-2

How to fetch md5 password from database. i am making a login form> i want,when the user is going to login.if the username and password text field is matched with database than use will login.

database.. in database,i store the password with md5(). now how to fetch the password from database.and how to make validation with this. thanks all

<h1>Login Here</h1>
<form name="f1" action="login.php" method="post">
<table border="1">
<tr><td>username</td><td><input type="text" name="t1"></td></tr>
<tr><td>password</td><td><input type="password" name="t2"></td></tr>
<tr><td><input type="submit" value="login"></td></tr>
</table>
</form>

login.php 

  <?php
    include "db.php";
    $user=$_POST['t1'];
    $pass=$_POST['t2'];
    $result=mysql_query("select * from core where username='$user'")or die(mysql_error());
    $row=mysql_fetch_row($result);
    ?>
    <h1>Welcome Mr. <?php echo $user;?></h1>
    <table border="1">
    <tr><td>Your User-Id :- </td><td><?php echo $row[0];?></td></tr>
    <tr><td>Your Username: </td><td><?php echo $row[1];?></td></tr>
    <tr><td>your md5 Password: </td><td><?php echo $row[2];?></td></tr>
    <tr><td>your Email Id: </td><td><?php echo $row[3];?></td></tr>
    </table>
user3060132
  • 19
  • 1
  • 8
  • 6
    Dont try to decode the password from database.Instead of that try encoding the user entered password as md5 and check it with that it the database. – 웃웃웃웃웃 Dec 12 '13 at 06:26
  • What do you mean? Show us your current codes. Also, `md5()` is very unsafe for hashing password. – Raptor Dec 12 '13 at 06:27
  • what have u tried so far? show us the code... – Dev Dec 12 '13 at 06:27
  • apply md5() function to the password string given while login and check to compare with that stored in the database. – ray Dec 12 '13 at 06:29
  • There is so much wrong with this that I think my head is going to explode. – Amelia Dec 12 '13 at 06:30
  • *sidenote:* stop using deprecated `mysql_*` functions. use [MySQLi](http://php.net/manual/en/book.mysqli.php) or [PDO](http://php.net/manual/en/book.pdo.php) instead. – Raptor Dec 12 '13 at 06:33
  • just encode your password to md5 and after that compare it. – Dev Dec 12 '13 at 06:37
  • How to use validation ..if user going to login..I want to use validation.i mean ..how to compare database password(md5 form) with user entered password – user3060132 Dec 12 '13 at 06:45

1 Answers1

0

Dont try to decode the password from database and check it with that of user entered input pasword.Instead of that try encoding the user entered password as md5 and check it with that it the database.

There is no way to decrypt MD5. Well, there is, but no reasonable way to do it. That's kind of the point.

To check if someone is entering the correct password, you need to MD5 whatever the user entered, and see if it matches what you have in the database. For more you can check in this answer.

So what you can do is like this

 if(isset($_POST['t2']) && trim($_POST['t2']) != ''){
   $pass = md5(trim($_POST['t2']));
   //Do a select query for fetching with the username and $pass and do the rest
 }
Community
  • 1
  • 1
웃웃웃웃웃
  • 11,829
  • 15
  • 59
  • 91
  • *There is no way to decrypt MD5.* ? Can't agree with this. Although MD5 is an one-way hash algorithm, there are a lot of online resources that provides reverse mapping of md5 hashes (even `md5() * md5()` or combination of `md5() with sha1()` are reversed mapped). – Raptor Dec 12 '13 at 06:36
  • You can find a well explained reason in the link in the answer. @ShivanRaptor – 웃웃웃웃웃 Dec 12 '13 at 06:38