I have a login script for a web application that I am still currently scripting. The login script looks for a 16bit string for a password. I already have a bunch of users in my database and I just want to use their login info save them having to sign up again. I transferred the login info table to another database but the login script when used just says invalid password.

All the passwords in the database are 32 bit. How do I set the login script to look for 32 bit passwords instead of 16 bit.

If you need me to post the script let me know.

Thanks

Smithster

Of course we need you to post both scripts -- the original one and the new one.

Also, I doubt you really mean 16-bit and 32-bit passwords. In ASCII, 16 bits is two characters; 32 is four. In UTF-16, 16 bits is only one character. This is not a secure password.

Well I wouldn't really have a clue as I only found out about this today when I searched for "length of encripted passwords" because I noticed that the encription was twice as long in the original database.

I only have the sql file and the original login script. I didn't do anything to it as I only wanted to get it working first of all.



CREATE TABLE tbl_auth_user (
user_id VARCHAR(10) NOT NULL,
user_password CHAR(32) NOT NULL,

PRIMARY KEY (user_id)
);

INSERT INTO tbl_auth_user (user_id, user_password) VALUES ('someuser', PASSWORD('somepass'));


If I use the SQL to create a user then it encripts the password to 16 characters.


<?php
// we must never forget to start the session
session_start();

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
// first check if the number submitted is correct
$number = $_POST['txtNumber'];

if (md5($number) == $_SESSION['image_random_value']) {
include 'library/config.php';
include 'library/opendb.php';

$userId = $_POST['txtUserId'];
$password = $_POST['txtPassword'];


// check if the user id and password combination exist in database
$sql = "SELECT user_id
FROM tbl_auth_user
WHERE user_id = '$userId' AND user_password = PASSWORD('$password')";

$result = mysql_query($sql) or die('Query failed. ' . mysql_error());

if (mysql_num_rows($result) == 1) {
// the user id and password match,
// set the session
$_SESSION['image_is_logged_in'] = true;

// remove the random value from session
$_SESSION['image_random_value'] = '';

// after login we move to the main page
header('Location: main.php');
exit;
} else {
$errorMessage = 'Sorry, wrong user id / password';
}

include 'library/closedb.php';
} else {
$errorMessage = 'Sorry, wrong number. Please try again';
}
}
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="500" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150">Enter Number</td>
<td><input name="txtNumber" type="text" id="txtNumber" value="">
&nbsp;&nbsp;<img src="randomImage.php"></td>
</tr>

<tr>
<td width="150">&nbsp;</td>
<td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>



This is all I have really, hope it helps.

Thanks.

And the other script?

What other script?!?!? There is no other script!

The script that generated the passwords originally.