OuisVN Posted October 28, 2015 Share Posted October 28, 2015 I need help i need remove all md5 and others hashings in this codes Validate: http://pastebin.com/wLENt5df and Register/Login: http://pastebin.com/gG0fK7ys In register/login i remove md5 $loginKey = md5(time() . json_encode($_POST)); to $loginKey = time() . json_encode($_POST); AND 'password' => $mysql->hash($_POST['pass']), to 'password' => $mysql->$_POST['pass'], but i need remove md5 in validate, please help me Quote Link to comment Share on other sites More sharing options...
QuickOldCar Posted October 28, 2015 Share Posted October 28, 2015 What you should do instead is use pdo with prepared statements, password_hash() and password_verify() Quote Link to comment Share on other sites More sharing options...
OuisVN Posted October 28, 2015 Author Share Posted October 28, 2015 what I want is to remove me because it has generated many problems. Saved password that is such which entered. I hope you can help me. Quote Link to comment Share on other sites More sharing options...
0x00 Posted October 28, 2015 Share Posted October 28, 2015 As you call hash(), the third parameter lets you specify the algorithm. Quote Link to comment Share on other sites More sharing options...
OuisVN Posted October 28, 2015 Author Share Posted October 28, 2015 static function hash($str, $rawsalt = '', $hash = 'sha512') { if($rawsalt == '') { $rawsalt = self::rand(((strlen($str) % 3) + 1) * 5); } $loc = array(hash('sha1', $rawsalt), hash('sha1', $str), ''); foreach(str_split($loc[0], 1) as $index => $character) { $loc[2] .= $character . $loc[1][$index]; } $hash = hash($hash, $loc[2]); return substr_replace($hash, $rawsalt, (strlen($str) << 2) % strlen($hash), 0); } static function validate($str, $hash, $engine = 'sha512') { $salt = substr($hash, (strlen($str) << 2) % strlen(hash($engine, 1)), ((strlen($str) % 3) + 1) * 5); return self::hash($str, $salt, $engine) === $hash ? true : false; } I need remove hash, sha512, md5 and other hashings without damage code Quote Link to comment Share on other sites More sharing options...
QuickOldCar Posted October 28, 2015 Share Posted October 28, 2015 I see you are using pdo, my question is how would you make an accurate comparison if changed it now. Rewrite it and do it the more secure way, email your users to make a new password. Quote Link to comment Share on other sites More sharing options...
0x00 Posted October 28, 2015 Share Posted October 28, 2015 @OuisVN, er... are you wanting to store the password without hashing it? That really isn't the way to do it, mainly because its insecure... Quote Link to comment Share on other sites More sharing options...
OuisVN Posted October 28, 2015 Author Share Posted October 28, 2015 it's just for a project, for that reason I want to remove the md5. Quote Link to comment Share on other sites More sharing options...
sKunKbad Posted October 29, 2015 Share Posted October 29, 2015 If these are user passwords to a site where the login is an email address w/ password, then there really is no harm in deleting everyone's password as long as there is a password reset feature. You'd really want to enforce the new stronger passwords anyway. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.