Good day!
I created a simple login form. I want to know is how can encrypt the password that i already in the database. Because I have no register form only login form so that the username and password is already in the database. My problem is how can I encrypt my password, when I research about encryption of password they used md5 but when I tried it it did not encrypt my password and i got an error. and also when I input my password at textbox like for example my password is “qwerty” when I type it on the password textbox it shows qwerty i want to happen is it likes a bullet?
here is my login code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form id="form1" name="form1" method="post" action="">
<p>
<label for="username">Username: </label>
<input type="text" name="username" id="username" />
</p>
<p>
<label for="password">Password: </label>
<input type="text" name="password" id="password" />
</p>
<p>
<input type="submit" name="submit" id="submit" value="Submit" />
</p>
<?php
include 'connection.php';
if (isset($_POST['submit'])) {
$username=$_POST['username'];
$password=$_POST['password'];
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
/*$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);*/
//$password = md5($password);
$sql="SELECT * FROM tbllogin WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
header("location:machine1.php");
}
else {
echo "Wrong Username or Password";
}
}
?>
</form>
</body>
</html>
Thank you
All you need to do is simply write a quick script like below and replace password_here with the stored password in your database and it will encrypt it.
<?php
$string = 'password_here';
echo md5($string);
?>
Once it has been MD5 encrypted simply update your MySQL query to the following and it should work fine.
$sql = "SELECT * FROM tbllogin WHERE username='$username' and password='" . md5($password) . "'";
All you need to do is simply write a quick script like below and replace password_here with the stored password in your database and it will encrypt it.
<?php
$string = 'password_here';
echo md5($string);
?>
Once it has been MD5 encrypted simply update your MySQL query to the following and it should work fine.
$sql = "SELECT * FROM tbllogin WHERE username='$username' and password='" . md5($password) . "'";
I tried the code you suggested like this:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form id="form1" name="form1" method="post" action="">
<p>
<label for="username">Username: </label>
<input type="text" name="username" id="username" />
</p>
<p>
<label for="password">Password: </label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" name="submit" id="submit" value="Submit" />
</p>
<?php
include 'connection.php';
if (isset($_POST['submit'])) {
$username=$_POST['username'];
$password=$_POST['password'];
$password = 'aaaaa';
echo md5($password);
//$password = md5($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
/*$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);*/
//$password = md5($password);
//$sql="UPDATE tbllogin SET password = '$password' WHERE username = $username";
//$result=mysql_query($sql);
//mysql_query("UPDATE tbllogin SET password = '$password' WHERE username = $username");
$sql = "SELECT * FROM tbllogin WHERE username='$username' and password='" . md5($password) . "'";
//$sql="SELECT * FROM tbllogin WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
header("location:machine1.php");
}
else {
echo "Wrong Username or Password";
}
}
?>
</form>
</body>
</html>
and the output is
Did you update the password in your database?
i tried this code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form id="form1" name="form1" method="post" action="">
<p>
<label for="username">Username: </label>
<input type="text" name="username" id="username" />
</p>
<p>
<label for="password">Password: </label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" name="submit" id="submit" value="Submit" />
</p>
<?php
include 'connection.php';
if (isset($_POST['submit'])) {
$username=$_POST['username'];
$password=md5($_POST['password']);
//$password = '051090';
//$password = md5($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
//$password = mysql_real_escape_string(sha1($password));
/*$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);*/
//$password = md5($password);
//$sql="UPDATE `tbllogin` SET `password` = SHA1(`password`) WHERE username = $username";
//$sql="UPDATE tbllogin SET password = '$password' WHERE username = $username";
//$result=mysql_query($sql);
mysql_query("UPDATE tbllogin SET password = '$password' WHERE username = $username");
$sql = "SELECT * FROM tbllogin WHERE username='$username' and password='" . md5($password) . "'";
//$sql="SELECT * FROM tbllogin WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
header("location:machine1.php");
}
else {
echo "Wrong Username or Password";
}
}
?>
</form>
</body>
</html>
and the output is wrong username or password
kindly check my sql statement?is it right my update and select statement?
Thank you
I change my table in my database and now the password is not encrypted.
here is my code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form id="form1" name="form1" method="post" action="">
<p>
<label for="username">Username: </label>
<input type="text" name="username" id="username" />
</p>
<p>
<label for="password">Password: </label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" name="submit" id="submit" value="Submit" />
</p>
<?php
include 'connection.php';
if (isset($_POST['submit'])) {
$username=$_POST['username'];
$password=($_POST['password']);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
//$password = mysql_real_escape_string(sha1($password));
//$sql="UPDATE `tbllogin` SET `password` = SHA1(`password`) WHERE username = $username";
$sql="UPDATE tbllogin SET password = MD5('password') WHERE username = '$username'";
//$result=mysql_query($sql);
//mysql_query("UPDATE tbllogin SET password = '$password' WHERE username = '$username'");
//$sql = "SELECT * FROM tbllogin WHERE username='$username' and password='" . md5($password) . "'";
//$sql="SELECT * FROM tbllogin WHERE username='$username' and password='$password'";
$hashed_pass = md5($password);
$sql="SELECT * FROM tbllogin WHERE username='$username' and password='$hashed_pass'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
header("location:machine1.php");
}
else {
echo "Wrong Username or Password";
}
}
?>
</form>
</body>
</html>
Kindly check my sql syntax?
