webguync Posted May 7, 2010 Share Posted May 7, 2010 I have code which scrambles password info using MD5. The scipt authenticates the username and password against the database info and proceeds to a secure page if the info is correct. $password = mysql_real_escape_string(md5($_POST['pwid'])); my question is how do I know which scrambled code to put into the database? Quote Link to comment Share on other sites More sharing options...
JAY6390 Posted May 7, 2010 Share Posted May 7, 2010 You put the md5 hash into the database. The mysql_real_escape_string is pointless in the above and may as well be removed Quote Link to comment Share on other sites More sharing options...
webguync Posted May 7, 2010 Author Share Posted May 7, 2010 yea, but how is the MD5 hash determined? That's done with the php right? Quote Link to comment Share on other sites More sharing options...
Mchl Posted May 7, 2010 Share Posted May 7, 2010 There's a mathematical formula to calculate a MD5 hash of any binary content. http://en.wikipedia.org/wiki/MD5 However what do you mean by 'how do I know which scrambled code to put into the database?' ?? Quote Link to comment Share on other sites More sharing options...
JAY6390 Posted May 7, 2010 Share Posted May 7, 2010 Yes you use the MD5 function in php to get the hash which you then put in your database. As Mchl says you need to explain a little clearer Quote Link to comment Share on other sites More sharing options...
webguync Posted May 7, 2010 Author Share Posted May 7, 2010 ok, so I need to echo out my query in order to get the hash and then enter that into MySQL? Quote Link to comment Share on other sites More sharing options...
Mchl Posted May 7, 2010 Share Posted May 7, 2010 Err... no... Are you asking how to store hashed password in database, when user registers? Quote Link to comment Share on other sites More sharing options...
webguync Posted May 7, 2010 Author Share Posted May 7, 2010 actually no registration necessary. I will just be entering the info manually. Quote Link to comment Share on other sites More sharing options...
.Stealth Posted May 7, 2010 Share Posted May 7, 2010 If the script your using to make the password's isn't online and just for personal use, yeah you can echo it out, copy and paste into the database. $password = md5($_POST['pwid']); echo $password; Quote Link to comment Share on other sites More sharing options...
webguync Posted May 7, 2010 Author Share Posted May 7, 2010 what is the alternative method of determining what the MD5 hash is? Say for example the password is google. I don't want to put google into the database, I want to put the MD5 hash equivalent, right? Quote Link to comment Share on other sites More sharing options...
navybofus Posted May 7, 2010 Share Posted May 7, 2010 It's pretty easy to make a page where all of that is processed without you entering anything. I recommend http://www.1stoptutorials.com/Membership_Course.html Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted May 7, 2010 Share Posted May 7, 2010 alternative method of determining what the MD5 hash is This is an odd question. What exactly do you mean by alternative method? If you want to calculate an md5 hash in PHP code then you use the built-in function named md5() and you pass it one argument, the value you want hashed. Therefore if you want to use md5 to hash the value google using a PHP program, your program would contain at least this: <?php md5( 'google' ); ?> Now that small program calculates the md5 hash of the value google, but it doesn't echo the value nor does it save it in a variable, file, or database. So you probably want at least this much: <?php $hashed = md5( 'google' ); ?> That calculates the md5 and stores it in the variable $hashed. But the value in $hashed is not used for anything. So here is where you decide what to do with the hashed value. Will you echo it to the screen? <?php $hashed = md5( 'google' ); echo $hashed; ?> Will you insert it into a database? <?php $hashed = md5( 'google' ); $user = 'joesmith'; $db = mysql_connect( 'host', 'user', 'pass', 'dbname' ); // Not that I've not called mysql_real_escape_string, but you should! mysql_query( "insert into users ( username, password ) values ( '{$user}', '{$hashed}' )" ); ?> Most of us are having a hard time figuring out exactly what you're asking. Quote Link to comment Share on other sites More sharing options...
webguync Posted May 7, 2010 Author Share Posted May 7, 2010 I think the confusion is with the script I have, the username and passwords are stored in the DB ahead of time not entered into the DB via a form. I manually enter the info into the database, so in the past I would enter username:myemail@aol.com password:google. But with the MD5 hash, I don't know what that is unless I echo out the Query or use another hash script. Quote Link to comment Share on other sites More sharing options...
Mchl Posted May 7, 2010 Share Posted May 7, 2010 MySQL has MD5() function as well, so issue a query like this from PhpMyAdmin for example: INSERT INTO yourTable(usernameColumn, passwordColumn) VALUES ('yourYsername',MD5('yourPassword')); Quote Link to comment Share on other sites More sharing options...
webguync Posted May 7, 2010 Author Share Posted May 7, 2010 ok, yea, that is what I was looking for. Thanks! Quote Link to comment Share on other sites More sharing options...
Mchl Posted May 7, 2010 Share Posted May 7, 2010 Just to remind you. A password should be hashed salted. Google 'hash salt' for explanation. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.