I am using md5 to hashed my password, but when I try to log in, I can't log. don't know what to do next

Question

I have a login form with a hashed password to the database but when I log in using the password I assigned , I cannot log, I don't what to do next. I am using md5 to hashed passwords.

here is my code in inserting data to my db:

<?php
$con = mysql_connect("localhost","abc123","abc123");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("database_db", $con);


$password= $_POST['password'];
$encrypt_password=md5($password);

$sql="INSERT INTO username (username, password)
VALUES
('$_POST[username]','$encrypt_password')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 data added";

mysql_close($con)
?>

The code inserting it into the database looks OK to me. Can you post the code for logging in? Are you converting the login form's password to MD5 before comparing it with the database? — Justin, May 27 '11 at 04:15
what is your code to check the credentials? are you getting any errors? — Tudor Constantin, May 27 '11 at 04:16

score 2 · Answer 1 · edited May 23 '17 at 11:55

2

You have to rehash the password input the exact same way you stored it in order to validate it.

Example:

if (md5($_POST['password']) === $stored_md5_password)
{
    // Password is valid
}

MD5 is usually considered a weak hashing algorithm, especially when the SHA encryptions are so easily available. Some interesting related reads:

edited May 23 '17 at 11:55

Community

1
1

answered May 27 '11 at 04:14

Wesley Murch

101,186
37
194
228

here is my html form: HASH
Department ID:

Password:

– jack May 27 '11 at 04:17
1

Do you understand my answer? It's not an HTML question. Also STOP! Put this in your question if it's relevant (click "edit"). – Wesley Murch May 27 '11 at 04:18

I am using md5 to hashed my password, but when I try to log in, I can't log. don't know what to do next

1 Answers1