Jointy Posted October 22, 2003 Share Posted October 22, 2003 hallo, Ich habe folgene Situation... eine mysql tabelle (das passwort wird als sha1() hash abgelegt !!!) username password created ...... die abfrage dafür lautet [php:1:42abf792f6] $query = \"SELECT MD5(password+created) AS hash, username, created FROM user WHERE LOWER(username) = \".$strtolower($username); // mysql kramm // prüfung if( $buf[\"hash\"] != md5(sha1($password).$buf[\"created\"]) ) { // Failed Login } [/php:1:42abf792f6] der sha1 hash im password feld ist \"aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d\" und created ist \"2003-10-22 18:03:40\" der hash von mysql ist dann \"1bda96f9c3d659c31df37f7f58d2d8d9\" aber der von [php:1:42abf792f6] $password = \"hello\"; md5(sha1($password).$buf[\"created\"]) = \"eef482911243878d5668b7d9ea0323be\" [/php:1:42abf792f6] weis vieleicht jemand warum das so ist ?? ich benutze w2ksp4 apache 2.0.46 /w php 4.3.3 and mysql 3.23.57-nt thx & cya Jointy Quote Link to comment https://forums.phpfreaks.com/topic/1214-md5-in-mysql-md5-in-php4/ Share on other sites More sharing options...
pauper_i Posted October 25, 2003 Share Posted October 25, 2003 Hi Jointy, I\'m assuming you can probably read English so I\'ll keep it in this language so that others can check my answer: From what I can understand with my very rusty German, you are not getting the same results from MySQL as you do from PHP with the MD5 checksum. Looking at your code, however, you are using a double checksum and I think that that is where you may be hitting the problem. Try removing the SHA1 functions, leaving only the MD5 functions and it may cure your problem! The SHA1 version is based on a different RFC from the MD5 version, although the two are fairly similar in their operation, the difference being the algorithm used where the MD5 version operates on 448 bits while the SHA1 version operates on 512 bits. You can read the RFCs for MD5 - RFC1321 and SHA-1 - RFC3174 for full details. (Is the SHA1 capability included in versions of both MySQL and PHP exported outside the US?) Basically, you are calculating a checksum of the password, then creating a checksum of the checksum. I don\'t know whether you took this step in your original checksum of the database stored version, but one or the other is fine, you don\'t normally need both. Could we see the code used to create the field \'MD5 AS hash\'? Quote Link to comment https://forums.phpfreaks.com/topic/1214-md5-in-mysql-md5-in-php4/#findComment-4095 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.