md5 password

nathanmaxsonadil · August 17, 2007

I was wondering how to md5 a password? when regestring?

Caesar · August 17, 2007

<?php

$password = md5($_POST['password']);

?>

nathanmaxsonadil · August 17, 2007

thanks

also what do you use to un md5 it?

LiamProductions · August 17, 2007

<?php

$pass = $_POST['pass'];

$pass = md5($pass);

?>

Caesar · August 17, 2007

thanks

also what do you use to un md5 it?

Technically, it isn't reversible. So to check the db for authentication, you need to see if the password they entered, equals the hash stored in the database.

nathanmaxsonadil · August 17, 2007

Technically, it isn't reversible. So to check the db for authentication, you need to see if the password they entered, equals the hash stored in the database.

How would I do that?

SirChick · August 17, 2007

<?php

$password = md5($_POST['password']);

?>

#

wldnt u want to put injection prevention aswell ?

wildteen88 · August 17, 2007

no as any input the user submits for the password field will get encoded into a md5 hash. There will be no threat for SQL injection.

nathanmaxsonadil · August 17, 2007

is this enough?

$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$_POST['password'] = mysql_real_escape_string($_POST['password']);
$_POST['password2'] = mysql_real_escape_string($_POST['password2']);
$_POST['hidden'] = mysql_real_escape_string($_POST['hidden']);
$_POST['username'] = htmlentities($_POST['username']);
$_POST['email'] = htmlentities($_POST['email']);
$_POST['password'] = htmlentities($_POST['password']);
$_POST['password2'] = htmlentities($_POST['password2']);
$_POST['hidden'] = htmlentities($_POST['hidden']);

dbo · August 17, 2007

I'd also suggest salting md5 passwords. That basically means adding on a bogus string to it before hashing. While you are most likely still safe just using md5 there are dictionaries that include md5 hashes for what might be considered more common words.

Hyssar · August 17, 2007

Just in case, you should also strip_tags it ( http://ca.php.net/manual/en/function.strip-tags.php )

$name = strip_tags($name);

Also, for a maximum protection, use sha1() instead of md5()

$pass = sha1($pass);

Then, to authenticate, verify if it matches the one in the database :

if (sha1($_POST[pass]) === $database_pass)

{...}

else

{...}

LiamProductions · August 17, 2007

You should use the strip tags to strip all the scripts from the username

strip_tags()

http://www.php.net/strip_tags

And you might want to use the trim to stop people from having users like "h e l l o "

trim()

http://www.php.net/trim

wildteen88 · August 17, 2007

And you might want to use the trim to stop people from having users like "h e l l o "

trim()

http://www.php.net/trim

trim only clears whitespace at the begining and end of the string. it does not clear whitespace between characters

Sign In

md5 password

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information