|
-
Nov 1st, 2005, 12:25 PM
#1
Thread Starter
Lively Member
Registration & login Help
Hey All...
I have these two pieces of codem login.php & reg.php
reg.php
PHP Code:
<?
include 'config.php';
$conn = mysql_connect($host,$username,$password);
mysql_select_db($db) or die("Unable to select database");
$username2 = ($_POST[username]);
$password2 = ($_POST[password]);
$password3 = md5($password2);
$password3 = md5(substr($password2, 18, 51) . md5(substr($password2, 2, 14)));
$password4 = md5(substr($password3, 12,23) . md5(substr($password3,1, 64)));
$password5 = md5(substr($password4, 15, 21) . md5(substr($password4, 23, 34)));
$password6 = md5(substr($password5, 3, 5) . md5(substr($password5, 32, 64)));
$password7 = md5(substr($password6, 17, 34) . md5(substr($password6, 32, 34)));
if (mysql_query("INSERT INTO `users` (`username`, `password`) VALUES ('$username2' , '$password7')"))
{
echo ("Registration Unsuccessful"); //Yes I know these (the two echoes, one to the left and one below) Are the wrong way round
}
else
{
echo ("Registration Successful. You may now login with your username and password.");
}
?>
login.php
PHP Code:
<?
include 'config.php';
$conn = mysql_connect($host,$username,$password);
mysql_select_db($db) or die("Unable to select database, Please Check you config.php file. If this is correct, ask your web administrator");
$username2 = ($_POST['username']);
$password2 = ($_POST['password']);
$password3 = md5($password2);
$password3 = md5(substr($password2, 18, 51) . md5(substr($password2, 2, 14)));
$password4 = md5(substr($password3, 12,23) . md5(substr($password3,1, 64)));
$password5 = md5(substr($password4, 15, 21) . md5(substr($password4, 23, 34)));
$password6 = md5(substr($password5, 3, 5) . md5(substr($password5, 32, 64)));
$password7 = md5(substr($password6, 17, 34) . md5(substr($password6, 32, 34)));
$row = mysql_query("SELECT * FROM `users` WHERE `username` = '$username2'");
if ($row['password'] == $password7)
{
echo ("Successfully Logged in");
}
else
{
echo ("Username or Password incorrect...Please try again.");
}
?>
reg.php will put the heavily encrypted password into the db...but when I come to login with login.php it won't match the password
Can anyone help?
-
Nov 3rd, 2005, 12:59 AM
#2
Re: Registration & login Help
All that hashing is not necessary and some of those calls to substr() are invalid. An md5 hash is never longer than 32 characters. If you are storing the password as a hash, you need to ensure the maximum character length of the field you are storing it in is also 32 characters.
-
Nov 4th, 2005, 10:43 AM
#3
Hyperactive Member
Re: Registration & login Help
sanitize values you get from users ALWAYS
Born to help others
(If I've been helpful then please rate my post. Thanks)
call me EJ or be slapped! 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|