MD5 issue: Login screen requiring the md5 password not the non encrypted pass


#1

Hi,

I was wondering if anyone could possibly help me, whilst adding users on my admin page. I stumbled across an issue, when I create a new username and password the login screen requires the md5 password and not the passwords that i applied in the adduser screen. Could anyone please help me…

Thanks

Adding User…

[php]

<?php if(isset($_POST['submit'])) { $username = $_POST['username']; $password = $_POST['password']; $password1 = $_POST['password1']; $enc_password =md5($password); if($username && $password && $password1) { if(strlen($username)>20) { echo "Your username is too long"; } else { if(strlen($password)>10|| strlen($password)<6) { echo "Password must be between 6 and 10 characters"; } if ($password == $password1) { require "dbc.php"; $username = mysql_real_escape_string($username); $query = mysql_query("INSERT INTO login SET username='$username', password='$enc_password'"); echo mysql_error(); echo("User has been added"); } else { echo "Passwords must match"; } } } else echo "All Fields Are Required"; } ?>

[/php]

Username

Password

Re-type Password

Login PHP

[php]

<?php session_start(); // print_r($_POST); $username = $_POST['username']; $password = $_POST['password']; if($username && $password) { $connect = mysql_connect("127.0.0.1","root","pass") or die ("Unable to connect to the database"); mysql_select_db("testscriptsystem")or die ("Couldn't find database"); $query = mysql_query("SELECT * FROM login WHERE username ='".mysql_real_escape_string($username)."'"); $numrows = mysql_num_rows($query); if($numrows !=0) { while ($row = mysql_fetch_assoc($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } if ($username==$dbusername&&$password==$dbpassword) { echo"Login Successful.
Click here to access the test script system"; $_session['username']=$dbusername; } else echo"Incorrect Passord"; } else die("Username doe not exist"); } else die("Please enter a username and password"); ?>

[/php]


#2

when using MD5 you need to use it every time you compare a password use MD5 on the login page

[php]$password = MD5($_POST[‘password’]);[/php]


#3

Thank you for your quick response… Life Saver :smiley: