[PHP]Multiple MD5's stored in db. *kept open to help others*[/PHP]
I now use passwords, secured with md5, with the md5 codes in a database, when i check a password, i do include("md.php");
My database is named 'orders', my table is called 'hashes'.
I did:
PHP Code:
$sql = "INSERT INTO `hashes` (passes, id)
VALUES ('themd5here','#idnum')"
md.php:
PHP Code:
<?php
//------------------------------------------------------\\
$pass = md5($_POST['passw']);
$con = mysql_connect("localhost"," "," "); //Token out
if (!$con)
{
die('Cant Connect: ' . mysql_error());
}
mysql_select_db("orders", $con);
$result = mysql_query("SELECT * FROM `hashes` WHERE id=1")
or die(mysql_error());
while($row = mysql_fetch_array( $result )) {
if ($pass != $row['passes']) {
echo "No access!";
exit;
}
}
mysql_close($con);
//------------------------------------------------------\\
?>
This works, but it only works with loading one md5 from the DB, i just cant get it to work so that i add more md5's to the DB, it also checks if these md5's exists.. It's just not as simple as just adding another hash to the db =p
Thanks!
~Elite.
Re: [PHP]Multiple MD5's stored in db.[/PHP]
register
PHP Code:
$password = md5($_POST['password']);
$select = mysql_query("SELECT `password` FROM `hashes` WHERE password = "'.$password.'" LIMIT 1");
if (mysql_num_rows($select))
{
$insert = mysql_query("INSERT INTO `hashes` (id, password) VALUES ('', "'.$password.'")");
echo 'inserted';
}
else
{
echo 'already exists';
}
login
PHP Code:
$password = md5($_POST['password']);
$select = mysql_query("SELECT `password` FROM `hashes` WHERE password = "'.$password.'" LIMIT 1");
if (mysql_num_rows($select))
{
echo 'valid: password exists';
}
Why would you check if a password exists? You should NEVER reveal what passwords are in the database.
And what does the 'id' do?
Re: [PHP]Multiple MD5's stored in db.[/PHP]
Oh, I thought i needed it to do 'SELECT `passes` FROM `hashes` WHERE id=#id'.
And its not a kinda register script, its just a password check, for admin cp.
And why use INSERT for logging in?
I just want it to check if one or more of the sent (md5($_POST['passw'])) is in the database..
I also just dont understand why this wont work:
PHP Code:
<?php
//------------------------------------------------------\\
$pass = md5($_POST['passw']);
$con = mysql_connect("localhost","",""); //`OUT!
if (!$con)
{
die('Cant Connect: ' . mysql_error());
}
mysql_select_db("orders", $con);
$result = mysql_query("SELECT * FROM `hashes`");
while($row = mysql_fetch_array( $result )) {
if ($pass != $row["pass"]) {
echo "No access!";
exit;
} }
mysql_close($con);
//------------------------------------------------------\\
?>
There's two hashes in my database. But it'll always give me a 'No access!';
Re: [PHP]Multiple MD5's stored in db. *more help needed*[/PHP]
Sorry, fixed bug in my code.
Use this:
PHP Code:
$result = mysql_query("SELECT id, pass FROM `hashes` WHERE pass = '".$pass."' LIMIT 1");
if (mysql_num_rows($result))
{
$row = mysql_fetch_assoc($result);
echo 'access for '.$row['id'];
}
else
{
echo 'no access';
}
And why your script doesn't work? Simply because you exit if your password doesn't match the FIRST row's password. You loop through each DB row and check if your PW and the stored PW are NOT the same. If they are not, you exit the script instead of checking if other rows might have the correct PW.
This would fix it:
PHP Code:
$access = false;
while ($row = mysql_fetch_assoc($result)) // notice ASSOC, instead of ARRAY
{
if ($pass == $row["pass"])
{
$access = true;
break;
}
}
if ($access)
{
echo 'access';
}
else
{
echo 'no access';
}
But use the first example, as it will use MySQL features to speeds things up.
Re: [PHP]Multiple MD5's stored in db. *more help needed*[/PHP]
Maybe im missing something here, But i believe every call you make to the database to check a password will return invalid due to the insert, inserting "password"
PHP Code:
$insert = mysql_query("INSERT INTO `hashes` (id, password) VALUES ('', "'.$password.'")");
and your check within the while loop searching for the string in "pass"
PHP Code:
if ($pass != $row["pass"]) {
echo "No access!";
exit;
}
As already stated, The exit; stops the page displaying any further after the first invalid result
Re: [PHP]Multiple MD5's stored in db. *more help needed*[/PHP]
Ok thx i made it up a lil cuz else it'd error me (a header error):
PHP Code:
$result = mysql_query("SELECT pass FROM `hashes` WHERE pass = '".$pass."'");
if (!mysql_num_rows( $result )) { //Notice the '!'.
$row = mysql_fetch_assoc( $result );
echo '<b>No access!</b>';
exit;
}
Anyway ill leave this thread open, cuz if finally a 1st timer uses the search button, they'll find it !