md5 incription error how to solve please help

Question

0.00/5 (No votes)

See more:

Dear Sir,

I have used md5 encryption in registration page and also used in login for encrypt password and check with sql database but problem is.

When i register a new account it encrypt the password like

naveen123 = adkjfdaf35a6df54das65fa4dsda4f

but when i login with the same password then it automatically adds two string extra at the end like

naveen123 = adkjfdaf35a6df54das65fa4dsda4f8c

what i do? please suggest

XML

login HTML

<form name="login" method="POST" action="http://localhost/rb2/checkpoint/index.php">

<label for="username" class="control-label fa-label"><i class="fa fa-user fa-medium"></i></label>

<input type="text" name="username" id="username" placeholder="Username"/><br/>

<label for="password" class="control-label fa-label"><i class="fa fa-lock fa-medium"></i></label>

<input type="password" name="password"  id="password" placeholder="Password"/>

<input id="checkbox" type="checkbox" >

<h5 style="margin-left:30px;margin-top:-14px;">Remember me</h5>
<br>
<input type="button" id="sub" name="submit" class="btn_ok" value="Log in"/>
<br>
<a href="#" style="float:right;margin-top:10px;">Forgot Password?</a>
<br>
</form>

PHP

if($_SERVER['REQUEST_METHOD'] == 'POST')

{

    $username = $_POST['username'];

    $password = md5($_POST['password']);

    $username = stripslashes($username);

    $password = stripslashes($password);

    $username = mysql_real_escape_string($username);

    $password = mysql_real_escape_string($password);





    $sql = "select * from users where username = '$username' and password = '$password'";

    $result = mysql_query($sql);

    $count = mysql_num_rows($result);

    if($count==1)

    {

       $_SESSION['user']= $username;

       header("Location:http://localhost/rb2/dashboard");

    }

    else

    {

         $error = "Incorrect Username or Password";

    }

}

else

{

        $error = "";

}

?>

XML

Registration Page



 <label for="password" class="control-label">Password</label>

<input type="password" class="form-control" id="password" placeholder="">

</div>

<div class="col-md-6">

<label for="password" class="control-label">Confirm Password</label>

<input type="password" class="form-control" id="password_confirm" placeholder="">

</div>

</div>

<div class="form-group">

<div class="col-md-12">

<label><input type="checkbox" name="checkit" id="checkit">I agree to the <a href="javascript:;" data-toggle="modal" data-target="#templatemo_modal">Terms of Service</a> and <a href="#">Privacy Policy.</a></label>

</div>

</div>

<p style="color:#F78E21" class="noname">Enter First name</p>

<p style="color:#F78E21" class="noemail">Enter Email Address</p>

<p style="color:#F78E21"class="nosex">Select Gender</p>

<p style="color:#28AAFF;" class="inemail">Enter valid Email Address</p>

<p style="color:#F78E21" class="phoneno">Enter Mobile No.</p>

<p style="color:#F78E21"  class="nouser">Enter a Username</p>

<p style="color:#F78E21" class="nopass">Enter Password</p>

<p style="color:#F78E21" class="conpass">Password and Confirm Password Not Matching</p>



<div class="form-group">

<div class="col-md-12">

<input type="submit" id="submit" value="Create account" class="crystal">

</div>

</div>

</div>

PHP

<?php



session_start();



$link = mysql_connect('localhost','root','');



include("dbcon.php");



mysql_select_db("rb",$link) or die('couldnt able to connect db');



$fname = $_POST['fname'];

$lname = $_POST['lname'];

$email = $_POST['email'];

$mobile = $_POST['mobile'];

$sex = $_POST['sex'];

$username = str_replace(' ','',$_POST['username']);

$password = str_replace(' ','',$_POST['password']);

$password = md5($password);



$sql = "INSERT into users(firstname,lastname,email,username,password,gender,mobile) values('$fname','$lname','$email','$username','$password','$sex','$mobile')";



mysql_query($sql) or die("$query:<br>".mysql_error());



$_SESSION['user']=$username;



mysql_close($link);



?>

C#

javascript



function checklogin(){



    var user = $("#username").val();

    var pass = $("#password").val();



    var data = 'username=' + user + '&password=' + pass;



    $.ajax({

        type: 'POST',

        data: data,

        url: 'checkpoint/index.php',

        dataType: 'html',

        success: function(res){

            alert(res);

            if(res==1)

            {

                   alert("OK");

            }

            else if(res==0)

            {

                alert("NOT OK");

            }

        }



    });



};



createuser jquery



function createuser(){

    var fname = $("#first_name").val();

    var lname = $("#last_name").val();

    var email = $("#email").val();

    var mobile = $("#mobile").val();

    var username = $("#username").val();

    var password = $("#password").val();

    var sex = $("input[name=optionsRadios]:checked").val();



    var postdata = 'fname=' + fname + '&lname=' + lname + '&email=' + email + '&mobile=' + mobile + '&username=' + username + '&password=' + password + "&sex=" + sex;



     $.ajax({

         type: 'POST',

         url: 'http://localhost/rb2/php/registration.php',

         data: postdata,

         success: function(){

            window.location.href = "http://localhost/rb2/dashboard";

         },

         error: function(){

            alert("Sorry, There is some problem Please Contact Us");

         }

   });

};

Database

users

username
----------------
varchar(30) and primary key

Password
------------------------------
varchar(30)

there are many fields but prob in password

Posted 7-Sep-15 21:59pm

Naveen Roy

Updated 9-Sep-15 21:35pm

v3

Add a Solution

Comments

Richard MacCutchan 8-Sep-15 4:11am

Check what is wrong with your code. It is impossible for anyone here to guess what you are doing.

OriginalGriff 8-Sep-15 4:24am

This is not a good question - we cannot work out from that little what you are trying to do.
Remember that we can't see your screen, access your HDD, or read your mind.
So without your code (both registration and login) we can't tell.
Oh, and look at your database: make sure that whatever field you store it in is big enough.
Use the "Improve question" widget to edit your question and provide better information.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Graham Breach · Accepted Answer · 2015-09-07T23:31:00

Solution 1

The problem is that the hash you have stored in the database is truncated - it should be 32 hex digits long and your first value is only 30 digits. Maybe your SQL table field is only a CHAR(30).

Here's the Wikipedia page about MD5[^] - I suggest reading the security section, which might put you off using MD5 for passwords.

Posted 7-Sep-15 23:31pm

Graham Breach

Comments

Richard MacCutchan 8-Sep-15 6:06am

Well spotted, +5.

Naveen Roy 10-Sep-15 3:37am

oh i got it............ thanks