Reputation: 826
Comparing MYSQL password vs HTML form password
I have a Login form with UserId and Password. I guess the problem is with md5 password in the mysql database.so How to compare HTML form password with mysql password.??
here is the code for the login form
<body>
<form method="post" action="validate_login.php" >
<table border="1" >
<tr>
<td><label for="LoginID">LoginID</label></td>
<td><input type="text"
name="LoginID" id="LoginID"></td>
</tr>
<tr>
<td><label for="password">password</label></td>
<td><input name="password"
type="password" id="password"></input></td>
</tr>
<tr>
<td><input type="submit" value="Submit"/>
<td><input type="reset" value="Reset"/>
</tr>
</table>
</form>
</body>
And the php code :
<?php
// Grab User submitted information
$LoginID = $_POST["LoginID"];
$password = $_POST["password"];
//$UserID= $_POST["UserID"];
// Connect to the database
$username = "avaninfo_dairy";
$password = "CMANcustomersupportsystem1234#";
$hostname = "localhost";
//connection to the database
$con = mysqli_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
echo "Connected to MySQL<br>";
// Select the database to use
mysql_select_db("avaninfo_dairy",$con);
$result = mysqli_query("SELECT * FROM cman_users WHERE LoginID = $LoginID");
$row = mysqli_fetch_array($result);
if($row["LoginID"]==$LoginID && $row["Password"]== $password)
echo"You are a validated user.";
else
echo"Sorry, your credentials are not valid, Please try again.";
?>
Upvotes: 0
Views: 1132
Answers (7)
Reputation: 41
<?php
// Grab User submitted information
$LoginID = $_POST["LoginID"];
$password = md5($_POST["password"]);
//$UserID= $_POST["UserID"];
// Connect to the database
$username = "avaninfo_dairy";
$password = "CMANcustomersupportsystem1234#";
$hostname = "localhost";
//connection to the database
$con = mysqli_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
echo "Connected to MySQL<br>";
// Select the database to use
mysql_select_db("avaninfo_dairy",$con);
$result = mysqli_query("SELECT * FROM cman_users WHERE LoginID = $LoginID" and Password=$password);
$row = mysqli_num_row($result);
if($row>0)
echo"You are a validated user.";
else
echo"Sorry, your credentials are not valid, Please try again.";
?>Upvotes: 1
Reputation: 3145
The answer is simple. To have some clarity first you need to get an idea of whats going on.
Your MD5 Hashing algorithms which is stored in your database
"md5 password in the mysql database"
are one way. That means you cannot "undo" it once its encrypted. What you can do is compare a hashed value to it to see if it matches.
How to compare HTML form password with mysql password.??
this will compare the html form password with mysql password,
$hashed_value_from_mysql being your encrypted password from mysql and
$_POST[password] being your password from the form submission
where your name="password" is accessible through $_POST after
you submit the form depending on which method you use.
if ($hashed_value_from_mysql === md5('$_POST[password]')) {
//if the password matched do whatever here
} else {
//it doesn't match, throw an error
echo "password doesn't match";
}
Upvotes: 0
Reputation: 35477
You can use the md5 function. Also you do not need to check the LoginID because the SQL Select prefilters.
if($row["Password"]== md5($password))
However the overall security system is wrong. The web browser should send username and md5(password). The password should never be sent over the internet.
Also, the MD5 hash has been proven to be hackable. Use SHA-1 hash at a minimum.
And most systems Salt the Hash so that the same password for different users have a different hash value in the database.
Upvotes: 1
Reputation: 438
(Assuming you want to compare an unhashed password to an md5 hashed password.)
Change $row["Password"] == $password to $row["Password"] == md5($password).
$row = mysqli_fetch_array($result);
if($row["LoginID"]==$LoginID && $row["Password"]== md5($password))
echo"You are a validated user.";
else
echo"Sorry, your credentials are not valid, Please try again.";
More info on md5: http://php.net/manual/en/function.md5.php
P.S. - If it is within your control, I recommend that you use password_hash() and password_verify() to hash your passwords.
It is much securer than md5().
Upvotes: 1
Reputation: 260
Use MD5 built in function:
if($row["LoginID"]==$LoginID && $row["Password"]== MD5($password))
echo"You are a validated user.";
else
echo"Sorry, your credentials are not valid, Please try again.";
Upvotes: 1
Reputation: 19573
Use the md5 function
$row = mysqli_fetch_array($result);
if($row["LoginID"]==$LoginID && $row["Password"]== md5($password))
echo"You are a validated user.";
else
echo"Sorry, your credentials are not valid, Please try again.";
Upvotes: 1
Reputation: 911
The way to do this would be to md5 encode using the same salt the password from the user and check it against the md5 hash stored on the database. http://php.net/md5
Upvotes: 1
Related Questions
- PHP/SQL Login Form - how to check password in database
- PHP & MySQL compare password
- Comparing two Passwords in Registration form
- PHP / MySQL: How to compare selected value with input received via $_POST
- Password Protection Using PHP and MySQL
- MySQL and PHP - Password Compare
- Using PHP to compare MySql Password()
- MySQL password comparison from PHP
- passwords from html to php then mysql
- Password verification; Is this way of doing it safe?