Jay2391 Posted December 5, 2006 Share Posted December 5, 2006 I am trying to imput a simple user and password but when i go to my sql i can see the name of the password...some one told me about md5 but i do not know how to use it....check my code is not all there but at least the part need noticing$self = $_SERVER['PHP_SELF'];$loginName = $_POST['loginName'];$password = $_POST['password'];if((!$loginName) and (!$password)){ $form ="Submit user"; $form.="<form action=\"$self\""; $form.=" method=\"post\">Login Name:"; $form.="<input type=\"text\" name=\"loginName\""; $form.=" value=\"$loginName\"><br>Password:"; $form.="<input type=\"text\" name=\"password\""; $form.=" value=\"$password\"><br>"; $form.="<input type=\"submit\" value=\"Submit\">"; $form.="</form>"; echo ( $form ); } Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/ Share on other sites More sharing options...
taith Posted December 5, 2006 Share Posted December 5, 2006 [code]$password = md5($_POST['password']);[/code] Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-135597 Share on other sites More sharing options...
taith Posted December 5, 2006 Share Posted December 5, 2006 just as a subnote... this is about 2-3x fasterEdited:[code]$password = bin2hex(md5($_POST['password']));[/code]basically the md5 encription "scrambles" the string, so you'd also need to md5() the passwords in the database... other then that... i'd need a little more code to see why your getting white page... Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-135601 Share on other sites More sharing options...
Jay2391 Posted December 5, 2006 Author Share Posted December 5, 2006 when I do that it stops working all toghether....I get a blank page no errors .... Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-135607 Share on other sites More sharing options...
Jay2391 Posted December 5, 2006 Author Share Posted December 5, 2006 i do not understand this ....echo bin2hex(md5($str, TRUE)); ??? Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-135608 Share on other sites More sharing options...
Jay2391 Posted December 5, 2006 Author Share Posted December 5, 2006 Any Ideas ???of why that happend ??? Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-135675 Share on other sites More sharing options...
the_oliver Posted December 5, 2006 Share Posted December 5, 2006 So all the md5() part is doing is taking your origional 'word' used as a password, and changing it into a whole load of random letters and numbers. For example if you type [code]echo md5('password'); [/code]your browser will print 5f4dcc3b5aa765d61d8327deb882cf99. This is the 'md5 version' of the word password. The idea basicly beeing that your not going to remember or reconise a random string of numbers and letters that long. There for no one is going to know that 5f4dcc3b5aa765d61d8327deb882cf99 meens password. The other important thing is that there is no way to reverse the prosses. There is no way of typing in that random string and getting the word password back.So the important thing is how you can use it. For example, when a user registers on your site they type in the password they want into a text field. Then your script will take this word and convert it into an md5 string : [code]md5($_POST['password'])[/code] It is then this string, not the password that is stored in the database, meening no one can just reed the password off.Next when the user tries to log in, you take agian the plaing word they type, convert it into and md5 string, and check this string against the one in the database, in exactly the same way you were with the strate text.Dont forget however that you will have to convert all your old passwords to an md5 string. Hope this makes sence. Let us know how it goes. Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-135773 Share on other sites More sharing options...
marcus Posted December 5, 2006 Share Posted December 5, 2006 You also want to make sure your password field in your database is atleast 32 characters (varchar(255)) Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-135778 Share on other sites More sharing options...
Who Posted December 6, 2006 Share Posted December 6, 2006 [quote author=mgallforever link=topic=117461.msg479382#msg479382 date=1165362586]You also want to make sure your password field in your database is atleast 32 characters (varchar(255))[/quote]You mean make it CHAR(32). Making it a VARCHAR(255) is pointless. Even VARCHAR(32) would be better, from a theoretical standpoint, even though it would use up as much space as VARCHAR(255). Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-135859 Share on other sites More sharing options...
marcus Posted December 6, 2006 Share Posted December 6, 2006 Yeah, I'm just pointing out the max for varchar is 255 characters Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-135861 Share on other sites More sharing options...
redarrow Posted December 6, 2006 Share Posted December 6, 2006 a bit of advice md5 can be brute forced and i say it always good to use salt as well good luck. Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-135864 Share on other sites More sharing options...
Jay2391 Posted December 6, 2006 Author Share Posted December 6, 2006 I get all that but what I get is different ....I have my field set up as a varchar (100) and my password is just the word Hello...when i put this in $password = md5($_POST['password']);my page stops working when i take the md5 out it works but is not a password field. Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-136139 Share on other sites More sharing options...
trq Posted December 6, 2006 Share Posted December 6, 2006 Post your code. This...[code=php:0]$password = md5($_POST['password']);[/code]should cause no such problems. Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-136144 Share on other sites More sharing options...
