Jump to content

Archived

This topic is now archived and is closed to further replies.

snapper64

Activation script md5 help

Recommended Posts

Hi Guys,

I am unfortunately having to post on here for help again !!!! Basically i have been followng this tutorial: [a href=\"http://www.olate.com/articles/185\" target=\"_blank\"]http://www.olate.com/articles/185[/a] and have then gone onto this: [a href=\"http://www.olate.co.uk/articles/232\" target=\"_blank\"]http://www.olate.co.uk/articles/232[/a]

Everything works up to the point when md5 is supposed to decrypt the hash string in the activation url (im not too certain about this). Its producing the wrong result. Is it even possible to do this ?

My mysql database has a users table which has the following fields:

userid
title
forename
surname
password
address
phone
email
salt
timestamp
status

Basically i need to compare the decrypted hash string to the encrypted password stored in the database. If you read the tutorial i linked above this will probably make sense [img src=\"style_emoticons/[#EMO_DIR#]/unsure.gif\" style=\"vertical-align:middle\" emoid=\":unsure:\" border=\"0\" alt=\"unsure.gif\" /]

My activate.php looks like this:

[code]<?php

// Include init file
include "init.php";

$md5 = md5($_GET['hash']);
$base = base64_decode($_GET['stamp']);

$sql = "UPDATE users SET status='1' WHERE timestamp='$base' limit 1";


// And lastly, store the information in the database
mysql_query ($sql) or die(mysql_error());
printf("Records changed: %d\n", mysql_affected_rows());
?>[/code]
The account i am trying to activate is called 'test' with a pasword of 'test1234' (obviously without the ''). Let me know if you need anymore info guys and i will provide it [img src=\"style_emoticons/[#EMO_DIR#]/smile.gif\" style=\"vertical-align:middle\" emoid=\":smile:\" border=\"0\" alt=\"smile.gif\" /]

Thanks,

Charlie

Share this post


Link to post
Share on other sites
As far as I know, you can not decode a md5 hash string. It is a one-way encryption.

when a user entered password upon registration, say "mypass1234", you encrypt this password with a salt, or without a salt. A salt can increase security issue, but not required.

so, once ur md5 the password:

$enc_pass = md5($password);

$enc_pass looks something like '345lkjf9se8ufoa34ijroasjdflkajsdf'.

Then you will insert this $enc_pass into database.


When user is logged in, user will input a password, $input_pass.
you must encrypt this $input_pass the same way you did in the registration, to check for authorization.
You can not decrypted the $enc_pass whatsoever.

Tom

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.