MySQL Account Creation

So, I’ve been playing with the MySQL listserver program and I’m trying to get the account creation thing to work. If I don’t apply the MD5+Salt method, it will be sent to the table, but won’t work because it wasn’t sent through the method.

If I apply the method, I get an error.

Here’s without MD5+Salt:

<?php $con = mysql_connect("#SQLHOSTIP#","#SQLUSERNAME#","#SQLPASSWORD#"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("#DATABASE#", $con); $account=mysql_real_escape_string($_POST['q8_Account']); $password=mysql_real_escape_string($_POST['q17_Password']); $password2=mysql_real_escape_string($_POST['q18_VerifyPassword']); $sql="INSERT INTO #USERSTABLE# (account,password,password2) VALUES ('$account','$password','$password2')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "User registration Accepted."; mysql_close($con); ?>

Based on what I’ve read, here’s how I applied the MD5+salt

[code]<?php
$gr_sql = mysql_connect( “#SQLHOSTIP#”, “#SQLUSERNAME#”, “#SQLPASSWORD#” );
if (!$gr_sql) die(‘Could not connect: ’ . mysql_error());
mysql_select_db("#DATABASE#", $gr_sql);
$username = mysql_real_escape_string($_POST[‘q8_Account’]);
$gr_password = mysql_real_escape_string($_POST[‘q17_Password’]);

$gr_result = mysql_query("SELECT * FROM graal_users WHERE account=’" . $username . “’”);
$gr_salt = substr(md5(uniqid(rand(), true)), 0, 3);
$gr_pass = md5(md5($_POST[‘gr_password’]) . $gr_salt);

if ( mysql_num_rows($gr_result) == 0 )
{
# Insert new account.
mysql_query( “INSERT INTO graal_users (id, account, password, salt, activated) VALUES (’” . $userid . “’, '” . $username . “’, '” . $gr_pass . “’, '” . $gr_salt . “’, ‘1’)” );
}
?>[/code]

After I submit the data, I get a blank page and this gets added to my database table.

What am I doing wrong?

___Merged doublepost__________________

I solved the error and created a new problem. Editted my previous post accordingly.

My client still says the account/pass is wrong. Could it have something to do with the listserver?

And what about Pass2 and Salt2? Are those necessary?

B:Edit Edit:[/B]
Since there’s that problem with the Listserver release source, I’m running it under debug. It’s getting my connection, but refusing due to incorrect user/pass.

Pass2 and Salt2 are not necessary, they are for the secure login client.

Alright. Cool. Any idea why my listserver is reporting an invalid user/pass? It’s using the same information my PHP code is.

shouldn’t $_POST[‘gr_password’] just be $gr_password or $_POST[‘q17_Password’]?

I didn’t want to fool around with the code, too much. I tend to break things. I figured it would be easier to specify it redundantly to avoid screwing something up. Call me paranoid. lol

It’s MD5’d and the salt is there, so that should say it worked, right? Unless the wrong thing (or too much) got sent through the method? Based on the code, how likely would that be?

well, since the password is a md5’d nothing + salt it’ll say that the password is wrong.

replace this line:

$gr_pass = md5(md5($_POST['gr_password']) . $gr_salt);

with this one:

$gr_pass = md5(md5($gr_password) . $gr_salt);

LOL! Well, I’ll be damned. That did it. I can log in, now.

When you mentioned,
“shouldn’t $_POST[‘gr_password’] just be $gr_password or $_POST[‘q17_Password’]?”

I wasn’t reading what you typed correctly. It wasn’t until the code you had me replace that I noticed the $_POST throwing it all off.

Thanks much, duder! I’m finding this all to be really neat. It’s definitely a learning experience.

:slight_smile:

Ok, now i’ve run into a problem where only one account can be in the table. How would I make it work? And will MySQL alert me if I try to register an account that already exists? Or would the new registration under the existing account overwrite the existing details?

if you make the userid a primary key in the mysql table no duplicates will exist.

Oh, and make id auto increment too.

Awesome. I manged to get it working. Thanks, again, guys! lol