Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: PHP problem - login the user with md5 hash.

04 Oct 2011   #1
Stefany93

Windows 7 Ultimate
 
 
PHP problem - login the user with md5 hash.

Hello colleagues,


Please help me! I have this little annoying problem. When I want to log the user in using PHP and MySQL everything goes OK, using plain text as password. The thing is, that I want the passwords my users enter into the MySQL database to be md5 hash encrypted so that if any evil user break into the database he wouldn't be able to see the passwords.

So long story short, here is the code, and please tell me what I have done wrong and why the user can't log in using the md5 hash even tho they can register and the MySQL database receives the passwords md5 hashed.

Script:


        
// Registration process file
        
             
$con mysql_connect("localhost","root","");
             
             global 
$con;
             
            
$nickname $_POST['nickname'];
            
$password $_POST['password'];
            
$email $_POST['email'];
            
$name $_POST['name'];
            
            
$password_hash md5($password);
            
                if (!
$con)
                  {
                  die(
'Could not connect: ' mysql_error());
                  }

                
mysql_select_db("first_database");

                
$sql="INSERT INTO users (username, password, firstname, email)VALUES('$nickname','$password_hash','$name', '$email')";

                if (!
mysql_query($sql,$con))
                  {
                  die(
'Error: ' mysql_error());
                  }
                echo 
"1 record added";

                
mysql_close($con
And here is the login process file.

Script:
            <?php
            
            
            
require 'mysql.php';
                        
            
            
            
$nickname $_POST['nickname'];
            
$password $_POST['password'];
            
            
$password_hash md5($password);
            if(!empty (
$nickname) and !empty ($password)){
            
            
            
$query "SELECT id FROM users WHERE username='$nickname' AND password='$password_hash'";
            
            
            if(
$query_run mysql_query($query)){
            
            
$mysql_num_rows mysql_num_rows($query_run);
            
            if(
$mysql_num_rows==0){
            
            echo 
'Password/username error!';
            
            
            
            
            }else if(
$mysql_num_rows==1){
            
            
$user_id mysql_result($query_run0'id');
            
$_SESSION['user_id']=$user_id;
            
header('Location: index.php');
            
            echo 
'You are now logged in!';
            
            }
            }
            
            
            
            
            
            }
            
            
            
            
            
            
            
?>
This is the root account of my local server.
Thank you very much!!

Best Regards
Stefany


My System SpecsSystem Spec
.
04 Oct 2011   #2
z3r010

 

You would probably be better asking in a forum aimed at that sort of thing, maybe - PHP Forum
My System SpecsSystem Spec
04 Oct 2011   #3
Stefany93

Windows 7 Ultimate
 
 

Thank you
My System SpecsSystem Spec
.

04 Oct 2011   #4
murmatron

Windows 7 Pro x86
 
 

There's no polite way to put this... Your scripts are a serious disaster area just waiting for an SQL injection. If you learned this stuff from a book then throw it away. If you learned it from a website then delete the bookmark.

You really need to do some reading to know why virtually everything in those scripts is bad bad bad.

Start here: PHP: SQL Injection - Manual

If you go elsewhere for help with this and don't get told the same thing then take whatever advice you've been given as being wrong.

Use PDO and prepared statements: PHP: PDO - Manual

Also, don't use MD5() ; use crypt() and learn about salting your hashes.

Expect that once you've learned how to work securely with your database, your code will probably have other issues.

https://www.owasp.org/index.php/Cate...op_Ten_Project
My System SpecsSystem Spec
05 Oct 2011   #5
Stefany93

Windows 7 Ultimate
 
 

@murmatron Thank you very much for the information, don't worry I think you were very polite because you told me what I have done wrong, thank you very much again. 1 more question please. The crypt() tag, is it the same as md5 hash or a better way to do the hashing?

Thank you again!
My System SpecsSystem Spec
06 Oct 2011   #6
murmatron

Windows 7 Pro x86
 
 

PHP: crypt - Manual

crypt is similar to md5 (it produces a hash) except you can choose a different (better) algorithm and a salt string.
My System SpecsSystem Spec
06 Oct 2011   #7
Stefany93

Windows 7 Ultimate
 
 

Thank you very much murmatron, much appriciated!
My System SpecsSystem Spec
Reply

 PHP problem - login the user with md5 hash.




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Switch User then logoff, back to ctrl-alt-del login not previous user
On windows 7 professional 64-bit sp1, if a current user is screen locked, the lock screen indicates the current user name and account is logged on and the computer is locked. I am using Classic Logon in group policy, and under local policy-security options-interactive logon i have it set to...
General Discussion
User Profile Corruption/RegIssues? How to monitor windows (user login)
When I login to windows (7, Ultimate x64) on most profiles (created a new one, affected, logged into my admin account, 1 of 2 user accounts, a clean one for lightweight surfing with no load time for all 3rd party s/w) and my monitor goes from extended (blank) (1920x1080) to ... looking like it has...
General Discussion
Multiple user accounts, 1 auto login , how to login to another account
Hi I have a unit i want to have 4 user accounts on and one of them should auto login. How do i change to one of my other 3 accounts? Change user doesnt work, just auto login. Im running Windows embedded standard 7 Best regards
General Discussion
The User Profile Service Failed the Login/User Prof. cannot be loaded
Hi, Am in a bit of a quandary, here. I am experimenting on a new Windows 7 build, and using a domain account, I copied it to make a "new" default user folder. Now when I try and login using a domain users account, I get the following message: The User Profile Service Failed the Login User...
General Discussion
Strange Defult Login User Prompt - Local Admin, Not Domain User
So a new box recently built, when booted, defaults to the local administrator account. This is a Windows 7 machine for a Linux guru that doesn't want to be bothered pressing more buttons than is necessary, if you get my drift. So my question is, after pressing Ctrl+Alt+Del...how do I...
General Discussion
Remove user login icons from login screen?
Is it possible to have users but not have their login icon appear on the login screen?
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 21:26.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App