Hi, I have no experience with MD5, but one of my clients has a php script that uses it. It worked on his last server.
Is MD5 normally pre-installed on plesk 5 redhat 7.3 servers?
If not, how do I install it?
in case this helps, here's the source..
if ($process == "logindone")
{
$usersstats = mysql_fetch_array(mysql_query("SELECT * FROM geo_users WHERE username = '$username'"));
$pass = MD5($pass);
$cl = mysql_query("SELECT * FROM geo_users WHERE username = '$username' AND password = '$pass'");
IF($userstats[stats] == "0"){
echo "Sorry but your account has been frozen";
die();
}else
if(mysql_num_rows($cl) == 0){
die("Incorrect password or no such user");
include("footer.php");
die();
}
$cl2 = mysql_fetch_array($cl);
$_SESSION['username'] = $username;
$_SESSION['pass'] = $pass;
echo "
you have been logged in $username";
include("footer.php");
die();
}
Full Version: MD5 Not working
i'm in the middle of reading a php/mysql book right now. but isnt md5 a function within php? md5sum is the binary on linux systems. what exact problem is he getting? is the password not being encrypted?
echo md5("bob");
?>
works ok for my plesk box.
echo md5("bob");
?>
works ok for my plesk box.
MD5 is available in PHP and Mysql. The query could be:
$cl = mysql_query("SELECT * FROM geo_users WHERE username = '$username' AND password = MD5('$pass')"); and the
$pass = MD5($pass); line can be removed.
To verify that MD5 works
echo MD5('user');
?>
You should see a long string.
$cl = mysql_query("SELECT * FROM geo_users WHERE username = '$username' AND password = MD5('$pass')"); and the
$pass = MD5($pass); line can be removed.
To verify that MD5 works
echo MD5('user');
?>
You should see a long string.
My client set the password database field to 30 characters, when the hash was 32. it was fixed though. Thanks for the help!
QUOTE
Originally posted by 4PSA
MD5 is available in PHP and Mysql. The query could be:
$cl = mysql_query("SELECT * FROM geo_users WHERE username = '$username' AND password = MD5('$pass')");
MD5 is available in PHP and Mysql. The query could be:
$cl = mysql_query("SELECT * FROM geo_users WHERE username = '$username' AND password = MD5('$pass')");
remember, in PHP the functions are not case sensitive, md5 works just like MD5. Also, the above really should be:
$cl = mysql_query("SELECT * FROM geo_users WHERE username = '$username' AND password = '".md5($pass)."'");
And as well, you should always try to use uniqid() when using md5, gives the string passed just that little bit more security.
ie.
$var="this";
echo "
";";
echo "$var has no uniqid:";
echo "n";
echo md5($var);
echo "n";
echo "n";
echo "$var now has a uniqid";
echo "n";
echo md5(uniqid($this));
echo "n";
echo "n";
echo "see the difference?";
echo "
?>
That is not what you want to use when confirming things in a db, uniqid will make every session different
http://www.php.net/manual/en/function.uniqid.php
lol, too much shell scripting, forgot the ";" after echo. BAD BASH!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.