Error comparing MD5 password in PHP

Asked

Viewed 625 times

0

I’m having a problem in a login form, below follows the current codes.

I’m using the method via POST, what happens is that it is not sending the post in MD5 to be compared in DB.

In the database the password is already registered in MD5, but when sending the data through this form to complete the login it does not convert the password.

Does anyone know where the mistake is?

form login

<form id="1" name="1" action="pass.php" method="post">
   <div class="login">
      <input placeholder="Usuário" type="text" id="username" size="25" name="name" /><br>
      <input placeholder="Senha" id="pass" type="password" size="25" name="pass" /><br>
      <input type="submit" name="_2" value="Login" /> 
      <input type="hidden" name="ed_type" value="" /> 
      <input type="hidden" name="redirect" value="<? echo $redirect;?>" />
   </div>
</form>

php pass.

<?php
session_start();
$usuario_admin = isset($_SESSION['1x11']) ? $_SESSION['1x11'] : '';

include("conf.inc.php");
include("conectar.php");

$query = "select * from admin where username='" . $_POST["name"] . "' and pass=MD5('" . $_POST["pass"] . "')";
$result = mysql_query($query, $db);
$row = mysql_fetch_array($result);
$total = mysql_num_rows($result);
$name = $_POST['name'];
$pass = $_POST['pass'];
$ADMIN_USERNAME = $row["username"];
$ADMIN_PASSWORD = $row["pass"];

if ($total > 0) {
    if ($name == $ADMIN_USERNAME && $pass == $ADMIN_PASSWORD) {
        if ($usuario_admin != '')
            $_SESSION['1x11'] = "";
        $_SESSION["1x11"] = $name;
        $_SESSION['logedin'] = true;
        $_SESSION["type"] = $row["type"];
        $_SESSION["usrname"] = $name;
        $_SESSION["logid"] = $row["id"];
        header("Location:index2.php");
    }
} else {
    header("Location:index.php?id=1");
}
?>

Post information sent using TAMPER DATA:

Host=dominio.com
User-Agent=Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0
Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language=pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding=gzip, deflate
Referer=http://dominio.com/admin/index.php?id=1
Cookie=PHPSESSID=1d5d5r8hlp6hnebv9pa115d8r
Connection=keep-alive
Upgrade-Insecure-Requests=1
Content-Type=application/x-www-form-urlencoded
Content-Length=59
POSTDATA=name=admin&pass=admin&_2=Login&ed_type=&redirect=

NEW MISTAKE:

Notice: date_default_timezone_set() [function.date-default-timezone-set]: Timezone ID '-03:00' is invalid in /home/user/public_html/admin/adm.config.inc.php on line 15

Notice: date_default_timezone_set() [function.date-default-timezone-set]: Timezone ID '-03:00' is invalid in /home/user/public_html/admin/conf.inc.php on line 3

Notice: Undefined variable: timezone_set in /home/user/public_html/admin/conectar.php on line 9

Notice: Use of undefined constant hora - assumed 'hora' in /home/user/public_html/admin/conectar.php on line 14

connect php.

<?php
    include_once("conf.inc.php");


    $db=mysql_connect($DBSERVER, $USERNAME, $PASSWORD);
    if (!$db) die('N&atilde;o foi possivel conectar: ' . mysql_error());
    mysql_select_db($DATABASENAME,$db);

    if ($timezone_set=="")$timezone_set="America/Sao_Paulo";
    $sql = mysql_query("Set @@global.timezone = '".$timezone_set."';");

    $sql = mysql_query("Select Now() as hora");
    $dados=mysql_fetch_array($sql);
    $Hora_Servidor_MySQL = date('Y/m/d H:i:s',strtotime($dados[hora]));
?>

1 answer

1

your error is in your query

the correct one should be

$query = "select * from admin where username='" . $_POST["name"] . "' and pass='" . MD5($_POST["pass"]) . "'";
  • I’ve tried it that way and it doesn’t work at all... :(

  • does a favor, vc is passing to your system the admin password , copy it in your db as it is and put here. ( the hash md5 of it )

  • Follows: 21232f297a57a5a743894a0e4a801f

  • ta ai your problem admin md5 is 21232f297a57a5a743894a0e4a801fc3 probably your field in mysql d password this limited increase the varchar to 50 q solves

  • Our really, what a mess! rsrs But now gave another problem, it gets blank when logged in. Redirect to pass.php and get the white screen.

  • 1

    rss is now another problem you have to revise your script. enables displaying php errors and posts the error.

  • I updated the question, can you take a look? Strange these errors because if I don’t use MD5 it logs in normally, and using MD5 occurs these errors. Why will be?

  • where you receive the $data[hour]? and on the default time zone read this http://php.net/manual/en/function.date-default-timezone-set.php

  • would be something like date_default_timezone_set('America/Sao_paulo');

  • Already fix these two aquivos, now only got the error in connect.php file, updated the question with the complete code of this file... Actually this $data[time] I don’t know where it gets from, because it doesn’t have any reference in the files, nor in the connect nor in conf.inc, strange...

  • so it should look like $Hora_servor_mysql = date('Y/m/d H:i:s');

  • Ta complicated make work, all errors are gone but still has the white screen and does not redirect to the home page.

  • does a redirect by meta and not by header as you may have some output anets from this echo header"<meta http-equiv='refresh' content='0;index2.php'>";

  • It didn’t work either, still white screen. oo

  • strange m add in skype i t help by teamviewer -> jasaroc

Show 10 more comments

Browser other questions tagged

You are not signed in. Login or sign up in order to post.