Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New to the CF scene
    Join Date
    Apr 2011
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Hashing Password on login to match the hash value in database

    Hello,
    Users have already signed up through a webpage, When they signup it encrypts the passwords using MD5 Hash, They can log in through the webpage using their normal password but If I do it through VB then the only way to get in is to use the MD5 hash code and not the normal password.
    So if I have the password "banana" it is encrypted in the database using md5 as "sfdhhf488348" or whatever, I can still login through the webpage with "banana" yet in vb.net I have to use "sfdhhf488348"

    What do i have to add to the code so the password what they login to matches the password witch is already hashed in the database.

    PHP Code:
    Private Sub OK_Click(ByVal sender As System.ObjectByVal e As System.EventArgsHandles OK.Click

            MySqlConnection 
    = New MySqlConnection
            MySqlConnection
    .ConnectionString "server=aerolitegaming.co.uk;Port=3306; user id=walkerki_login; password=hidden; database=walkerki_testingphp"
            
    MySqlConnection.Open()

            
    Dim Myadapter As New MySqlDataAdapter
        Dim sqlquary 
    "SELECT * From users WHERE Username='" UsernameTextBox.Text "'And Password= '" PasswordTextBox.Text "';"

        
    Dim command As New MySqlCommand
            command
    .Connection MySqlConnection
            command
    .CommandText sqlquary
            Myadapter
    .SelectCommand command
        Dim mydata 
    As MySqlDataReader
            mydata 
    command.ExecuteReader
            
    If mydata.HasRows 0 Then
                MsgBox
    ("Sorry! We can't find your Username and Password. Try Again or contact us on the forum")
            Else
                
    Form1.Show()
                
    Me.Close()

            
    End If
        
    End Sub 
    Oh and i know about SQL Injecting
    Last edited by luke.arran; 04-09-2011 at 08:24 PM.

  • #2
    teh Moderatorinator
    Join Date
    Sep 2004
    Location
    USA
    Posts
    2,472
    Thanks
    4
    Thanked 40 Times in 40 Posts
    You have to md5 encrypt the password in your vb code and pass that into your query instead of the text box text.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •