md5 has be confused....

ive noticed somthing about md5 encryption that I thought id check with you guys...
If I encrypt a phrase for example "blob" and lets say for example I see the encryption of for example d1403453543r3ahb in the database that tells me its done it ok....and i encrypt another phrase for example "tom" shouldnt the encryption be different?
for some reason its the same not sure why....
is my php setup correctly?
basically encrypting a password in a login thing im making...script works fine without md5 but soon as i try and check the md5 with the encryption I just keep getting incorrect password hehe.
any ideas?
note: BE in the thread title is suppose to be *me sorry its late here lol.

say you sent the password (during sign up) in a HTML input field called "pass".
The PHP to create the MD5 password would be:
PHP Code:



// I am using mysql_real_escape_string to prevent any SQL injection attempts$escaped_password = mysql_real_escape_string($_POST['pass']);// Now to MD5 the password$md5_password = md5($escaped_password);// insert $md5_password into the password field in the database and continue




Now to check if the password is correct during log in:
We assume the password pulled from the database using the supplied user name (or other identifier) is stored in $databased_password, the password is stored in $_POST['password'] and the user name is in $_POST['username']
PHP Code:



// we've already pulled the correct password from the database, now compare it to the one supplied in the login form$md5_supplied_password = md5($_POST['password']);if($md5_supplied_password = $databased_password){// it's the right password}else {// wrong}




If you want the best help, please post the code and I will try to help you.





__________________LCWSoft - Canadian web hosting (based in Newfoundland)Uptime Report
lawrencewilliams (at) lcwsoft.com

Quote:



Originally Posted by Flumps


shouldnt the encryption be different?
for some reason its the same not sure why....


Yes, they should be different. (Technically, collisions do exist - two different strings with the same hash value - but these are very rare).
Wild guess: Is your actual hashed value this one, by any chance?
Code:
d41d8cd98f00b204e9800998ecf8427e







__________________
Chris <ClonePanel>
"Not everything that can be counted counts, and not everything that counts can be counted" - Albert Einstein

Not to nitpick but you don't need to escape the password for SQL injection since it will be md5 hashed.
Also you should add a unique salt to the password, aka
PHP Code:



<?php$pass = md5($_POST['username'].$_POST['password']);?>

Quote:



Originally Posted by foobic


Yes, they should be different. (Technically, collisions do exist - two different strings with the same hash value - but these are very rare).
Wild guess: Is your actual hashed value this one, by any chance?
Code:
d41d8cd98f00b204e9800998ecf8427e




no matter what the string value is yes it generates that wait let me check....
yep thats it.
thanks all those that provided some code ill give that a whirl later.

Damn, the crystal ball's clear tonight!
That's the md5 of an empty string. In the script that initially saves the password hash, check back in your code from the point where you calculate the hash and find out why the variable you're using isn't set.





__________________
Chris <ClonePanel>
"Not everything that can be counted counts, and not everything that counts can be counted" - Albert Einstein

Quote:



Originally Posted by foobic


Damn, the crystal ball's clear tonight!
That's the md5 of an empty string. In the script that initially saves the password hash, check back in your code from the point where you calculate the hash and find out why the variable you're using isn't set.


im just about to take a look now...by the sounds of things im leaving somthing out, knowing me its proberly a typo - ill look now if i cant see it ill paste my code.
thanks.

yey its working
thanks guys