Login problem with password in MD5

Navigation
0

Login Form: 

<form id="1" name="1" action="pass.php" method="post">
<div class="login">

    <input placeholder="Usuário" type="text" id="username" size="25" name="name" /><br>
    <input placeholder="Senha" id="pass" type="password" size="25" name="pass" /><br>
    <input type="submit" name="1" value="Login" /> 
    <input type="hidden" name="ed_type" value="" /> 
    <input type="hidden" name="redirect" value="<? echo $redirect;?>" />
</div>
</form>

pass.php 

    <?
        session_start();
        $usuario_admin=isset($_SESSION['1x11'])?$_SESSION['1x11']:'';

       include("conf.inc.php");
       include("conectar.php");

  $query="select * from admin where username='".$_POST["name"]."' and pass=MD5('".$_POST["pass"]."')";
      $result=mysql_query($query,$db);
      $row=mysql_fetch_array($result);
      $total = mysql_num_rows($result);
      $name=$_POST['name'];
      $pass=$_POST['pass'];
      $ADMIN_USERNAME=$row["username"];
      $ADMIN_PASSWORD=$row["pass"];

      if($total>0){   
          if($name==$ADMIN_USERNAME && $pass==$ADMIN_PASSWORD){
              if($usuario_admin!='') $_SESSION['1x11']="";
              $_SESSION["1x11"] = $name;
              $_SESSION['logedin'] = true;
              $_SESSION["type"] = $row["type"];
              $_SESSION["usrname"] = $name;
              $_SESSION["logid"] = $row["id"];
              header("Location:index2.php");
          }
      } else {
        header("Location:index.php?id=1");
      }
    ?>

PHP to update password by form after login: 

<?
       include_once("conf.inc.php");
       include("conectar.php");

    $sel="select * from admin where id='".$_SESSION["logid"]."'";
    $ressel=mysql_query($sel);
    $rowsel=mysql_fetch_object($ressel);
    $name=stripslashes($rowsel->username);
    $title=stripslashes($rowsel->pass);



if(isset($_POST['submit'])){
    $title = addslashes($_POST["title"]);
    $sql="update admin set pass=MD5('".$title."') where id='".$_SESSION["logid"]."'";         
    $ressql=mysql_query($sql) or die("Erro ao atualizar a senha!");
    header('location:message.php?msg=55');
}
?>

Personal, I have a problem here, I can not make the login work.

To update the password after login it works normally and registers in the DB as MD5, but when it logs out and tries to log in again it does not work, it says the password is wrong.

What can be happening? It looks like it's not converting to MD5 when you log in ...

    
asked by anonymous 14.10.2016 / 02:59

3 answers

0

I noticed two details in your code:

The first is that by checking the password you are using the PHP md5 function

  

$ query="select * from admin where username = '" $ _ POST ["name"]. "' and pass = '" .md5 ($ _ POST ["pass"]). "" ";

The second is that when you update the password in the database, you are using the MD5 function provided by your database:

  

$ sql="update admin set pass = MD5 ('$ title') where id = '" $ _ SESSION ["logid"].

In my opinion, a good practice is to always use the same method (even if the algorithm is the same), so a hint is to use either the MD5 method of the bank or the PHP method in both cases. p>

But back to your mistake ...

You forgot to concatenate the password for the hash method, when you update the password, you are always using the string $title .

Try this: 

$sql="update admin set pass=MD5('".$title."') where id='".$_SESSION["logid"]."'";
    
14.10.2016 / 04:09
0

I had a problem like this because the bank was generating uppercase and the nodejs in my lowercase case when comparing are different: example c8d11180c956e5b5afc3d1970ce2193e < > C8D11180C956E5B5AFC3D1970CE2193E

    
14.10.2016 / 05:51
0

As the colleague said, using md5 methods of language and bank may be that of some difference, although I find this unlikely.

I suggest that you remove MD5(...) of queries and use this conversion before:

  

$ passwd = md5 ($ user password);

I used $senhaDoUsuario for you are using two different variables then replace with the corresponding one, and consecutively use the new variable $passwd in the query

Another thing this down, change it by the above quote.

  

$ title = addslashes ($ _ POST ["title"]);

Because addslashes may be adding some \ to your password where it should not, and with the conversion to md5 as mentioned, you will already delete SQL Injection at least in this variable

. >     
14.10.2016 / 06:47
Separating substrings and storing in C ++ variables Hibernate with PivotTable Names