Psycho Posted December 6, 2006 Share Posted December 6, 2006 [quote author=redarrow link=topic=117461.msg479470#msg479470 date=1165372948]a bit of advice md5 can be brute forced and i say it always good to use salt as well good luck.[/quote]MD5 cannot be decrypted through brute force. It is a one way "hashing" and cannot be decrypted. Since an MD5 hash is a 32 character code, there are only a finite number of possible hashes, but you can hash an infinite number of values. In fact, for every MD5 has there is an infinite number of values that could have generated that hash. Those matches are called collisions.However, there are dictionary lookup tables for MD5. This is a table that has hundreds or thousands of common words and phrases with their associated MD5 value. That is why using a "strong" password is important. And, MD5 could be cracked through brute force by trying password, after password in the login, but that is true of ANY sort of encryption or hashing, Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-136146 Share on other sites More sharing options...
Jay2391 Posted December 6, 2006 Author Share Posted December 6, 2006 This is the code....when i add the md5 to the password variable ... I get a blank page no errors... when i take it off i get a user name and password box and it adds the records but I can see the password.so the issue is not that I put it in and it dosen't come as a password is that I get a blank page with no options[attachment deleted by admin] Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-136413 Share on other sites More sharing options...
Psycho Posted December 6, 2006 Share Posted December 6, 2006 Your query is most likely failing since your code would only output content tot he page if $result is valid. Try adding some debuggin. change your query call to this:$result = mysql_query($sql, $tc) OR die ("The query:<br>".$sql."Caused the following error:<br>".mysql_error()); Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-136442 Share on other sites More sharing options...
Jay2391 Posted December 7, 2006 Author Share Posted December 7, 2006 this is the error i got but line 36 is the end of the php code ???now I am confuseParse error: parse error, unexpected $end in C:\XAMPP\xampp\htdocs\MDO\MD_User.php on line 36 Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-137011 Share on other sites More sharing options...
Jay2391 Posted December 7, 2006 Author Share Posted December 7, 2006 I figure out the las erro i was missing a "}"but now i get this The query:INSERT INTO mdo_users ( loginName, password ) VALUES ( "", "d41d8cd98f00b204e9800998ecf8427e" )Caused the following error: Duplicate entry '' for key 1 Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-137018 Share on other sites More sharing options...
redbullmarky Posted December 7, 2006 Share Posted December 7, 2006 you need to set up an auto-incrementing primary (unique) key for the users table.taith, just out of interest, why is this faster:[quote author=taith link=topic=117461.msg479204#msg479204 date=1165343751]just as a subnote... this is about 2-3x fasterEdited:[code]$password = bin2hex(md5($_POST['password']));[/code][/quote]than the previously suggested $password = md5($_POST['password']) ? Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-137023 Share on other sites More sharing options...
Psycho Posted December 7, 2006 Share Posted December 7, 2006 [quote author=redbullmarky link=topic=117461.msg480639#msg480639 date=1165514816]you need to set up an auto-incrementing primary (unique) key for the users table.taith, just out of interest, why is this faster:[quote author=taith link=topic=117461.msg479204#msg479204 date=1165343751]just as a subnote... this is about 2-3x fasterEdited:[code]$password = bin2hex(md5($_POST['password']));[/code][/quote]than the previously suggested $password = md5($_POST['password']) ?[/quote]I was interested by that comment as well and did a test. My results found that using [b]$password = bin2hex(md5($_POST['password']));[/b] was approximately 50% [i]slower[/i] than using [b]$password = md5($_POST['password']);[/b]Test setup:[code]<?php$_POST['password'] = "this is a password";$time1 = microtime();for ($i=0; $i<100000; $i++) { $password = md5($_POST['password']);}$time2 = microtime();$time3 = microtime();for ($i=0; $i<100000; $i++) { $password = bin2hex(md5($_POST['password']));}$time4 = microtime();echo "MD5 encryption = " . ($time2-$time1);echo "<br>BinHex w/MD5 encryption = " . ($time4-$time3);?>[/code]Results:MD5 encryption = -0.429113BinHex w/MD5 encryption = 0.692464 Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-137039 Share on other sites More sharing options...
