1bellb Posted March 30, 2011 Share Posted March 30, 2011 Hi, I have create a small website with a login, over the past month it has been working fine, however today I tried to login and it says incorrect password. So I go into my phpMyAdmin database and change the password with the function type as PASSWORD. I go to login again and it still doesnt work. I did however have a dummy account on the site and that does work, and the only difference I can see is the encryption of the password, the new passwords I create start with the astrix symbol (*) and the old password that works doesnt have that. I can guess im probably using the wrong encryption type, but Iv tried loads of different ones and still nothing. I have however noticed which line of code in my PHP code isnt working for the new Passwords, but I cant see a problem. I have put it below, if anyone knows what the problem is, please, please, please let me know. if ($pwd === PwdHash($pass,substr($pwd,0,9))) { It fails at this point and goes strait to the else at the bottom of the if statement. Thanks Ben p.s. if you want me to post all the Login code I will happily do so. Quote Link to comment Share on other sites More sharing options...
reyborn Posted March 30, 2011 Share Posted March 30, 2011 What dbms you are using? I will assume it is mysql. To read your encrypted password. You must use password function in your query. e.g "select * from users where pass = password('password')". Obviously this is not a good practice since this is prone to sql injection, to avoid it optimize your input values. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.