Here's a question for you.
I'm trying to store encrypted passwords in a database. I do this

//From ADMIN page
$client_pw = trim($client_pw);

//SQL
$sql = " INSERT INTO CLIENTS (client_id, client_pw, client_school, client_expdate, client_fullname)
 VALUES ('".$client_id."', '".md5($client_pw)."', '".$client_school."', '".$client_expdate."', '".$client_fullname."') ;";

Resulting HASH in the DB: 3f8b243aa755cfd9

And retrieve the entered password to vailidate in this manner:

//From login page
$uname = $_POST['uname'];
$pword = $_POST['pword'];

$pword = trim($pword);
$pword = md5($pword);

//SQL
$sql = "select * from CLIENTS where client_id = '" . trim($uname).
       "' and client_pw = '".$pword."'";

HASH it tries to compare this: 3f8b243aa755cfd963741b71885955f2
to the DB entry: 3f8b243aa755cfd9

I've searched several places online and can't seem to get why there is no match. Yes I did type the same password. Most documentation on this implies that I am doing this correctly. It seems like a no-brainer. Am I missing anything?

Ok. This always happens when I post something. As soon as I post, I find the problem. The problem is not in the code, but the database field was set to varchar(16). I increased the character legnth and viola!

Happens to the best of us. You might want to consider changing the column type from varchar to char, since all your md5 hashes should be the same length.


Take care,

Nik
http://www.bigaction.org/