Checking md5 password creates different hash

multichild · September 6, 2016, 10:12am

Hi,

I have an admin form and when I enter a user with a test password I get the hash - 86c08921eb25e2e0fa96, first step fine.

Then when i go to the admin form, and type the password in and use md5 to check it I get a slightly longer hash as this - 86c08921eb25e2e0fa96e9c87b0ae5c9

Nothing much going on code wise.

Code to enter

$ePassword=md5($pass);
insert into tbl_usuario(Login_Usu,Pass_Usu,Nombre_Usu,Email_Usu,Estado_Usu,Administrador_Usu) values('$login','$ePassword','$name','$email',$status,$admin)

Then on the log in screen

<input type="password" name="txtpass" size="24">
$pass=md5($_POST['txtpass']);

if ($username==$data['Login_Usu']  && $pass==$data['Pass_Usu'])
        {

So its very simple, but on entering the same password as I put into the database, the hash is different, so they dont match up to allow the user to move on

colshrapnel · September 6, 2016, 10:21am

Never ever use md5 for the password hashing. Use password_hash() instead.
Just provide a table column of the appropriate size for your data so it won’t be truncated. For the proper hash it should be varchar(60)

multichild · September 6, 2016, 10:29am

Ok cheers I’ll look into the password_hash method, and ye you nailed it, I had it set to 25!

Thanks again

system · December 6, 2016, 5:29pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.