New
#1
PHP problem - login the user with md5 hash.
Hello colleagues,
Please help me! I have this little annoying problem. When I want to log the user in using PHP and MySQL everything goes OK, using plain text as password. The thing is, that I want the passwords my users enter into the MySQL database to be md5 hash encrypted so that if any evil user break into the database he wouldn't be able to see the passwords.
So long story short, here is the code, and please tell me what I have done wrong and why the user can't log in using the md5 hash even tho they can register and the MySQL database receives the passwords md5 hashed.
And here is the login process file.Script:
// Registration process file
$con = mysql_connect("localhost","root","");
global $con;
$nickname = $_POST['nickname'];
$password = $_POST['password'];
$email = $_POST['email'];
$name = $_POST['name'];
$password_hash = md5($password);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("first_database");
$sql="INSERT INTO users (username, password, firstname, email)VALUES('$nickname','$password_hash','$name', '$email')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
This is the root account of my local server.Script:
<?php
require 'mysql.php';
$nickname = $_POST['nickname'];
$password = $_POST['password'];
$password_hash = md5($password);
if(!empty ($nickname) and !empty ($password)){
$query = "SELECT id FROM users WHERE username='$nickname' AND password='$password_hash'";
if($query_run = mysql_query($query)){
$mysql_num_rows = mysql_num_rows($query_run);
if($mysql_num_rows==0){
echo 'Password/username error!';
}else if($mysql_num_rows==1){
$user_id = mysql_result($query_run, 0, 'id');
$_SESSION['user_id']=$user_id;
header('Location: index.php');
echo 'You are now logged in!';
}
}
}
?>
Thank you very much!!
Best Regards
Stefany