Jump to content

Activation script md5 help


snapper64

Recommended Posts

Hi Guys,

I am unfortunately having to post on here for help again !!!! Basically i have been followng this tutorial: [a href=\"http://www.olate.com/articles/185\" target=\"_blank\"]http://www.olate.com/articles/185[/a] and have then gone onto this: [a href=\"http://www.olate.co.uk/articles/232\" target=\"_blank\"]http://www.olate.co.uk/articles/232[/a]

Everything works up to the point when md5 is supposed to decrypt the hash string in the activation url (im not too certain about this). Its producing the wrong result. Is it even possible to do this ?

My mysql database has a users table which has the following fields:

userid
title
forename
surname
password
address
phone
email
salt
timestamp
status

Basically i need to compare the decrypted hash string to the encrypted password stored in the database. If you read the tutorial i linked above this will probably make sense [img src=\"style_emoticons/[#EMO_DIR#]/unsure.gif\" style=\"vertical-align:middle\" emoid=\":unsure:\" border=\"0\" alt=\"unsure.gif\" /]

My activate.php looks like this:

[code]<?php

// Include init file
include "init.php";

$md5 = md5($_GET['hash']);
$base = base64_decode($_GET['stamp']);

$sql = "UPDATE users SET status='1' WHERE timestamp='$base' limit 1";


// And lastly, store the information in the database
mysql_query ($sql) or die(mysql_error());
printf("Records changed: %d\n", mysql_affected_rows());
?>[/code]
The account i am trying to activate is called 'test' with a pasword of 'test1234' (obviously without the ''). Let me know if you need anymore info guys and i will provide it [img src=\"style_emoticons/[#EMO_DIR#]/smile.gif\" style=\"vertical-align:middle\" emoid=\":smile:\" border=\"0\" alt=\"smile.gif\" /]

Thanks,

Charlie
Link to comment
Share on other sites

As far as I know, you can not decode a md5 hash string. It is a one-way encryption.

when a user entered password upon registration, say "mypass1234", you encrypt this password with a salt, or without a salt. A salt can increase security issue, but not required.

so, once ur md5 the password:

$enc_pass = md5($password);

$enc_pass looks something like '345lkjf9se8ufoa34ijroasjdflkajsdf'.

Then you will insert this $enc_pass into database.


When user is logged in, user will input a password, $input_pass.
you must encrypt this $input_pass the same way you did in the registration, to check for authorization.
You can not decrypted the $enc_pass whatsoever.

Tom
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.