])
        {

So its very simple, but on entering the same password as I put into the database, the hash is different, so they dont match up to allow the user to move on

  1. Never ever use md5 for the password hashing. Use password_hash() instead.
  2. Just provide a table column of the appropriate size for your data so it won’t be truncated. For the proper hash it should be varchar(60)
2 Likes

Ok cheers I’ll look into the password_hash method, and ye you nailed it, I had it set to 25!

Thanks again

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.