1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP md5 password; can't login

Discussion in 'PHP & Perl' started by albertc, Jul 17, 2015.

  1. albertc

    albertc Newbie

    Joined:
    Jul 14, 2015
    Messages:
    9
    Likes Received:
    1
    Hey,

    Since this is my first post here, I'd like to say hello :)

    I'm a complete noob in the php world, but I have to set up a database and some config files to make an experiment working.
    My config file is for configuring the login and pass for my server, database and the GUI login panel.

    This is the config file

    PHP:
    //$sHost should be the MYSQL host of the database, by default localhost 
      
    $sHost               "localhost"
       
      
    //$sUser should be the user of the database 
      
    $sUser             "root"
       
      
    //$sPass should be the password of the database user supplied before 
      
    $sPass             "root"
       
      
    //$sDatabase should be the database name where the tables should be installed in 
      
    $sDatabase         "database_name"
       
      
    //$sPanelUsername should be the username you want to login to the panel 
      
    $sPanelUsername     "Panel_Username"
       
      
    //$sPanelPassword should be the password you want to login to the panel 
      
    $sPanelPassword     "PanelPass"//MD5(Password) 
      
    This is the part of the index.php for the login panel

    PHP:
      //LOGIN 
                
    if (isset($_GET['login'])) { 
                    if (isset(
    $_POST["password"])) { 
                        if ((
    md5($_POST["password"]) == $sPanelPassword) && ($_POST["username"] == $sPanelUsername)) { 
                                
    $_SESSION["password"] = $sPanelPassword
                                
    $_SESSION["username"] = $sPanelUsername
                                
    //Logged in, Proceed.. 
                                
    header('Location: ?stats'); 
                        } 
                    } 
                    Print 
    file_get_contents("inc/login.html"); 
                    exit; 
                }
    I did not write this myself, I got it from the net. Everything seems to work fine except the login.
    I tried to change the md5 pass to a non encrypted password, but this failed misserably.

    EDIT: I got no error messages.

    Can someone help me out?

    thx
     
    Last edited: Jul 17, 2015
  2. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,642
    Likes Received:
    11,355
    Occupation:
    Pusillanimous Knitter
    Location:
    Buenos Aires
    Welcome aboard.

    Go here: http://www.md5.cz
    Type the password you want, press the button, copy the long string into the last variable of the config file
    When you log in, use the original password.
     
  3. albertc

    albertc Newbie

    Joined:
    Jul 14, 2015
    Messages:
    9
    Likes Received:
    1
    I already did that, it doesn't seem to respond.
    when I changed the md5 to non encrypted I did this:

    PHP:
      //LOGIN 
                
    if (isset($_GET['login'])) { 
                    if (isset(
    $_POST["password"])) { 
                        if ((
    $_POST["password"]) == $sPanelPassword) && ($_POST["username"] == $sPanelUsername)) { 
                                
    $_SESSION["password"] = $sPanelPassword
                                
    $_SESSION["username"] = $sPanelUsername
                                
    //Logged in, Proceed.. 
                                
    header('Location: ?stats'); 
                        } 
                    } 
                    Print 
    file_get_contents("inc/login.html"); 
                    exit; 
                }  
    I removed the md5 out of this string

    PHP:
    if (($_POST["password"]) == $sPanelPassword) && ($_POST["username"] == $sPanelUsername))
    Is there a possibility that if I removed the the variables in the config file and used fixed values in the index.php, it will work?
     
  4. dineshag

    dineshag Newbie

    Joined:
    Jul 10, 2015
    Messages:
    14
    Likes Received:
    0
    Try printing your POST data and see if your server is getting the values correct or not. This will tell you if you are able to fetch post data or not.
     
  5. albertc

    albertc Newbie

    Joined:
    Jul 14, 2015
    Messages:
    9
    Likes Received:
    1
    I'm going to try this tonight.
     
  6. ekapek

    ekapek Jr. VIP Jr. VIP Premium Member

    Joined:
    Aug 2, 2010
    Messages:
    277
    Likes Received:
    48
    Home Page:
    You neeed md posted pass to compare

    Code:
    if ((md5($_POST["password"]) == $sPanelPassword) && ($_POST["username"] == $sPanelUsername))
    Also ou mix GET and POST - are you sure you send login to ?login url? Check contents of $_GET and $_POST
     
    Last edited: Aug 5, 2015
  7. mantic0re

    mantic0re Junior Member

    Joined:
    May 29, 2015
    Messages:
    118
    Likes Received:
    9
    Md5 is not encryption, its a hash algorithm. I would guess that your database password column is setup to contain less characters than the length of the md5 string.
     
  8. revproxy

    revproxy BANNED BANNED Jr. VIP Premium Member

    Joined:
    Nov 20, 2015
    Messages:
    396
    Likes Received:
    101
    Gender:
    Male
    Yes - this is very popular senario, check the length - you can fix it with simple query:
    Code:
    alter table [table] modify [column] varchar(32);
    
     
  9. flaveris

    flaveris Newbie

    Joined:
    Jul 12, 2013
    Messages:
    16
    Likes Received:
    2
    Occupation:
    Web Developer
    Home Page:
    And please - for the sake of security - don't use md5 for password hashing! :)) Those hashes can be decoded in an eye blink.
     
  10. iBrazilian

    iBrazilian Regular Member

    Joined:
    Oct 10, 2013
    Messages:
    492
    Likes Received:
    255
    Just use bcrypt for more security.
     
  11. IMpossible

    IMpossible Supreme Member

    Joined:
    Apr 15, 2012
    Messages:
    1,344
    Likes Received:
    302
    Occupation:
    Internet Marketing Guru
    Location:
    Somewhere on earth
    Or just use:

    md5("yourpasswordhere")