md5 question

[webguync]

I have code which scrambles password info using MD5. The scipt authenticates the username and password against the database info and proceeds to a secure page if the info is correct.

$password = mysql_real_escape_string(md5($_POST['pwid']));

 

my question is how do I know which scrambled code to put into the database?

[JAY6390]

You put the md5 hash into the database. The mysql_real_escape_string is pointless in the above and may as well be removed

[webguync]

yea, but how is the MD5 hash determined? That's done with the php right?

[Mchl]

There's a mathematical formula to calculate a MD5 hash of any binary content.

http://en.wikipedia.org/wiki/MD5

 

However what do you mean by 'how do I know which scrambled code to put into the database?' ??

[JAY6390]

Yes you use the MD5 function in php to get the hash which you then put in your database. As Mchl says you need to explain a little clearer

[webguync]

ok, so I need to echo out my query in order to get the hash and then enter that into MySQL?

[Mchl]

Err... no...

 

Are you asking how to store hashed password in database, when user registers?

[webguync]

actually no registration necessary. I will just be entering the info manually.

[.Stealth]

If the script your using to make the password's isn't online and just for personal use, yeah you can echo it out, copy and paste into the database.

 

$password = md5($_POST['pwid']);
echo $password;

[webguync]

what is the alternative method of determining what the MD5 hash is? Say for example the password is google. I don't want to put google into the database, I want to put the MD5 hash equivalent, right?

[navybofus]

It's pretty easy to make a page where all of that is processed without you entering anything. I recommend http://www.1stoptutorials.com/Membership_Course.html

[roopurt18]

alternative method of determining what the MD5 hash is

This is an odd question.  What exactly do you mean by alternative method?  If you want to calculate an md5 hash in PHP code then you use the built-in function named md5() and you pass it one argument, the value you want hashed.

 

Therefore if you want to use md5 to hash the value google using a PHP program, your program would contain at least this:

<?php
md5( 'google' );
?>

 

Now that small program calculates the md5 hash of the value google, but it doesn't echo the value nor does it save it in a variable, file, or database.

 

So you probably want at least this much:

<?php
$hashed = md5( 'google' );
?>

 

That calculates the md5 and stores it in the variable $hashed.  But the value in $hashed is not used for anything.

 

So here is where you decide what to do with the hashed value.

 

Will you echo it to the screen?

<?php
$hashed = md5( 'google' );
echo $hashed;
?>

 

Will you insert it into a database?

<?php
$hashed = md5( 'google' );
$user = 'joesmith';
$db = mysql_connect( 'host', 'user', 'pass', 'dbname' );
// Not that I've not called mysql_real_escape_string, but you should!
mysql_query( "insert into users ( username, password ) values ( '{$user}', '{$hashed}' )" );
?>

 

Most of us are having a hard time figuring out exactly what you're asking.

[webguync]

I think the confusion is with the script I have, the username and passwords are stored in the DB ahead of time not entered into the DB via a form. I manually enter the info into the database, so in the past I would enter username:myemail@aol.com password:google. But with the MD5 hash, I don't know what that is unless I echo out the Query or use another hash script.

[Mchl]

MySQL has MD5() function as well, so issue a query like this from PhpMyAdmin for example:

INSERT INTO yourTable(usernameColumn, passwordColumn) VALUES ('yourYsername',MD5('yourPassword'));

[webguync]

ok, yea, that is what I was looking for. Thanks!

[Mchl]

Just to remind you. A password should be hashed salted. Google 'hash salt' for explanation.