Hi, I'm trying to write a md5 hash to auth users... And before I get flamed
about md5 not being a crypt system but a hashing system I know... Security
is not a problem..
I'm trying to build a standalone Message Update Center intranet with PHP
The problem I'm having is comparing a user inputed word or passphrase and comparing the code to the hash on a mysql database....
here's the code.... <?php
// connect to database
$connection = mysql_connect("localhost","root");
mysql_select_db("forum");
$result = mysql_query('Select username, password from users');
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{ // start while fetch loop
if($_POST['givenuser'] == $row['username'])
{ // Begin user check
if( md5($_POST['givenpassword']) == $row['password'] )
print("Welcome!");
// The problem I'm having is the comaprisons are not accurate.....
// If I display ---> print(md5($_POST['givenpassword']);
// and $row['password'] to the browser all 32 char are identical
} // end user check
} // end while fetch loop
$connection = mysql_connect("localhost","root");
mysql_select_db("forum");
$result = mysql_query('
SELECT 1
FROM `users`
WHERE `username` = \'' . mysql_real_escape_string($_POST['givenuser')) . '\' AND
`password` = \'' . md5($_POST['givenpassword'] . '\'');
if(mysql_num_rows($result))
print 'Welcome!';
-- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
http://www.smempire.org
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
