pranshu82202 Posted August 25, 2011 Share Posted August 25, 2011 $sql = "select * from user_info where us_name='$username' and md5(us_pass)='$userpass'"; $result=mysql_query($sql); $row = mysql_fetch_assoc($result); $count=mysql_num_rows($result); But it is giving error : arning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in C:\...\verify.php on line 19 I am not getting why it is so Quote Link to comment Share on other sites More sharing options...
dug Posted August 25, 2011 Share Posted August 25, 2011 does your query execute ok? do some error checking on your query. Quote Link to comment Share on other sites More sharing options...
pranshu82202 Posted August 25, 2011 Author Share Posted August 25, 2011 I didnt get you Quote Link to comment Share on other sites More sharing options...
MasterACE14 Posted August 25, 2011 Share Posted August 25, 2011 try... $sql = "select * from user_info where us_name='$username' and us_pass=md5('$userpass')"; Quote Link to comment Share on other sites More sharing options...
dug Posted August 25, 2011 Share Posted August 25, 2011 I didnt get you Its your query thats the issue, look at Master....reply Quote Link to comment Share on other sites More sharing options...
pranshu82202 Posted August 25, 2011 Author Share Posted August 25, 2011 I dont think masters reply is gonna work... The i have some password stored in my Database ... let us assume it "hello" And their is a variable $userpass which is the md5 hash of "hello" So to select i should my query not the masters one Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted August 25, 2011 Share Posted August 25, 2011 Did you bother to try it before deciding it wouldn't work? Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted August 25, 2011 Share Posted August 25, 2011 The i have some password stored in my Database ... let us assume it "hello" And their is a variable $userpass which is the md5 hash of "hello" For the password in the database, is it stored as a md5 hash...or plain text? Quote Link to comment Share on other sites More sharing options...
pranshu82202 Posted August 25, 2011 Author Share Posted August 25, 2011 Yup moderator... I tried it, the code written is correct ... Let me explain it to you.. The variable $userpass is already an md5 hash of the some string ... Now that string is stored in my databse.. Now to get the id associated with that string i need to write Select * from user_info where md5(user_pass)='$userpass'; And now my code is working fine i just made a silly mistake, the table name was actually user_info1 .. btw THANX everyone Quote Link to comment Share on other sites More sharing options...
Psycho Posted August 25, 2011 Share Posted August 25, 2011 LOL, why would you store the password in plain text and then when looking for a match you take the user entered value - convert it to a hash and compare it to a hash of the database value? What is the point of using a hash in this instance? You need to store the password as a hash (and use a salt while you are at it.) As to your problem, the query is failing. The query may be wrong, which would result in no matches, but I don't see anything blatant that would cause it to fail. You may have a typo in field names that is causing the failure. Add some error handling to the query to see the error $result=mysql_query($sql) or die(mysql_error()); Quote Link to comment Share on other sites More sharing options...
pranshu82202 Posted August 25, 2011 Author Share Posted August 25, 2011 mjdamto i am not storing password as md5 hash in my database because i wont be able to know that what the password was... And i dont think that their is something ANTI MD5 Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted August 25, 2011 Share Posted August 25, 2011 mjdamto i am not storing password as md5 hash in my database because i wont be able to know that what the password was... And i dont think that their is something ANTI MD5 If it's all about retrieving a lost password, it would be more secure to just reset the password for visitors. What happens if someone gets ahold of the database? Quote Link to comment Share on other sites More sharing options...
pranshu82202 Posted August 25, 2011 Author Share Posted August 25, 2011 Yup cyberRobot as security point of view i am completely agree with you... Quote Link to comment Share on other sites More sharing options...
Psycho Posted August 25, 2011 Share Posted August 25, 2011 mjdamto i am not storing password as md5 hash in my database because i wont be able to know that what the password was... And i dont think that their is something ANTI MD5 If you are not storing the value as an MD5 hash, then why are you converting the values to MD5 hashes to compare in the query? I have to assume the user isn't entering the value as an MD5 hash. So, that means you are converting the user entered value to an MD5 hash and then comparing that to the MD5 hash of the DB value in the query. That's stupid. Why not just compare the user entered value to the DB value without any MD5 conversion? However, the whole point of hashing the value in the DB is so YOU (or anyone else that access the data) will not know the users' passwords!!! You are not supposed to know what their password is. That creates a security risk. People with access to the database could log into the application as one of those users and perform actions posing as that user and, more importantly, since users use the same passwords for multiple systems you could potentially access other applications/sites that those users access. As for "And i don't think that their is something ANTI MD5", I don't know what you mean. But, when storing a password as a hash (which you should absolutely do) you should always do so using a salt. Users with simple passwords could be determined using a rainbow table. And the whole point of hashing the password is to secure the data. As the caretaker of this data you need to take some responsibility in ensuring that the users' sensitive data is not exposed. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.