drifter Posted December 7, 2006 Share Posted December 7, 2006 I was questioning the bin2hex thing as well - so I set up a quick test to run 1000 loops -bin2hex wins, but the exact syntax is bin2hex(md5('word',true))Here is the linkhttp://corelevelrea.com/test/isset.php?word=somethingyou can put in anything in query string for word and it will encode that.3 times faster seems to be the case to me.[code]<?$usethis='apple';if($_GET['word']){ $usethis=$_GET['word'];}echo "1000 loops used<br>"; $mtime = microtime(); $mtime = explode(' ', $mtime); $mtime = $mtime[1] + $mtime[0]; $starttime = $mtime; for($i=0;$i<1000;$i++){ $hash = bin2hex( md5($usethis, true) ); } echo $hash ."<br>"; $mtime = microtime(); $mtime = explode(" ", $mtime); $mtime = $mtime[1] + $mtime[0]; $endtime = $mtime; $totaltime = ($endtime - $starttime); $starttime=$endtime; echo 'bin2hex( md5(\'' . $usethis . '\', true) ) - ' .$totaltime. ' seconds.<br>';echo "<br>"; $mtime = microtime(); $mtime = explode(' ', $mtime); $mtime = $mtime[1] + $mtime[0]; $starttime = $mtime; for($i=0;$i<1000;$i++){ $hash = md5($usethis); } echo $hash ."<br>"; $mtime = microtime(); $mtime = explode(" ", $mtime); $mtime = $mtime[1] + $mtime[0]; $endtime = $mtime; $totaltime = ($endtime - $starttime); $starttime=$endtime; echo 'md5(\'' . $usethis . '\') - ' .$totaltime. ' seconds.<br>';?>[/code] Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-137056 Share on other sites More sharing options...
Jay2391 Posted December 7, 2006 Author Share Posted December 7, 2006 I apreciate all the help my error is on the field where the post takes place it gives a value .... like you see below I couldn't figure out what i did wrong but i created a table and make that my input field...Thanks!!! ::)If you know a better way on how to make this two post field i will apreciate your input!!!if((!$loginName) and (!$password)){ $form ="Submit user"; $form.="<form action=\"$self\""; $form.=" method=\"post\">Login Name:"; $form.="<input type=\"text\" name=\"loginName\""; $form.=" value=\"$loginName\">Password:"; $form.="<input type=\"text\" name=\"password\""; $form.=" value=\"$password\">"; $form.="<input type=\"submit\" value=\"Submit\">"; $form.="</form>"; echo ( $form ); } Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-137057 Share on other sites More sharing options...
Psycho Posted December 7, 2006 Share Posted December 7, 2006 [quote author=drifter link=topic=117461.msg480673#msg480673 date=1165519551]I was questioning the bin2hex thing as well - so I set up a quick test to run 1000 loops -bin2hex wins, but the exact syntax is bin2hex(md5('word',true))Here is the linkhttp://corelevelrea.com/test/isset.php?word=somethingyou can put in anything in query string for word and it will encode that.3 times faster seems to be the case to me.[code]<?$usethis='apple';if($_GET['word']){ $usethis=$_GET['word'];}echo "1000 loops used<br>"; $mtime = microtime(); $mtime = explode(' ', $mtime); $mtime = $mtime[1] + $mtime[0]; $starttime = $mtime; for($i=0;$i<1000;$i++){ $hash = bin2hex( md5($usethis, true) ); } echo $hash ."<br>"; $mtime = microtime(); $mtime = explode(" ", $mtime); $mtime = $mtime[1] + $mtime[0]; $endtime = $mtime; $totaltime = ($endtime - $starttime); $starttime=$endtime; echo 'bin2hex( md5(\'' . $usethis . '\', true) ) - ' .$totaltime. ' seconds.<br>';echo "<br>"; $mtime = microtime(); $mtime = explode(' ', $mtime); $mtime = $mtime[1] + $mtime[0]; $starttime = $mtime; for($i=0;$i<1000;$i++){ $hash = md5($usethis); } echo $hash ."<br>"; $mtime = microtime(); $mtime = explode(" ", $mtime); $mtime = $mtime[1] + $mtime[0]; $endtime = $mtime; $totaltime = ($endtime - $starttime); $starttime=$endtime; echo 'md5(\'' . $usethis . '\') - ' .$totaltime. ' seconds.<br>';?>[/code][/quote]Because you have two different variables in that code, the results don't tell you much. If you used the TRU operator on the MD5 only encryption, it will run faster than the bin2hex & MD5. When conducting such tests you should only vary one variable. Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-137110 Share on other sites More sharing options...
drifter Posted December 7, 2006 Share Posted December 7, 2006 OK I changed my code to see the extra test you mention. And you are right with out the bin2hex it is just as fast when including true. Only thing is that the output is different.md5($something)==bin2hex(md5($something,true))md5($something)!=md5($something,true)bin2hex(md5($something,true)) is 3-5 times faster then md5($something) Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-137135 Share on other sites More sharing options...
Psycho Posted December 7, 2006 Share Posted December 7, 2006 Wow, you are absolutely right. That makes no sense to me that you could get the same results from running the two operations AND having a faster response time. I could probably research it, but considering each operation takes around a millisecond I think I'll just accept it. Quote Link to comment https://forums.phpfreaks.com/topic/29558-md5-encryption/#findComment-137160 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.