Page 1 of 1
php with md5 algorithm
Posted: Tue Jul 13, 2010 1:33 pm
by heshan
Hi,
My project consists of a registration form and a login form.
Registration details are goes into the the database.(phpMyadmin)
I use md5 algorithm to encrypt users password.
Thereafter users should be able to login to the system via login form.
But the md5 does not supporting decrypting password.
Can anyone give me a solution.
Thanks,
Heshan.
Re: php with md5 algorithm
Posted: Tue Jul 13, 2010 1:49 pm
by internet-solution
In your login form take user input as password, then encrypt with md5 (use the same salt as you did during registration), then match this encrypted password with the encrypted password stored in mySQL.
Re: php with md5 algorithm
Posted: Thu Jul 15, 2010 7:25 am
by heshan
Can you show me by giving an example code?
It will be useful for me,
Thank you,
Heshan.
Re: php with md5 algorithm
Posted: Thu Jul 15, 2010 7:57 am
by internet-solution
Code: Select all
$userID = $_POST['txtUserId'];
$userPass = $_POST['txtPassword'];
$hashPass = md5($userPass);
//open db connection etc
$query = sprintf("SELECT * FROM `user` WHERE userName='%s' AND password = '%s'",
mysql_real_escape_string($userID),
$hashPass);
$result =mysql_query($query) or die('Query failed. ' . mysql_error());
if (mysql_num_rows($result) == 1)
{
//successful login
//do something useful here
exit;
}
else
{
$errorMessage = 'Sorry, wrong user id / password';
exit;
}
edit: PASSWORD() function removed
Re: php with md5 algorithm
Posted: Thu Jul 15, 2010 8:12 am
by Apollo
internet-solution wrote:
SELECT * FROM `user` WHERE userName='%s' AND password = PASSWORD('%s')
You should
not use the PASSWORD() function here, just
password='%s' (with %s being the md5 checksum of the password).
TS, obviously md5($userPass) is also what you store when the user registers.
See also the
MySQL PASSWORD() manual entry:
The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead.
Furthermore, you should use better hashing (e.g. sha512 instead of md5) and add dynamic salt. Check out Mordred's
Password hashing howto and hownotto article.
Re: php with md5 algorithm
Posted: Fri Jul 16, 2010 12:49 pm
by heshan
Thank you all for your support
