Results 1 to 3 of 3

Thread: Registration & login Help

  1. #1

    Thread Starter
    Lively Member lavarock09's Avatar
    Join Date
    Jun 2005
    Posts
    124

    Registration & login Help

    Hey All...

    I have these two pieces of codem login.php & reg.php

    reg.php

    PHP Code:
    <?
    include 'config.php';
    $conn = mysql_connect($host,$username,$password);
    mysql_select_db($db) or die("Unable to select database"); 
    $username2 = ($_POST[username]);
    $password2 = ($_POST[password]);
    $password3 = md5($password2);
       $password3 = md5(substr($password2, 18, 51) . md5(substr($password2, 2, 14)));
       $password4 = md5(substr($password3, 12,23) . md5(substr($password3,1, 64)));
       $password5 = md5(substr($password4, 15, 21) . md5(substr($password4, 23, 34)));
       $password6 = md5(substr($password5, 3, 5) . md5(substr($password5, 32, 64)));
       $password7 = md5(substr($password6, 17, 34) . md5(substr($password6, 32, 34)));
    if (mysql_query("INSERT INTO `users` (`username`, `password`) VALUES ('$username2' , '$password7')"))
    {
    echo ("Registration Unsuccessful"); //Yes I know these (the two echoes, one to the left and one below) Are the wrong way round
    }
    else
    {
    echo ("Registration Successful. You may now login with your username and password."); 
    }
    ?>
    login.php

    PHP Code:
    <? 
    include 'config.php'; 
    $conn = mysql_connect($host,$username,$password); 
    mysql_select_db($db) or die("Unable to select database, Please Check you config.php file. If this is correct, ask your web administrator"); 
    $username2 = ($_POST['username']); 
    $password2 = ($_POST['password']); 
    $password3 = md5($password2); 
       $password3 = md5(substr($password2, 18, 51) . md5(substr($password2, 2, 14))); 
       $password4 = md5(substr($password3, 12,23) . md5(substr($password3,1, 64))); 
       $password5 = md5(substr($password4, 15, 21) . md5(substr($password4, 23, 34))); 
       $password6 = md5(substr($password5, 3, 5) . md5(substr($password5, 32, 64))); 
       $password7 = md5(substr($password6, 17, 34) . md5(substr($password6, 32, 34))); 
    $row = mysql_query("SELECT * FROM `users` WHERE `username` = '$username2'"); 
    if ($row['password'] == $password7) 

    echo ("Successfully Logged in"); 

    else 

    echo ("Username or Password incorrect...Please try again."); 

    ?>
    reg.php will put the heavily encrypted password into the db...but when I come to login with login.php it won't match the password

    Can anyone help?

  2. #2
    VBA Nutter visualAd's Avatar
    Join Date
    Apr 2002
    Location
    Ickenham, UK
    Posts
    4,906

    Re: Registration & login Help

    All that hashing is not necessary and some of those calls to substr() are invalid. An md5 hash is never longer than 32 characters. If you are storing the password as a hash, you need to ensure the maximum character length of the field you are storing it in is also 32 characters.
    PHP || MySql || Apache || Get Firefox || OpenOffice.org || Click || Slap ILMV || 1337 c0d || GotoMyPc For FREE! Part 1, Part 2

    | PHP Session --> Database Handler * Custom Error Handler * Installing PHP * HTML Form Handler * PHP 5 OOP * Using XML * Ajax * Xslt | VB6 Winsock - HTTP POST / GET * Winsock - HTTP File Upload

    Latest quote: crptcblade - VB6 executables can't be decompiled, only disassembled. And the disassembled code is even less useful than I am.

    Random VisualAd: Blog - Latest Post: When the Internet becomes Electricity!!


    Spread happiness and joy. Rate good posts.

  3. #3
    Hyperactive Member
    Join Date
    Nov 2003
    Location
    In Front of my computer...
    Posts
    367

    Re: Registration & login Help

    sanitize values you get from users ALWAYS
    Born to help others
    (If I've been helpful then please rate my post. Thanks)

    call me EJ or be slapped!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width