I have read so much and tried so much with md5() and no matter what I try I cannot get it to work.
Both on the encrypting and logging in.
I under stand (I think) that as a login page you have to do some kind of compare.
But registering form I have no clue what so ever.
I went as far even as buying one of the lynda.com CDs (never again) and even that was pretty stink on describing or how it works.
Can someone please enlighten my on this md5() so I can get my sucker to work.
ta muchly.
MD5
Started by
_*Creative Insanity_*
, Aug 15 2007 09:49 PM
31 replies to this topic
#2
Demonslay
-
- Members
-
- 973 posts
P2L Jedi
- Gender:Male
- Location:A strange world where water falls out of the sky... for no reason.
- Interests:Graphic Design, Coding, Splinter Cell, Cats
Posted 15 August 2007 - 11:11 PM
MD5 is a one-way encryption algorithm. All you are doing, is taking your string, encrypting it so no-one could possibly tell what the original string was, and compare it to the stored value, which is the encrypted version of the password.
So, when registering and making a password, the password is encrypted (for more security use more than one encryption method and use salts and peppers), and stored in the database. When you log in, the user's submitted password is encrypted with the exact same algorithm and scheme, and compared to the database's stored value of the encrypted password submitted at registration.
All simple stuff, and to learn more on encryption, there's tons of tutorials and articles you can find here on P2L, or more in-depth by searching Google.
So, when registering and making a password, the password is encrypted (for more security use more than one encryption method and use salts and peppers), and stored in the database. When you log in, the user's submitted password is encrypted with the exact same algorithm and scheme, and compared to the database's stored value of the encrypted password submitted at registration.
All simple stuff, and to learn more on encryption, there's tons of tutorials and articles you can find here on P2L, or more in-depth by searching Google.
#3
_*Creative Insanity_*
_*Creative Insanity_*
-
- Guests
Posted 16 August 2007 - 02:43 AM
Thanks Demonslay.
I do understand the logic behind it, but all the tuts I have seen (and that is alot) they all seem to use some kind of variable, but there are no variables in a registration form, well none that I done in the past anyway.
All the are is just a forum and an insert and nothing much more. I have tried such things as:
But alas I think I am getting it wrong.
I do understand the logic behind it, but all the tuts I have seen (and that is alot) they all seem to use some kind of variable, but there are no variables in a registration form, well none that I done in the past anyway.
All the are is just a forum and an insert and nothing much more. I have tried such things as:
$password = $_GET['pass']; md5($password);
But alas I think I am getting it wrong.
#4
pirateXcore
-
- Members
-
- 281 posts
Young Padawan
- Gender:Male
Posted 16 August 2007 - 02:47 AM
That will almost work (actually it might work idk).
Might try
Then have it insert password into the database after it's been encrypted.
And do the same thing when logging in. Then compare the md5 password they used to login with the password in the database.
Might try
$password = $_GET['pass']; $password = md5($password);
Then have it insert password into the database after it's been encrypted.
And do the same thing when logging in. Then compare the md5 password they used to login with the password in the database.
#5
_*Creative Insanity_*
_*Creative Insanity_*
-
- Guests
Posted 16 August 2007 - 03:03 AM
I have no idea what is happening but the encryption is just not working.
The is driving me nuts.
The is driving me nuts.
#6
Mr. Matt
-
- Validating
-
- 1,945 posts
Moderator
- Gender:Not Telling
Posted 16 August 2007 - 03:38 AM
How about post your code so we can see what is wrong?
#7
_*Creative Insanity_*
_*Creative Insanity_*
-
- Guests
Posted 16 August 2007 - 01:56 PM
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["insert"])) && ($_POST["insert"] == "reg")) {
$insertSQL = sprintf("INSERT INTO members (name, avatar, pass, cat) VALUES (%s, %s, %s, %s)",
GetSQLValueString($_POST['name'], "text"),
GetSQLValueString($_POST['avatar'], "text"),
GetSQLValueString($_POST['pass'], "text"),
GetSQLValueString($_POST['name'], "text"));
mysql_select_db($database_DBcifarewell, $DBcifarewell);
$Result1 = mysql_query($insertSQL, $DBcifarewell) or die(mysql_error());
}
#8
Demonslay
-
- Members
-
- 973 posts
P2L Jedi
- Gender:Male
- Location:A strange world where water falls out of the sky... for no reason.
- Interests:Graphic Design, Coding, Splinter Cell, Cats
Posted 16 August 2007 - 04:42 PM
See, you aren't even encrypting it when you are registering a new member.
Simply run the password through md5() and whatever encryption method you chose, and use the same method when comparing for login.
Simply run the password through md5() and whatever encryption method you chose, and use the same method when comparing for login.
