nathanmaxsonadil Posted August 17, 2007 Share Posted August 17, 2007 I was wondering how to md5 a password? when regestring? Link to comment https://forums.phpfreaks.com/topic/65492-md5-password/ Share on other sites More sharing options...
Caesar Posted August 17, 2007 Share Posted August 17, 2007 <?php $password = md5($_POST['password']); ?> Link to comment https://forums.phpfreaks.com/topic/65492-md5-password/#findComment-326993 Share on other sites More sharing options...
nathanmaxsonadil Posted August 17, 2007 Author Share Posted August 17, 2007 thanks also what do you use to un md5 it? Link to comment https://forums.phpfreaks.com/topic/65492-md5-password/#findComment-327000 Share on other sites More sharing options...
LiamProductions Posted August 17, 2007 Share Posted August 17, 2007 <?php $pass = $_POST['pass']; $pass = md5($pass); ?> Link to comment https://forums.phpfreaks.com/topic/65492-md5-password/#findComment-327003 Share on other sites More sharing options...
Caesar Posted August 17, 2007 Share Posted August 17, 2007 thanks also what do you use to un md5 it? Technically, it isn't reversible. So to check the db for authentication, you need to see if the password they entered, equals the hash stored in the database. Link to comment https://forums.phpfreaks.com/topic/65492-md5-password/#findComment-327006 Share on other sites More sharing options...
nathanmaxsonadil Posted August 17, 2007 Author Share Posted August 17, 2007 Technically, it isn't reversible. So to check the db for authentication, you need to see if the password they entered, equals the hash stored in the database. How would I do that? Link to comment https://forums.phpfreaks.com/topic/65492-md5-password/#findComment-327025 Share on other sites More sharing options...
SirChick Posted August 17, 2007 Share Posted August 17, 2007 <?php $password = md5($_POST['password']); ?> # wldnt u want to put injection prevention aswell ? Link to comment https://forums.phpfreaks.com/topic/65492-md5-password/#findComment-327027 Share on other sites More sharing options...
wildteen88 Posted August 17, 2007 Share Posted August 17, 2007 no as any input the user submits for the password field will get encoded into a md5 hash. There will be no threat for SQL injection. Link to comment https://forums.phpfreaks.com/topic/65492-md5-password/#findComment-327029 Share on other sites More sharing options...
nathanmaxsonadil Posted August 17, 2007 Author Share Posted August 17, 2007 is this enough? $_POST['username'] = mysql_real_escape_string($_POST['username']); $_POST['email'] = mysql_real_escape_string($_POST['email']); $_POST['password'] = mysql_real_escape_string($_POST['password']); $_POST['password2'] = mysql_real_escape_string($_POST['password2']); $_POST['hidden'] = mysql_real_escape_string($_POST['hidden']); $_POST['username'] = htmlentities($_POST['username']); $_POST['email'] = htmlentities($_POST['email']); $_POST['password'] = htmlentities($_POST['password']); $_POST['password2'] = htmlentities($_POST['password2']); $_POST['hidden'] = htmlentities($_POST['hidden']); Link to comment https://forums.phpfreaks.com/topic/65492-md5-password/#findComment-327031 Share on other sites More sharing options...
dbo Posted August 17, 2007 Share Posted August 17, 2007 I'd also suggest salting md5 passwords. That basically means adding on a bogus string to it before hashing. While you are most likely still safe just using md5 there are dictionaries that include md5 hashes for what might be considered more common words. Link to comment https://forums.phpfreaks.com/topic/65492-md5-password/#findComment-327032 Share on other sites More sharing options...
Hyssar Posted August 17, 2007 Share Posted August 17, 2007 Just in case, you should also strip_tags it ( http://ca.php.net/manual/en/function.strip-tags.php ) $name = strip_tags($name); Also, for a maximum protection, use sha1() instead of md5() $pass = sha1($pass); Then, to authenticate, verify if it matches the one in the database : if (sha1($_POST[pass]) === $database_pass) {...} else {...} Link to comment https://forums.phpfreaks.com/topic/65492-md5-password/#findComment-327058 Share on other sites More sharing options...
LiamProductions Posted August 17, 2007 Share Posted August 17, 2007 You should use the strip tags to strip all the scripts from the username strip_tags() http://www.php.net/strip_tags And you might want to use the trim to stop people from having users like "h e l l o " trim() http://www.php.net/trim Link to comment https://forums.phpfreaks.com/topic/65492-md5-password/#findComment-327083 Share on other sites More sharing options...
wildteen88 Posted August 17, 2007 Share Posted August 17, 2007 And you might want to use the trim to stop people from having users like "h e l l o " trim() http://www.php.net/trim trim only clears whitespace at the begining and end of the string. it does not clear whitespace between characters Link to comment https://forums.phpfreaks.com/topic/65492-md5-password/#findComment-327103 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.