I've got a contest in development on my site where members will vote on a winning. However, I require that they be members before that can upload entries and submit a vote (when the contest is in the voting stage).

I had this working before VB3.. with VB2.. however now it no longer works. Below is the code I used for VB2 and VB3 to compare the submitted password with the one stored in the database.

I realize the password is encrypted in the database and can not be reversed. However I guess I need to encrypt the password the member inputs and then compare that to the one stored in the database. IF they match.. access granted.. if they don't.. end.

Here's the VB2 Code:

$query = "select password, userid from user where username='$username'";
$result = mysql_query($query) or die("Query failed");

$row=mysql_fetch_array($result);

$userid = $row['userid'];

if ($row['password'] == md5($password)) {
print "Password correct<br><br>";
}
else {
die("password not correct!");
}



Here's the VB3 Code that never correctly matches the passwords:

$query = "SELECT password FROM user WHERE username='$username' AND password = MD5(CONCAT(MD5('$password'), salt))";
$result = mysql_query($query) or die("Query failed");

$row=mysql_fetch_array($result);

$userid = $row['userid'];

/* THIS IS WHERE THE PROBLEM IS */

if ($row['password'] == MD5(CONCAT(MD5('$password'), salt)) {
print "Password correct!<br><br>";
}
else {
die("password not correct!");
}


Any help on how to properly encrypt the inputed password to match that stored in the database would be greatly appreciated.

Aceman

Why not just use the vB login html from the navbar template?

Anyone know how to properly encrypt a submitted password so it can be checked against the one in the VB database?

Aceman

echo $row['password'];
print "<br>";
echo (md5($password). salt) ;


does not return the same numbers at all. But it DOES pull the correct one from the VB database.

A friend of mine who's a PHP GOD.. helped me figure this one out. Daneel.. you da man!

You can use the following code to accept a username and password from a form and then compare it to what's stored in the VB3 Database. NOTE This takes into account the md5 and salt encryption. It works perfectly for me.


// hostname or ip of server
$servername='localhost';

// username and password to log onto db server
$dbusername='?????????';
$dbpassword='?????????';

// name of database ($dbname2 is my VB3 database)
$dbname='MY_contest';
$dbname2='MY_forum';

/* Connecting, selecting database */
$link = mysql_connect($servername, $dbusername, $dbpassword)
or die("Could not connect");
print "Connected successfully<br><br>";
mysql_select_db($dbname2) or die("Could not select database");

/* Necessary fields filled? */
if (!$username || !$password || !$name || !$country || !$email || !$picture || !$stats)
die("Fill in all necessary fields.");


/* password correct? */
$query = "SELECT salt, password FROM user WHERE username='$username'";
$result = mysql_query($query) or die("The information you entered does not match our records.");
$row=mysql_fetch_array($result);

$dbpassword = $row['password'];
$salt = $row['salt'];

if ($dbpassword == md5(md5($password). $salt)) {
print "Password correct<br><br>";
}
else {
die("password not correct!");
}


Then just place the rest of whatever you need your page to do after the password comparison.

I honestly have yet to find this code posted anywhere on VB.org and VB.com so I hope this helps someone!

Aceman