phpSensei Posted July 20, 2007 Share Posted July 20, 2007 I have created a website, with a forum, file upload, news system, and more options but I wont get into details.. I have one quick little question: "Why is Md5 Hashing so important?" I want a straight answer, and not just for security. I just created a user registration field and the password is hashed with md5.. so what? It is a bunch of numbers, and how is this useful? Quote Link to comment Share on other sites More sharing options...
dbo Posted July 20, 2007 Share Posted July 20, 2007 Well how many people use the same password for multiple things? Lots. So if your database gets compromised and someone has various information associated with a user (emails for example) and they get the password they could potentially get access to email accounts, paypal accounts, bank accounts... etc. Furthermore, as an admin you should never be able to see someones password either. Generate a new one for them... sure, but you shouldn't know what it is. These are a couple reasons... I'm sure there are many more examples. Quote Link to comment Share on other sites More sharing options...
phpSensei Posted July 20, 2007 Author Share Posted July 20, 2007 I see now... KK, the password is hashed first, then I insert it in my database and this shows up... "512475d105b974761ab5a28ff5a127". The password I wanted was Apples just for example, then it got hashed. When a user logs in, will it require the password as Apples or the Hashed one? Quote Link to comment Share on other sites More sharing options...
per1os Posted July 20, 2007 Share Posted July 20, 2007 You have to check the hashed password in the DB vs a hashed password. MD5 is a one way hash, it cannot be decrypted. So to check you Hash up the inputed password and see if it equals the one in the DB. Quote Link to comment Share on other sites More sharing options...
corbin Posted July 20, 2007 Share Posted July 20, 2007 You would do something like this: if(isset($_POST['user']) || isset($_POST['pass']) { $user = addslashes(trim($_POST['user'])); $pass = addslashes(trim($_POST['pass'])); $link = mysql_connect(blah, blah, blah) or die('no mysql link'); mysql_select_db(blah) or die('couldn\'t select DB'); $pass_md5 = md5($pass); $q = mysql_query("SELECT id FROM users WHERE user = '{$user}' AND pass = '{$pass_md5}'"); //made up table if(mysql_num_rows($q) > 0) echo 'Valid user!'; else echo 'Blah! Wrong!'; } else { echo '<form action="" method="POST"> <input type="text" name="user" value="" /><br /> <input type="text" name="pass" value="" /><br /> <input type="submit" value="Login!" /> </form> '; } You would rehash the password to compare it.... You can't [easily] find out the password based off a hash, but you can also rehash the valid password, and it will match. Quote Link to comment Share on other sites More sharing options...
dbo Posted July 20, 2007 Share Posted July 20, 2007 But make sure you salt it! Quote Link to comment Share on other sites More sharing options...
phpSensei Posted July 20, 2007 Author Share Posted July 20, 2007 OOOOOOOOMG!!!!!!!!!! IT is so Simple now... In Simple Steps, all you do is hash the password assigned to the username, then match it with the one in the database. Thankyou both. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.