I’m trying to have the user login with the password he put in the register field (which has now been hashed in the database).
It would seem this code:
$password=md5($_POST['password']);
Doesn’t work…here is how I’m inserting it into the database (Yes I am aware sql is deprecated and I’m not using $salt
, just using this for testing purposes, I am also aware md5
is easy to crack, will fix it later)
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "register-form")) {
$insertSQL = sprintf("INSERT INTO Users (UserID, Fname, Lname, Username, Password) VALUES ('$userid', '$fname', '$lname', '$username', md5 ('".$password."'))",
GetSQLValueString($_POST['UserID'], "int"),
GetSQLValueString($_POST['Fname'], "text"),
GetSQLValueString($_POST['Lname'], "text"),
GetSQLValueString($_POST['Username'], "text"),
GetSQLValueString($_POST['password'], "text"));
And this is how I’m getting the password from the database:
if (isset($_POST['Username'])) {
$loginUsername=$_POST['Username'];
$password=md5($_POST['password']);
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "filelocation";
$MM_redirectLoginFailed = "login.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_Connection_Users, $Connection_Users);
$LoginRS__query=sprintf("SELECT Username, Password FROM Users WHERE Username=%s AND Password= md5 ('".$password."')",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
Whether I delete the part where it says: $LoginRS__query=sprintf("SELECT Username, Password FROM Users WHERE Username=%s AND Password= md5 ('".$password."')"
and leave it as → AND Password=%s
this won’t work: $password=md5($_POST['password']);
Can anyone help me out with this?
I will fix the code later, just using this for testing