Website Login Problem

[1bellb]

Hi, I have create a small website with a login, over the past month it has been working fine, however today I tried to login and it says incorrect password. So I go into my phpMyAdmin database and change the password with the function type as PASSWORD. I go to login again and it still doesnt work. I did however have a dummy account on the site and that does work, and the only difference I can see is the encryption of the password, the new passwords I create start with the astrix symbol (*) and the old password that works doesnt have that.

I can guess im probably using the wrong encryption type, but Iv tried loads of different ones and still nothing.

I have however noticed which line of code in my PHP code isnt working for the new Passwords, but I cant see a problem. I have put it below, if anyone knows what the problem is, please, please, please let me know.

 

if ($pwd === PwdHash($pass,substr($pwd,0,9))) { 

 

It fails at this point and goes strait to the else at the bottom of the if statement.

 

Thanks

Ben

 

p.s. if you want me to post all the Login code I will happily do so.

[reyborn]

What dbms you are using? I will assume it is mysql.

 

To read your encrypted password. You must use password function in your query. e.g "select * from users where pass = password('password')". Obviously this is not a good practice since this is prone to sql injection, to avoid it optimize your input values.