#9
_*Creative Insanity_*
_*Creative Insanity_*
-
- Guests
Posted 16 August 2007 - 04:47 PM
I took it out Demonslay, I thought Matt wanted to see the code before I added the md5 stuff.
No matter where I place it I get errors like:
No matter where I place it I get errors like:
Unknown column 'd41d8cd98f00b204e9800998ecf8427e' in 'field list'
Edited by Creative Insanity, 16 August 2007 - 05:03 PM.
#10
Demonslay
-
- Members
-
- 973 posts
P2L Jedi
- Gender:Male
- Location:A strange world where water falls out of the sky... for no reason.
- Interests:Graphic Design, Coding, Splinter Cell, Cats
Posted 16 August 2007 - 05:03 PM
Well, usually what we mean when we want code, is whatever you currently have. 
Please show us both the registration code, and the login code, both with your attempts at using encryption.
Please show us both the registration code, and the login code, both with your attempts at using encryption.
#11
_*Creative Insanity_*
_*Creative Insanity_*
-
- Guests
Posted 16 August 2007 - 05:12 PM
I haven't done the login as yet.. still trying to get the registration one working. Driving me nuts hehe.
But will post my best attempt to date. I just don't understand this stuff at all.
But will post my best attempt to date. I just don't understand this stuff at all.
#12
Demonslay
-
- Members
-
- 973 posts
P2L Jedi
- Gender:Male
- Location:A strange world where water falls out of the sky... for no reason.
- Interests:Graphic Design, Coding, Splinter Cell, Cats
Posted 16 August 2007 - 05:25 PM
Pfft, no wonder. I didn't even pay attention to the fact you are using sprintf(), and why now that you tell me that it is a SQL error, thats simple.
You have to use quotes for strings in SQL; complete basics there. Otherwise it assumes it to be a column name or a function of some sort.
You have to use quotes for strings in SQL; complete basics there. Otherwise it assumes it to be a column name or a function of some sort.
sprintf("INSERT INTO members (name, avatar, pass, cat) VALUES ('%s', '%s', '%s', '%s')",
GetSQLValueString($_POST['name'], "text"),
GetSQLValueString($_POST['avatar'], "text"),
GetSQLValueString($_POST['pass'], "text"),
GetSQLValueString($_POST['name'], "text"));
#13
_*Creative Insanity_*
_*Creative Insanity_*
-
- Guests
Posted 16 August 2007 - 05:49 PM
Maybe I will put this in the too hard basket. Costs me heaps in time and training CDs and still I just cannot get it to work.
I would consider myself a real novice at php. I have used DW for years and years and now only (in the last 6 months) started to remove parts and change parts of what DW generates. DW code I know is like cracking eggs with a sledge hammer, but to date it has served me well for many years. It is only recently I have dug deeper into the code side and for a guy of my age (retired) it is a real hurdle. But many times I get there with a little push in the right direction.
But this md5 stuff mixing with dw code is a pain in the butt to say the least.
what using them in quotes I get the following error:
I would consider myself a real novice at php. I have used DW for years and years and now only (in the last 6 months) started to remove parts and change parts of what DW generates. DW code I know is like cracking eggs with a sledge hammer, but to date it has served me well for many years. It is only recently I have dug deeper into the code side and for a guy of my age (retired) it is a real hurdle. But many times I get there with a little push in the right direction.
But this md5 stuff mixing with dw code is a pain in the butt to say the least.
what using them in quotes I get the following error:
Query was empty
Edited by Creative Insanity, 16 August 2007 - 05:54 PM.
#14
nitr0x
-
- Members
-
- 201 posts
Young Padawan
Posted 16 August 2007 - 06:05 PM
Well if you ask me that's a pretty odd way of inserting into a database anyway. You could try something like this.
Obviously when registering, you would also want to make sure the username hasn't already been taken, plus check to make sure the fields have been entered, etc. and security measures.
If you need any help on all this, then feel free to post here or PM me.
$password = md5($_POST['pass']);
mysql_query("INSERT INTO `members` (`name`,`avatar`,`pass`,`cat`) VALUES ('$name','$avatar','$password','$cat')")or die(mysql_error());Obviously when registering, you would also want to make sure the username hasn't already been taken, plus check to make sure the fields have been entered, etc. and security measures.
If you need any help on all this, then feel free to post here or PM me.
#15
_*Creative Insanity_*
_*Creative Insanity_*
-
- Guests
Posted 16 August 2007 - 06:16 PM
ah huh! hey nitOx thanks a ton for that. I changed the dw code a bit to what you suggested and walla! worked a treat.
