Registration & login Help
Hey All...
I have these two pieces of codem login.php & reg.php
reg.php
PHP Code:
<?
include 'config.php';
$conn = mysql_connect($host,$username,$password);
mysql_select_db($db) or die("Unable to select database");
$username2 = ($_POST[username]);
$password2 = ($_POST[password]);
$password3 = md5($password2);
$password3 = md5(substr($password2, 18, 51) . md5(substr($password2, 2, 14)));
$password4 = md5(substr($password3, 12,23) . md5(substr($password3,1, 64)));
$password5 = md5(substr($password4, 15, 21) . md5(substr($password4, 23, 34)));
$password6 = md5(substr($password5, 3, 5) . md5(substr($password5, 32, 64)));
$password7 = md5(substr($password6, 17, 34) . md5(substr($password6, 32, 34)));
if (mysql_query("INSERT INTO `users` (`username`, `password`) VALUES ('$username2' , '$password7')"))
{
echo ("Registration Unsuccessful"); //Yes I know these (the two echoes, one to the left and one below) Are the wrong way round
}
else
{
echo ("Registration Successful. You may now login with your username and password.");
}
?>
login.php
PHP Code:
<?
include 'config.php';
$conn = mysql_connect($host,$username,$password);
mysql_select_db($db) or die("Unable to select database, Please Check you config.php file. If this is correct, ask your web administrator");
$username2 = ($_POST['username']);
$password2 = ($_POST['password']);
$password3 = md5($password2);
$password3 = md5(substr($password2, 18, 51) . md5(substr($password2, 2, 14)));
$password4 = md5(substr($password3, 12,23) . md5(substr($password3,1, 64)));
$password5 = md5(substr($password4, 15, 21) . md5(substr($password4, 23, 34)));
$password6 = md5(substr($password5, 3, 5) . md5(substr($password5, 32, 64)));
$password7 = md5(substr($password6, 17, 34) . md5(substr($password6, 32, 34)));
$row = mysql_query("SELECT * FROM `users` WHERE `username` = '$username2'");
if ($row['password'] == $password7)
{
echo ("Successfully Logged in");
}
else
{
echo ("Username or Password incorrect...Please try again.");
}
?>
reg.php will put the heavily encrypted password into the db...but when I come to login with login.php it won't match the password
Can anyone help?
Re: Registration & login Help
All that hashing is not necessary and some of those calls to substr() are invalid. An md5 hash is never longer than 32 characters. If you are storing the password as a hash, you need to ensure the maximum character length of the field you are storing it in is also 32 characters.
Re: Registration & login Help
sanitize values you get from users ALWAYS