Topic: [SOLVED] Hash Password Help! (Read 478 times)

mjdamato · « **Reply #30 on:** July 01, 2009, 05:49:59 PM »

Use this code and run a test. Then post the text displayed

<?php

include("config.php"); 

// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());

include ("function.php");
//$match = "select id from $table where username = '".$_POST['username']."'
//and password = '".hashPW($_POST['password'],$_POST['username'])."';";

//Test Query
$match = "select password from $table where username = '".$_POST['username']."'";

$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());

//----BEGIN TEST CODE
$result = mysql_fetch_assoc($qry);
echo "QUERY: {$match}<br />
POSTED VALUES:<br />
 - Username: {$_POST['username']}<br />
 - Password: {$_POST['password']}<br />
 - Hashed Password: " . hashPW($_POST['password'], $_POST['username']) . "<br />";
echo "Database Password: {$_result['password']}";
exit();
//-----END TEST CODE

$num_rows = mysql_num_rows($qry); 

if ($num_rows <= 0) {
echo "Sorry, there is no username, {$_POST['username']}, with the specified password.<br/>";
echo "<a href=user_login.php>Try again</a>";
exit; 
}
else {
setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("mysite_username", "{$_POST['username']}");
header('Location:http://mythscape.freezoka.com/');
die();
}

?>

Cetanu · « **Reply #31 on:** July 01, 2009, 08:38:26 PM »

Okay:

QUERY: select password from users where username = 'Admin'
POSTED VALUES:
- Username: Admin
- Password: ------
- Hashed Password: 89cda54482caa109b5544b204b0ad06a7d57df4e
Database Password:

Cetanu · « **Reply #32 on:** July 01, 2009, 08:57:22 PM »

Okay, I found that a variable was improperly defined and then retried it so this is the final after my change:

QUERY: select password from users where username = 'Admin'
POSTED VALUES:
- Username: Admin
- Password: ------ [<< I changed it to that, it showed my password]
- Hashed Password: 89cda54482caa1e9b5544b204b0ad06a7d57df4e
Database Password: 89cda54482caa1e9b5544b204b0ad06a

mjdamato · « **Reply #33 on:** July 01, 2009, 09:14:14 PM »

Check the definition for the password field in the database. I'm guessing you set the length of that field to 32 characters - so the value is getting truncated (i.e. the last 8 characters are getting cut off)!

You will need to:

1. Restore your backed up database
2. Increase the length of the field in the database to at least 40 characters
3. Rerun the script to hash the current passwords

Is "should" all work then. Now aren't you glad you made a backup of the database?!

Cetanu · « **Reply #34 on:** July 01, 2009, 11:10:19 PM »

Wait, the database field is set to be too short to be hashed? Okay, I can change it. YES I am happy that I backed it up. I'll go do that, thanks

I'll pro'ly have one or two more questions.

Cetanu · « **Reply #35 on:** July 02, 2009, 09:53:59 AM »

Okay. Thanks a lot to everyone who helped me accomplish this. It's fixed.

News:

Author Topic: [SOLVED] Hash Password Help! (Read 478 times)

mjdamato

Re: Hash Password Help!

Cetanu

Re: Hash Password Help!

Cetanu

Re: Hash Password Help!

mjdamato

Re: Hash Password Help!

Cetanu

Re: Hash Password Help!

Cetanu

Re: Hash Password Help!

PHP Freaks Forums