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
$password = md5($_POST['pass']);
$name = $_POST['name'];
$avatar = $_POST['avatar'];
$cat = $_POST['name'];
mysql_query("INSERT INTO `members` (`name`,`avatar`,`pass`,`cat`) VALUES ('$name','$avatar','$password','$cat')")or die(mysql_error());
}Next hurdle is login with md5.. but I am sure I can get there with something simular.
#16
nitr0x
-
- Members
-
- 201 posts
Young Padawan
Posted 16 August 2007 - 06:23 PM
With the login, you need to convert the password to the encrypted string, then select from the table where the username is what they entered, and make sure that the two passwords are the same. Example:
Edit:
Well I'm gunna have to go now, but if you get any more problems, just post em here and I'm sure demonslay or someone similar will be here to help you soon.
$user = $_POST['user'];
$pass = md5( $_POST['pass'] );
$query = mysql_query("SELECT * FROM `members` WHERE `username` = '$user'")or die(mysql_error());
$data = mysql_fetch_object($query);
if( $pass == $data->pass ){
//Correct information, set cookie or sessions or whatever you're using.
}else{
print 'Incorrect username or password
}Edit:
Well I'm gunna have to go now, but if you get any more problems, just post em here and I'm sure demonslay or someone similar will be here to help you soon.
Edited by nitr0x, 16 August 2007 - 06:30 PM.
#17
_*Creative Insanity_*
_*Creative Insanity_*
-
- Guests
Posted 16 August 2007 - 06:35 PM
Ok I tried something with the DW code and doh.. here we go again hehe. I am really started to hate DW generates.
I added the md5 to the $password variable.
I added the md5 to the $password variable.
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['name'])) {
$loginUsername=$_POST['name'];
$password= md5($_POST['pass']);
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "members/logged/index.php";
$MM_redirectLoginFailed = "inc/failed.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_DBcifarewell, $DBcifarewell);
$LoginRS__query=sprintf("SELECT name, pass FROM members WHERE name=%s AND pass=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $DBcifarewell) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
#18
.CJ
-
- Members
-
- 114 posts
Young Padawan
- Gender:Male
- Location:Leeds, UK
Posted 16 August 2007 - 06:37 PM
I'd like to try and help, though I can't guarantee a success.
When you submit the login form, the password will be stored in:
You'll need to encrypt it, so put it into a variable:
Now you need to grab your user's info from the database. I will assume you know how to connect and select a database. When the form is submitted, you need to check if the password provided matches the password in the database, which might I add, should be encrypted anyway, this should of been done when inserting the user's data into the database after they registered.
As I stated, this isn't guaranteed to work, I'm just giving a helping hand. Good luck and hope you sort out your problem.
- Chris
When you submit the login form, the password will be stored in:
$_POST['password']
You'll need to encrypt it, so put it into a variable:
$password = md5($_POST['password']);
Now you need to grab your user's info from the database. I will assume you know how to connect and select a database. When the form is submitted, you need to check if the password provided matches the password in the database, which might I add, should be encrypted anyway, this should of been done when inserting the user's data into the database after they registered.
if(isset($_POST['submit'])) {
$query = 'SELECT * FROM {TABLE NAME}';
$row = mysql_fetch_object($query);
if($row->password == $password) {
echo('Hooray, your logged in!');
}
else {
echo('Not logged in!');
}
}As I stated, this isn't guaranteed to work, I'm just giving a helping hand. Good luck and hope you sort out your problem.
- Chris
Edited by .CJ, 16 August 2007 - 06:38 PM.
#19
_*Creative Insanity_*
_*Creative Insanity_*
-
- Guests
Posted 16 August 2007 - 06:40 PM
Ta CJ.. as you can see by my post above yours I have done that. The help is really appreciated
#20
Demonslay
-
- Members
-
- 973 posts
P2L Jedi
- Gender:Male
- Location:A strange world where water falls out of the sky... for no reason.
- Interests:Graphic Design, Coding, Splinter Cell, Cats
Posted 16 August 2007 - 07:30 PM
Bottom line: never trust a program to write a program for you!
Goodness, the code Dreamweaver produces is weak, to say the least. And can be quite confusing at times.
This is seriously coding 101. I would like to see the source code for this GetSQLValueString() function, and if it actually enters quote marks on its return.
To nitr0x: using sprintf() is not an 'odd way of inserting'. It is actually the recommend way of executing SQL queries by php.net.
Lol, what is this supposed to accomplish? Because of the 'false' boolean, this will never be executed.
Goodness, the code Dreamweaver produces is weak, to say the least. And can be quite confusing at times.
This is seriously coding 101. I would like to see the source code for this GetSQLValueString() function, and if it actually enters quote marks on its return.
To nitr0x: using sprintf() is not an 'odd way of inserting'. It is actually the recommend way of executing SQL queries by php.net.
Lol, what is this supposed to accomplish? Because of the 'false' boolean, this will never be executed.
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
