i am working in simple login program i insert my my password and encrypt via MD5 hash. but now when i have to login i can't go threw that. i have a trouble comparing my login password to md5 hash in database.
This is what i done i put my md5 which i use in comment.
<?php
if(isset($_SESSION['userid']) && isset($_REQUEST['action']) && $_REQUEST['action'] == 'logout')
{
//We log him out by deleting the username and userid sessions
unset($_SESSION['username'], $_SESSION['userid'], $_SESSION['name']);
$flagLogoutMessage = true;
}
// Login Form Check here
$ousername = '';
//We check if the form has been sent
if(isset($_POST['username'], $_POST['pwd']))
{
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$ousername = stripslashes($_POST['username']);
$username = mysql_real_escape_string(stripslashes($_POST['username']));
$password = stripslashes($_POST['pwd']);
//$password = MD5($password);
}
else
{
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = $_POST['pwd'];
//$password = MD5($password);
}
//We get the password of the user
$req = mysqli_query($conn, 'select pwd,rec_id from user_master where username="'.$username.'" AND u_status="Y"');
$dn = mysqli_fetch_array($req);
//We compare the submited password and the real one, and we check if the user exists
if($dn['pwd']==$password and mysqli_num_rows($req)>0)
{
//If the password is good, we dont show the form
$form = false;
//We save the user name in the session username and the user Id in the session userid
$_SESSION['username'] = $_POST['username'];
$_SESSION['userid'] = $dn['rec_id'];
$select_name = mysqli_query($conn, 'select f_name,l_name from user_master where rec_id="'.$dn['rec_id'].'"');
$dn = mysqli_fetch_array($select_name);
if(mysqli_num_rows($select_name)>0)
{
$_SESSION['name'] = $dn['f_name']." ".$dn['l_name'];
// $_SESSION['last_name'] = $dn['last_name'];
}
$flagLoginMessage = true;
}
else
{
//Otherwise, we say the password is incorrect.
$form = true;
$message = 'The username or password is incorrect or Your account is blocked by Admin';
}
}
else
{
$form = true;
}
?>
Maybe can use SQL
$password = md5($_POST['pwd']);
$req = mysqli_query($conn, 'select pwd,rec_id from user_master where username="'.$username.'" and pwd="'.$password.'" AND u_status="Y"');
if(mysqli_num_rows($req)>0)
{
echo "login OK";
}
else
{
echo "The username or password is incorrect";
}</div>
you have to check your database password length you must have to 32 length for MD5
To first of all you have to check your database type and length then make your password type and Length/Values to 32.
<?php
class Login extends CI_Controller {
function index()
{
$data['main_content'] = 'login_form';
//$this->load->view('header2');
$this->load->view('includes/template', $data);
//$this->load->view('footer');
}
function validate_credentials()
{
$this->load->model('membership_model');
$query = $this->membership_model->validate();
if($query) // if the user's credentials validated...
{
$data = array(
'username' => $this->input->post('username'),
'is_logged_in' => true
);
$this->session->set_userdata($data);
redirect('site/members_area');
}
else // incorrect username or password
{
$this->index();
}
}
function signup()
{
$data['main_content'] = 'signup_form';
$this->load->view('includes/template', $data);
}
function create_member()
{
$this->load->library('form_validation');
// field name, error message, validation rules
$this->form_validation->set_rules('first_name', 'Name', 'trim|required');
$this->form_validation->set_rules('last_name', 'Last Name', 'trim|required');
$this->form_validation->set_rules('email_address', 'Email Address', 'trim|required|valid_email');
$this->form_validation->set_rules('username', 'Username', 'trim|required|min_length[4]');
$this->form_validation->set_rules('password', 'Password', 'trim|required|min_length[4]|max_length[32]');
$this->form_validation->set_rules('password2', 'Password Confirmation', 'trim|required|matches[password]');
if($this->form_validation->run() == FALSE)
{
$data['main_content'] = 'signup_form';
$this->load->view('includes/template', $data);
}
else
{
$this->load->model('membership_model');
if($query = $this->membership_model->create_member())
{
$data['main_content'] = 'signup_successful';
$this->load->view('includes/template', $data);
}
else
{
$this->load->view('signup_form');
}
}
}
function logout()
{
$this->session->sess_destroy();
$this->index();
}
}
md5 should not be used for passwords, it has been rainbow tabled to death. If you're using php version 5.5 or newer, there are built in functions for generating and verifying password hashes. If you're using a version of php older then 5.5, there is a backwards compatibility librrary available
The backwards compatible library for the older versions of PHP (I would hope that no-one is using any version of PHP older then 5.3) and the built in functions for PHP 5.5 and newer (http://php.net/manual/en/ref.password.php) have functions for verifying the submitted password.
User submitted data once validated is better off being used with prepared statements as it eliminates the risk of SQL Injection attack.
When running any query, error handling needs to be in place (the modern method is to use exceptions), do deal with any errors if a query fails. In some cases a query failing might been that a transaction needs to be rolled back, and in some cases you might need to terminate the execution of a script
Don't forget to make sure that the password field in the users table is a long enough length to handle the whole hash otherwise it'll get truncated and all users will get refused access