leequalls Posted June 21, 2009 Share Posted June 21, 2009 I have tried finding an answer to this but was not successful. I need a script where when a user registers the password they set up is encrypted into the mysql database I know I need to use md5 and it is 32 characters long. How would the script unencrypt it when the user tries to login? Thanks For any help Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted June 21, 2009 Share Posted June 21, 2009 You don't decrypt the md5'd password instead you md5 the password the user provides upon login and then compare that to the md5 password in your database that corresponds to the username they used. Example code if(isset($_POST['username'], $_POST['password'])) { $user = mysql_real_escape_string($_POST['username']); $pass = md5($_POST['password']); $sql = "SELECT * FROM members WHERE username='$user' AND password='$pass'"; $result = mysql_result($sql); if(mysql_num_rows($result) == 1) { // user passes login } else { // user fails login } } Quote Link to comment Share on other sites More sharing options...
leequalls Posted June 21, 2009 Author Share Posted June 21, 2009 so then if the user forgets their password they would have to be assigned a new md5 password no way to unencrypt it to send the user their correct password by email Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted June 21, 2009 Share Posted June 21, 2009 No you cant decrypt an md5 hash. You will have to provide a place for your users to reset their passwords if they forget it. Quote Link to comment Share on other sites More sharing options...
chmpdog Posted June 21, 2009 Share Posted June 21, 2009 for added security I would recommend using: md5(md5($foo)) Quote Link to comment Share on other sites More sharing options...
leequalls Posted June 21, 2009 Author Share Posted June 21, 2009 I am having a problem I dont know what is wrong I have setup the md5 encryption to be saved into the database to be 4ff9018a647ae315a7e6601a818b4940 but when I do the login the md5 output is not the same for the same password login output ad0234829205b9033196ba818f7a872b the password i used was test2 Quote Link to comment Share on other sites More sharing options...
corbin Posted June 21, 2009 Share Posted June 21, 2009 The ad023... one is the hash for 'test2', so something must have gone wrong when previously inserting into the database. Actually, 4ff901... appears to be md5(md5('test2')). Did you mean to hash it twice? Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted June 21, 2009 Share Posted June 21, 2009 You need to post the code you use when you a user signs up. Quote Link to comment Share on other sites More sharing options...
leequalls Posted June 21, 2009 Author Share Posted June 21, 2009 ok I am using this function function safe($value){ return mysql_real_escape_string($value); } and I am sending safe(md5($_POST['password'])) to the database and for the login I am checking safe(md5($_POST['password'])) will this cause the problem? Quote Link to comment Share on other sites More sharing options...
leequalls Posted June 21, 2009 Author Share Posted June 21, 2009 registration code if ($_GET['reg'] == 'y') { if ($_POST['form'] == 'sent') { $name = safe($_POST['name']); $username = safe($_POST['username']); $email = safe($_POST['email']); $passwrd = safe(md5($_POST['passwrd'])); $datetime = $_POST['date']; $ip = safe($_POST['ipaddr']); $new_ins = "insert into $who (name, username, email, passwrd, lastaccess, ip_address) values ('$name', '$username', '$email', '$passwrd', '$datetime', '$ip')"; $res = mysql_query($new_ins) or die (mysql_error()); echo(" <div id=main> <center> You'r Registration has been sent to the admin and will be reviewed for activation.<p> Thank You<br> "); } Login Code $username = safe($_POST['username']); $passwrd = safe(md5($_POST['passwrd'])); $res = mysql_query("select count(*) from $who where username='$username'"); if (mysql_result($res, 0) >= 1) { $dbdj = mysql_query("select * from $who where username='$username'"); $dbpass = safe(md5(mysql_result($dbdj, 0, 'passwrd'))); $dbactive = mysql_result($dbdj, 0, 'active'); if ($passwrd != $dbpass) { Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted June 21, 2009 Share Posted June 21, 2009 There is no need to pass an md5 hash to your safe() function, as md5() only returns a string with letters a-z and numbers 0-9. Quote Link to comment Share on other sites More sharing options...
leequalls Posted June 21, 2009 Author Share Posted June 21, 2009 ok I removed the safe function from the md5(password) but that did not fix the problem Quote Link to comment Share on other sites More sharing options...
exhaler Posted June 21, 2009 Share Posted June 21, 2009 u are using md5 when fetching the password from the database change it to this: $dbpass = mysql_result($dbdj, 0, 'passwrd'); and remove the safe() fromt the $_POST: $passwrd = md5($_POST['passwrd']); since the password in the database is alreadry hashed u don't need to hash it again just hash the $_POST password and compare it with the one in the database Quote Link to comment Share on other sites More sharing options...
chmpdog Posted June 21, 2009 Share Posted June 21, 2009 u are using md5 when fetching the password from the database change it to this: $dbpass = mysql_result($dbdj, 0, 'passwrd'); and remove the safe() fromt the $_POST: $passwrd = md5($_POST['passwrd']); since the password in the database is alreadry hashed u don't need to hash it again just hash the $_POST password and compare it with the one in the database Yeah, this is a common mistake for newer programmers. See if it works now. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.