I tried this simple code for encryption of password:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form id="form1" name="form1" method="post" action="">
<p>
<label for="username">Username: </label>
<input type="text" name="username" id="username" />
</p>
<p>
<label for="password">Password: </label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" name="submit" id="submit" value="Submit" />
</p>
<?php
include 'connection.php';
if (isset($_POST['submit'])) {
$username=$_POST['username'];
$password=md5($_POST['password']);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
//$password = mysql_real_escape_string(sha1($password));
//$sql="UPDATE `tbllogin` SET `password` = SHA1(`password`) WHERE username = $username";
//$sql="UPDATE tbllogin SET password = MD5('password') WHERE username = '$username'";
//$result=mysql_query($sql);
//mysql_query("UPDATE tbllogin SET password = '$password' WHERE username = '$username'");
//$sql = "SELECT * FROM tbllogin WHERE username='$username' and password='" . md5($password) . "'";
$sql="SELECT * FROM tbllogin WHERE username='$username' and password='$password'";
//$hashed_pass = md5($password);
//$sql="SELECT * FROM tbllogin WHERE username='$username' and password='$hashed_pass'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
header("location:machine1.php");
}
else {
echo "Wrong Username or Password";
}
}
?>
</form>
</body>
</html>
but the result is wrong username or password?and also the password in the database was not encrypted.
I really need to solved it now…
Thank you so much
When I tried this code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form id="form1" name="form1" method="post" action="">
<p>
<label for="username">Username: </label>
<input type="text" name="username" id="username" />
</p>
<p>
<label for="password">Password: </label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" name="submit" id="submit" value="Submit" />
</p>
<?php
include 'connection.php';
if (isset($_POST['submit'])) {
$username=$_POST['username'];
$password=$_POST['password'];
// encrypt password
$encrypted_mypassword=md5($password);
$sql="SELECT * FROM tbllogin WHERE username='$username' and password='$encrypted_mypassword'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
header("location:machine1.php");
}
else {
echo "Wrong Username or Password";
}
}
//$username = mysql_real_escape_string($username);
//$password = mysql_real_escape_string($password);
//$password = mysql_real_escape_string(sha1($password));
//$sql="UPDATE `tbllogin` SET `password` = SHA1(`password`) WHERE username = $username";
//$sql="UPDATE tbllogin SET password = MD5('password') WHERE username = '$username'";
//$result=mysql_query($sql);
//mysql_query("UPDATE tbllogin SET password = '$password' WHERE username = '$username'");
//$sql = "SELECT * FROM tbllogin WHERE username='$username' and password='" . md5($password) . "'";
//$sql="SELECT * FROM tbllogin WHERE username='$username' and password='$password'";
//$hashed_pass = md5($password);
//$sql="SELECT * FROM tbllogin WHERE username='$username' and password='$hashed_pass'";
//$result=mysql_query($sql);
?>
</form>
</body>
</html>
when i run my login
I really don’t know how can I fix my problem in encrypting password and login successfully.
Thank you for your help
Sorry you seem to be misunderstanding what i meant in my first post, simply do the following…
Create a new PHP file called genmd5.php and paste in the following code then run it on your serverphp $password = 'password_here'; echo md5($password);
Change password_here to your plain text password and once you run the script open phpMyAdmin, select your database then update your users table with the MD5 encrypted password.
Next update your script to the below and it should work finephp <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <p> <label for="username">Username: </label> <input type="text" name="username" id="username" /> </p> <p> <label for="password">Password: </label> <input type="password" name="password" id="password" /> </p> <p> <input type="submit" name="submit" id="submit" value="Submit" /> </p> <?php if (isset($_POST['submit'])) { include 'connection.php'; $username = (isset($_POST['username']) && !empty($_POST['username'])) ? $_POST['username'] : null; $password = (isset($_POST['password']) && !empty($_POST['password'])) ? md5($_POST['password']) : null; if ($username != null && $password != null) { $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $sql = "SELECT * FROM tbllogin WHERE username = '$username' AND password = '$password'"; if (!$result = mysql_query($sql)) { die('MySQL error!<br /><br />' . mysql_error()); } if (mysql_num_rows($result)) { header('Location: machine1.php'); } else { echo 'Wrong username or password!'; } } else { echo 'Invalid authentication information entered!'; } } ?> </form> </body> </html>
you did not include the genmd5.php?What if I have 5 users in my database?
I tried the code you suggested and when I run the code and i insert my username and password the output is wrong username or password
Did you remember to also MD5 the password that has been entered before comparing it to the encrypted one from the database?
Thank you so much for your help.
I used this code and it works:
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
#form1 h2 strong {
color: #06F;
font-family: "Trebuchet MS", Arial, Helvetica, sans-serif;
}
#form1 p label {
color: #009;
}
</style>
</head>
<body onload="document.form1.username.focus()">
<form id="form1" name="form1" method="post" action="">
<h2><strong> LOGIN FORM</strong></h2>
<p>
<label for="username">Username: </label>
<input type="text" name="username" id="username" />
</p>
<p>
<label for="password">Password: </label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" name="submit" id="submit" value="Sign In" />
</p>
<?php
if (isset($_SESSION['logged_in'])) {
header('Location:machine1.php');
die();
}
include 'connection.php';
/*if($numofrows==1){
session_register("username");
header("location:machine1.php");
}*/
if (isset($_POST['submit'])) {
$username=$_POST['username'];
$password=$_POST['password'];
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string(sha1($password));
mysql_query("UPDATE tbllogin SET password = '$password' WHERE username = '$username'");
$sql="SELECT * FROM tbllogin WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
$_SESSION['logged_in'] = true;
header("location:machine1.php");
}
else {
echo "Wrong Username or Password";
}
}
?>
</form>
</body>
</html>