php with md5 algorithm

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
heshan
Forum Commoner
Posts: 26
Joined: Tue Jul 13, 2010 1:16 pm

php with md5 algorithm

Post by heshan »

Hi,


My project consists of a registration form and a login form.
Registration details are goes into the the database.(phpMyadmin)
I use md5 algorithm to encrypt users password.

Thereafter users should be able to login to the system via login form.
But the md5 does not supporting decrypting password.

Can anyone give me a solution.

Thanks,
Heshan.
internet-solution
Forum Contributor
Posts: 220
Joined: Thu May 27, 2010 6:27 am
Location: UK

Re: php with md5 algorithm

Post by internet-solution »

In your login form take user input as password, then encrypt with md5 (use the same salt as you did during registration), then match this encrypted password with the encrypted password stored in mySQL.
heshan
Forum Commoner
Posts: 26
Joined: Tue Jul 13, 2010 1:16 pm

Re: php with md5 algorithm

Post by heshan »

Can you show me by giving an example code?
It will be useful for me,

Thank you,
Heshan.
internet-solution
Forum Contributor
Posts: 220
Joined: Thu May 27, 2010 6:27 am
Location: UK

Re: php with md5 algorithm

Post by internet-solution »

Code: Select all

$userID = $_POST['txtUserId'];
	   	$userPass = $_POST['txtPassword'];
	   	$hashPass = md5($userPass);

		 //open db connection etc

	   	$query = sprintf("SELECT * FROM `user` WHERE userName='%s' AND password = '%s'",
			            mysql_real_escape_string($userID),
			            $hashPass);

		$result =mysql_query($query) or die('Query failed. ' . mysql_error());

	   	if (mysql_num_rows($result) == 1)
	   	{
		   	//successful login
		   	//do something useful here

			exit;
	   	}
	   	else
	   	{
			$errorMessage = 'Sorry, wrong user id / password';
			exit;
	   	}
edit: PASSWORD() function removed
Last edited by internet-solution on Thu Jul 15, 2010 9:24 am, edited 1 time in total.
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: php with md5 algorithm

Post by Apollo »

internet-solution wrote: SELECT * FROM `user` WHERE userName='%s' AND password = PASSWORD('%s')
You should not use the PASSWORD() function here, just password='%s' (with %s being the md5 checksum of the password).

TS, obviously md5($userPass) is also what you store when the user registers.

See also the MySQL PASSWORD() manual entry:
The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead.
Furthermore, you should use better hashing (e.g. sha512 instead of md5) and add dynamic salt. Check out Mordred's Password hashing howto and hownotto article.
heshan
Forum Commoner
Posts: 26
Joined: Tue Jul 13, 2010 1:16 pm

Re: php with md5 algorithm

Post by heshan »

Thank you all for your support
:D
Post Reply