How to encrypt the password in md5 and to work in the login form?
I added to if md5, but in the login it does not read the password and writes an error

include("../database/db_conection.php"); if(isset($_POST['register'])) { $user_name=$_POST['name']; $user_lastname=$_POST['lastname']; $user_email=$_POST['email']; $user_position=$_POST['position']; $user_country=$_POST['country']; $user_pass=$_POST['pass']; $user_copass=$_POST['copass']; $salt="h4T3hd9Fse"; if($user_name=='') { //javascript use for input checking echo"<script>alert('Please enter the name')</script>"; exit();//this use if first is not work then other will not show } if($user_position=='') { echo"<script>alert('Please enter the position')</script>"; exit(); } if($user_country=='') { echo"<script>alert('Please enter the country')</script>"; exit(); } if($user_pass=='') { echo"<script>alert('Please enter the password')</script>"; exit(); } if ($user_pass != $user_copass) { echo"<script>alert('Error... Passwords do not match')</script>"; exit(); }else{ $user_pass=md5($salt.$user_pass); $user_copass=md5($salt.$user_copass); } if(!filter_var($user_email, FILTER_VALIDATE_EMAIL)){ echo"<script>alert('Please enter the email')</script>"; exit(); } //here query check weather if user already registered so can't register again. $check_email_query="select * from users WHERE user_email='$user_email'"; $run_query=mysqli_query($dbcon,$check_email_query); if(mysqli_num_rows($run_query)>0) { echo "<script>alert('Email $user_email is already exist in our database, Please try another one!')</script>"; exit(); } //insert the user into the database. $insert_user="insert into users (user_name,user_pass,user_email,user_lastname,user_position,user_country,user_copass) VALUE ('$user_name','$user_pass','$user_email','$user_lastname','$user_position','$user_country','$user_copass')"; if(mysqli_query($dbcon,$insert_user)) { echo"<script>window.open('../../index.php','_self')</script>"; } }

Php login

 session_start();//session starts here include("database/db_conection.php"); if(isset($_POST['login'])) { $user_email=$_POST['email']; $user_pass=$_POST['pass']; $check_user="select * from users WHERE user_email='$user_email'AND user_pass='$user_pass'"; $run=mysqli_query($dbcon,$check_user); if(mysqli_num_rows($run)) { echo "<script>window.open('welcome.php','_self')</script>"; $_SESSION['email']=$user_email;//here session is used and value of $user_email store in $_SESSION. } else { echo "<script>alert('Email or password is incorrect!')</script>"; } }
  • So compare hash with hash ...AND user_pass='".md5($salt.$user_pass)."'" - br3t
  • Thank you, did not know that we need more quotes - Brandabul
  • And don't use md5 for passwords in the real world. For educational projects, it will fit, but for reality it is considered cryptographically weak. - D-side
  • 2
    md5 is not encryption, but hashing, and storing a password in md5 is not secure even with salt, use special PHP functions to work with passwords like password_hash . You also have a lot of SQL injections and, in general, the whole code is very leaky - andreymal
  • Why is the password with salt all in md5 unsafe if a) nobody knows salt and b) salt is not stored in the database? - DaemonHK

2 answers 2

When you create a user, you write a password with the prefix salt and in md5, and check without them? Besides, why are you also shoving the test copass into the database? If the password is not read from the post, then you need to look at the markup, perhaps not specified input name = "pass"

    MD5 is an algorithm that allows you to get a kind of "imprint" of the original string. It is designed in such a way that the resulting line cannot be restored from the resulting print.