EchoFool Posted May 26, 2008 Share Posted May 26, 2008 I am using a password encryption for my registration of: <?php $Password = mysql_real_escape_string($_POST['Password']); $Password = md5($Password); ?> But on login process form where i have: <?php $Username = mysql_real_escape_string($_POST['Username']); $Password = mysql_real_escape_string($_POST['Password']); $Password = md5($Password); ?> It doesn't match up. Then I thought about using a "request forgotten password feature", but how can the php de-crypt it in order to tell the user what their actual password was via email if they ever forgot ? Because at the moment I cannot login, as the encryption codes do not match. Yet for the same password on input it is only doing: 60474c9c10d7142b7508ce7a50acf414 The database encrypted password is: 60474c9c10d7142b7508 Which is what is throwing it out, for some reason I cannot work out why. Quote Link to comment Share on other sites More sharing options...
MishieMoo Posted May 26, 2008 Share Posted May 26, 2008 You probably don't have enough characters allotted in the database. MD5 returns a 32-character string. If you notice, the first 20 or so are the same, until the second string ends. Increase the size of the row in the database and it should work fine. In regards to a lost password feature, simply generate a random password and send it out instead of storing the actual password in the database (which isn't very safe). It's the better way to do things xD Quote Link to comment Share on other sites More sharing options...
DarkWater Posted May 26, 2008 Share Posted May 26, 2008 test12 isn't a very strong password. =) And don't run mysql_real_escape_string on a password that you're encrypting anyway. P.S: @Poster above me: MD5 outputs 32 characters. Quote Link to comment Share on other sites More sharing options...
EchoFool Posted May 26, 2008 Author Share Posted May 26, 2008 test12 isn't a very strong password. =) And don't run mysql_real_escape_string on a password that you're encrypting anyway. P.S: @Poster above me: MD5 outputs 32 characters. LOL how did you de-crypt that? Is that with php? Because I am looking for something like that. MishieMoo - you were correct about the database ! Thanks ! But can de-cryption be done in php ? Quote Link to comment Share on other sites More sharing options...
DarkWater Posted May 26, 2008 Share Posted May 26, 2008 No, you can't decrypt MD5's, but I have rainbow tables, and it's fun to watch people go "omg how u do dat". =P Quote Link to comment Share on other sites More sharing options...
EchoFool Posted May 26, 2008 Author Share Posted May 26, 2008 No, you can't decrypt MD5's, but I have rainbow tables, and it's fun to watch people go "omg how u do dat". =P Whats rainbow tables? Quote Link to comment Share on other sites More sharing options...
DarkWater Posted May 26, 2008 Share Posted May 26, 2008 In layman's terms, it takes every single letter+number combination up to a certain number of characters and MD5's them, and stores it in rainbow tables, so you can look them up later. =P Quote Link to comment Share on other sites More sharing options...
Fadion Posted May 26, 2008 Share Posted May 26, 2008 No, you can't decrypt MD5's, but I have rainbow tables, and it's fun to watch people go "omg how u do dat". =P haha ure funny lol. PS: Just use sha1() Quote Link to comment Share on other sites More sharing options...
EchoFool Posted May 26, 2008 Author Share Posted May 26, 2008 The rainbow tables must have millions of rows of data then ! Quote Link to comment Share on other sites More sharing options...
DarkWater Posted May 26, 2008 Share Posted May 26, 2008 The rainbow tables must have millions of rows of data then ! Yeah. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.