Jump to content

Archived

This topic is now archived and is closed to further replies.

Jointy

md5() in mysql != md5() in php4 ???

Recommended Posts

hallo,

 

Ich habe folgene Situation...

 

eine mysql tabelle (das passwort wird als sha1() hash abgelegt !!!)

 

username password created ......

 

die abfrage dafür lautet

 

[php:1:42abf792f6]

 

$query = \"SELECT MD5(password+created) AS hash, username, created

FROM user WHERE LOWER(username) = \".$strtolower($username);

 

// mysql kramm

 

// prüfung

if( $buf[\"hash\"] != md5(sha1($password).$buf[\"created\"]) )

{

// Failed Login

}

 

 

[/php:1:42abf792f6]

 

der sha1 hash im password feld ist \"aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d\" und created ist \"2003-10-22 18:03:40\"

 

der hash von mysql ist dann \"1bda96f9c3d659c31df37f7f58d2d8d9\" aber der von

 

[php:1:42abf792f6]

$password = \"hello\";

md5(sha1($password).$buf[\"created\"]) = \"eef482911243878d5668b7d9ea0323be\"

[/php:1:42abf792f6]

 

weis vieleicht jemand warum das so ist ??

 

ich benutze

w2ksp4 apache 2.0.46 /w php 4.3.3 and mysql 3.23.57-nt

 

thx & cya

Jointy

Share this post


Link to post
Share on other sites

Hi Jointy,

 

I\'m assuming you can probably read English so I\'ll keep it in this language so that others can check my answer:

 

From what I can understand with my very rusty German, you are not getting the same results from MySQL as you do from PHP with the MD5 checksum.

 

Looking at your code, however, you are using a double checksum and I think that that is where you may be hitting the problem. Try removing the SHA1 functions, leaving only the MD5 functions and it may cure your problem!

 

The SHA1 version is based on a different RFC from the MD5 version, although the two are fairly similar in their operation, the difference being the algorithm used where the MD5 version operates on 448 bits while the SHA1 version operates on 512 bits. You can read the RFCs for MD5 - RFC1321 and SHA-1 - RFC3174 for full details. (Is the SHA1 capability included in versions of both MySQL and PHP exported outside the US?)

 

Basically, you are calculating a checksum of the password, then creating a checksum of the checksum. I don\'t know whether you took this step in your original checksum of the database stored version, but one or the other is fine, you don\'t normally need both.

 

Could we see the code used to create the field \'MD5 AS hash\'?

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.