leequalls Posted June 21, 2009 Share Posted June 21, 2009 I have tried finding an answer to this but was not successful. I need a script where when a user registers the password they set up is encrypted into the mysql database I know I need to use md5 and it is 32 characters long. How would the script unencrypt it when the user tries to login? Thanks For any help Link to comment https://forums.phpfreaks.com/topic/163142-passwords/ Share on other sites More sharing options...
wildteen88 Posted June 21, 2009 Share Posted June 21, 2009 You don't decrypt the md5'd password instead you md5 the password the user provides upon login and then compare that to the md5 password in your database that corresponds to the username they used. Example code if(isset($_POST['username'], $_POST['password'])) { $user = mysql_real_escape_string($_POST['username']); $pass = md5($_POST['password']); $sql = "SELECT * FROM members WHERE username='$user' AND password='$pass'"; $result = mysql_result($sql); if(mysql_num_rows($result) == 1) { // user passes login } else { // user fails login } } Link to comment https://forums.phpfreaks.com/topic/163142-passwords/#findComment-860716 Share on other sites More sharing options...
leequalls Posted June 21, 2009 Author Share Posted June 21, 2009 so then if the user forgets their password they would have to be assigned a new md5 password no way to unencrypt it to send the user their correct password by email Link to comment https://forums.phpfreaks.com/topic/163142-passwords/#findComment-860737 Share on other sites More sharing options...
wildteen88 Posted June 21, 2009 Share Posted June 21, 2009 No you cant decrypt an md5 hash. You will have to provide a place for your users to reset their passwords if they forget it. Link to comment https://forums.phpfreaks.com/topic/163142-passwords/#findComment-860743 Share on other sites More sharing options...
chmpdog Posted June 21, 2009 Share Posted June 21, 2009 for added security I would recommend using: md5(md5($foo)) Link to comment https://forums.phpfreaks.com/topic/163142-passwords/#findComment-860751 Share on other sites More sharing options...
leequalls Posted June 21, 2009 Author Share Posted June 21, 2009 I am having a problem I dont know what is wrong I have setup the md5 encryption to be saved into the database to be 4ff9018a647ae315a7e6601a818b4940 but when I do the login the md5 output is not the same for the same password login output ad0234829205b9033196ba818f7a872b the password i used was test2 Link to comment https://forums.phpfreaks.com/topic/163142-passwords/#findComment-860752 Share on other sites More sharing options...
corbin Posted June 21, 2009 Share Posted June 21, 2009 The ad023... one is the hash for 'test2', so something must have gone wrong when previously inserting into the database. Actually, 4ff901... appears to be md5(md5('test2')). Did you mean to hash it twice? Link to comment https://forums.phpfreaks.com/topic/163142-passwords/#findComment-860759 Share on other sites More sharing options...
wildteen88 Posted June 21, 2009 Share Posted June 21, 2009 You need to post the code you use when you a user signs up. Link to comment https://forums.phpfreaks.com/topic/163142-passwords/#findComment-860761 Share on other sites More sharing options...
leequalls Posted June 21, 2009 Author Share Posted June 21, 2009 ok I am using this function function safe($value){ return mysql_real_escape_string($value); } and I am sending safe(md5($_POST['password'])) to the database and for the login I am checking safe(md5($_POST['password'])) will this cause the problem? Link to comment https://forums.phpfreaks.com/topic/163142-passwords/#findComment-860765 Share on other sites More sharing options...
leequalls Posted June 21, 2009 Author Share Posted June 21, 2009 registration code if ($_GET['reg'] == 'y') { if ($_POST['form'] == 'sent') { $name = safe($_POST['name']); $username = safe($_POST['username']); $email = safe($_POST['email']); $passwrd = safe(md5($_POST['passwrd'])); $datetime = $_POST['date']; $ip = safe($_POST['ipaddr']); $new_ins = "insert into $who (name, username, email, passwrd, lastaccess, ip_address) values ('$name', '$username', '$email', '$passwrd', '$datetime', '$ip')"; $res = mysql_query($new_ins) or die (mysql_error()); echo(" <div id=main> <center> You'r Registration has been sent to the admin and will be reviewed for activation.<p> Thank You<br> "); } Login Code $username = safe($_POST['username']); $passwrd = safe(md5($_POST['passwrd'])); $res = mysql_query("select count(*) from $who where username='$username'"); if (mysql_result($res, 0) >= 1) { $dbdj = mysql_query("select * from $who where username='$username'"); $dbpass = safe(md5(mysql_result($dbdj, 0, 'passwrd'))); $dbactive = mysql_result($dbdj, 0, 'active'); if ($passwrd != $dbpass) { Link to comment https://forums.phpfreaks.com/topic/163142-passwords/#findComment-860766 Share on other sites More sharing options...
wildteen88 Posted June 21, 2009 Share Posted June 21, 2009 There is no need to pass an md5 hash to your safe() function, as md5() only returns a string with letters a-z and numbers 0-9. Link to comment https://forums.phpfreaks.com/topic/163142-passwords/#findComment-860768 Share on other sites More sharing options...
leequalls Posted June 21, 2009 Author Share Posted June 21, 2009 ok I removed the safe function from the md5(password) but that did not fix the problem Link to comment https://forums.phpfreaks.com/topic/163142-passwords/#findComment-860772 Share on other sites More sharing options...
exhaler Posted June 21, 2009 Share Posted June 21, 2009 u are using md5 when fetching the password from the database change it to this: $dbpass = mysql_result($dbdj, 0, 'passwrd'); and remove the safe() fromt the $_POST: $passwrd = md5($_POST['passwrd']); since the password in the database is alreadry hashed u don't need to hash it again just hash the $_POST password and compare it with the one in the database Link to comment https://forums.phpfreaks.com/topic/163142-passwords/#findComment-860796 Share on other sites More sharing options...
chmpdog Posted June 21, 2009 Share Posted June 21, 2009 u are using md5 when fetching the password from the database change it to this: $dbpass = mysql_result($dbdj, 0, 'passwrd'); and remove the safe() fromt the $_POST: $passwrd = md5($_POST['passwrd']); since the password in the database is alreadry hashed u don't need to hash it again just hash the $_POST password and compare it with the one in the database Yeah, this is a common mistake for newer programmers. See if it works now. Link to comment https://forums.phpfreaks.com/topic/163142-passwords/#findComment-860804 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.