andrewgarn Posted July 6, 2008 Share Posted July 6, 2008 I have as table of users with passwords saved as varchar unencrypted. Obviously this isnt a good idea if the database were to get compromised. So I looked at mysql encryption, which can be done using php md5 What i'd like to do is create a temporary php page which will turn the passwords into md5 in the database. Not totally sure how to do this, I presume it would be something like: <?php $sql = mysql_query("SELECT password from user"); while($row = mysql_fetch_array($sql)) { $username = $row["username"]; $password = $row["password"]; $password = md5($password); //insert back into database } Then i would need to add something to the register and login commands right? Link to comment https://forums.phpfreaks.com/topic/113453-solved-md5/ Share on other sites More sharing options...
maexus Posted July 6, 2008 Share Posted July 6, 2008 MD5 is not encryption, it's a hash. One way. Once you hash it, you can't get the information back without extensive rainbow tables (which is a subject for different day). It's common to hash the password when the user registers/changes password and store the hash in the db then when they go to logon, hash the password they enter and compare. Link to comment https://forums.phpfreaks.com/topic/113453-solved-md5/#findComment-582950 Share on other sites More sharing options...
papaface Posted July 6, 2008 Share Posted July 6, 2008 Yes, on the login page when retrieving the MD5'ed password you simple convert the password they entered into md5 and compare it against the one you have in the db. If they match then they got the correct password. As for registering, you just insert the MD5'ed password into the db. Link to comment https://forums.phpfreaks.com/topic/113453-solved-md5/#findComment-582951 Share on other sites More sharing options...
andrewgarn Posted July 6, 2008 Author Share Posted July 6, 2008 so in registering / logging in: $username = $_POST['username']; $username = md5($username); then check/insert. Will my code work for editing existing data? Link to comment https://forums.phpfreaks.com/topic/113453-solved-md5/#findComment-582955 Share on other sites More sharing options...
papaface Posted July 6, 2008 Share Posted July 6, 2008 Why do you need to md5 the username. Only MD5'ing the password is necessary. Link to comment https://forums.phpfreaks.com/topic/113453-solved-md5/#findComment-582957 Share on other sites More sharing options...
andrewgarn Posted July 6, 2008 Author Share Posted July 6, 2008 Why do you need to md5 the username. Only MD5'ing the password is necessary. I'm not, just the password. Will the code work? Link to comment https://forums.phpfreaks.com/topic/113453-solved-md5/#findComment-582960 Share on other sites More sharing options...
maexus Posted July 6, 2008 Share Posted July 6, 2008 You posted: $username = md5($username); it should be: $password = md5($_POST['password']); No offense but why don't you try it to see if it works. Link to comment https://forums.phpfreaks.com/topic/113453-solved-md5/#findComment-582964 Share on other sites More sharing options...
andrewgarn Posted July 6, 2008 Author Share Posted July 6, 2008 I didnt wish to do it unless I thought it would work as i'm editing real user data. Which if I break have to reset all the password data manually. And a couple of posts above was a typo sorry, I meant password not username Anyway I've done it now. Seems to work fine. Thanks to all that posted Link to comment https://forums.phpfreaks.com/topic/113453-solved-md5/#findComment-582968 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.