md5 encryption

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

dmcglone
Forum Newbie
Posts: 20
Joined: Sun Sep 28, 2003 7:54 pm
Location: Columbus, Ohio

md5 encryption

Post by dmcglone »

Hi all, Im trying to learn how to encrypt a password with md5 and I've built a simple form that takes a password in plain text and converts it to md5, but my problem is, if you go back to the form and try and encrypt another word, the md5 doesn't change from the previous password.

If I change echo md5('password') to echo md5('test') then I finally get a new md5 line.

otherwise, the line stays the same no matter what word you type in the password form box.
Paddy
Forum Contributor
Posts: 244
Joined: Wed Jun 11, 2003 8:16 pm
Location: Hobart, Tas, Aussie
Contact:

Post by Paddy »

Not exactly sure what you are trying to do but this may give you some joy if no one else answers.

http://www.php.net/uniqid
User avatar
nigma
DevNet Resident
Posts: 1094
Joined: Sat Jan 25, 2003 1:49 am

Post by nigma »

Yea, I am don't really understand what you mean. But if what you want to do is store a users password's md5 hash and then when a user attempts to login you check the stored password and compare it to the entered password then all you need to do is the following:

Example (Assumes you will be using the method POST in the login form):

Code: Select all

<?php
$enteredPass = $_POST['password'];
// Check to see if input was entered in the password field here
$correctPass = md5('CORRECTPASSHERE');
if (md5($enteredPass) == $correctPass)
{
  echo 'Authenticated.';
}
else
{
  echo 'Not Authenticated.';
}
?>
dmcglone
Forum Newbie
Posts: 20
Joined: Sun Sep 28, 2003 7:54 pm
Location: Columbus, Ohio

Post by dmcglone »

I didn't know we could paste code, so I'll paste mine here.
the object is to get an md5 and a crypted line for any word entered into the form. the crypt line seems to work correctly and changes every time there's a new word entered into the form. But the md5 password doesn't change anytime after you submit the form for the first time unless the code is changed.

<!--password_creator.php-->
<html>
<head>
<title>Password Creator</title>
</head>
<body>
<form action="generate_passwords.php" method="POST">
<h3>Enter a password to create MD5 and Crypt based passwords.</h3>
Password: <input type="text" name="password">
<input type="submit" name="create" value="Create Passwords!">
</form>
<br><br>
</body>
</html>

<!--generate_passwords.php-->
<?PHP
echo $_POST['password'];
echo "<br /><br />";
echo md5($password);
echo "<br /><br />";
echo crypt('password');
?>
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

You need to modify your code a bit, there's a few typo's and code errors. Instead of:

Code: Select all

<?PHP
echo $_POST['password'];
echo "<br /><br />";
echo md5($password);
echo "<br /><br />";
echo crypt('password');
?>
try:

Code: Select all

if (!empty($_POST['password'])) {
    $password = $_POST['password'];
    echo 'password = '.$password;
    echo '<br />';
    echo 'md5(password) = '.md5($password);
    echo '<br />';
    echo 'crypt(password) = '.crypt($password);
} else {
    echo 'No password entered.';
}
Mac
evilMind
Forum Contributor
Posts: 145
Joined: Fri Sep 19, 2003 10:09 am
Location: Earth

Post by evilMind »

md5 generates a unique hash for each item that you pass to it; when the contents change so does the hash. So you should always get the same md5 for 'foo' no matter how many times you use md5 on it;

example:

Code: Select all

<?php
for ( $i = 0; $i < 1000; $i++) {
   echo md5( 'foo' ) . "<br />\n";
}
?>
will always be the same.

nigma, if you're not sure what you are going to be using ( eg, post or get ) you can always use $_REQUEST instead.
dmcglone
Forum Newbie
Posts: 20
Joined: Sun Sep 28, 2003 7:54 pm
Location: Columbus, Ohio

Post by dmcglone »

that worked. Im starting to wonder if I'll ever get the hang of coding with PHP.

Every tutorial I try never works, and I just bought 2 PHP books and 1 PHP 4 XML and NONE of these books even make use of code when register_globals are off.

It seems the coding standard for PHP changes so quick, that writing a book to teach PHP seems sensless anymore, because by the time the book is published, the standard has changed.
Paddy
Forum Contributor
Posts: 244
Joined: Wed Jun 11, 2003 8:16 pm
Location: Hobart, Tas, Aussie
Contact:

Post by Paddy »

Using $_REQUEST is as risky as having global variables turned on isn't it?
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

Paddy wrote:Using $_REQUEST is as risky as having global variables turned on isn't it?
<OT>IMHO, yes as you are still not testing to ensure that data comes from the expected place - cookie, URL querystring, posted form. I prefer to use $_GET or $_POST etc. as I haven't got any forms which could be posted using either POST or GET. I find it also makes my code easier for other developers to follow.</OT>
dmcglone wrote:Every tutorial I try never works, and I just bought 2 PHP books and 1 PHP 4 XML and NONE of these books even make use of code when register_globals are off.

It seems the coding standard for PHP changes so quick, that writing a book to teach PHP seems sensless anymore, because by the time the book is published, the standard has changed.
The change to register_globals off was made about a year and a half ago and TBH books written before then should generally be avoided as should tutorials. However, once you understand register_globals and when, where and how to use $_GET, $_POST, $_COOKIE, $_SESSION, $_SERVER etc, you should find it possible to adapt the tutorial code so that the other concepts that it is trying to teach work.

Books written with code that is compatible with version 4.2 of PHP should still be useful for some time. Although version 5 is in development it will be a while before that is the standard.
dmcglone wrote:Im starting to wonder if I'll ever get the hang of coding with PHP.
Everybody has to start somewhere, stick with it and you should soon find it starts making more sense.

Mac
dmcglone
Forum Newbie
Posts: 20
Joined: Sun Sep 28, 2003 7:54 pm
Location: Columbus, Ohio

Post by dmcglone »

nigma wrote:Yea, I am don't really understand what you mean. But if what you want to do is store a users password's md5 hash and then when a user attempts to login you check the stored password and compare it to the entered password then all you need to do is the following:

Example (Assumes you will be using the method POST in the login form):

Code: Select all

<?php
$enteredPass = $_POST['password'];
// Check to see if input was entered in the password field here
$correctPass = md5('CORRECTPASSHERE');
if (md5($enteredPass) == $correctPass)
{
  echo 'Authenticated.';
}
else
{
  echo 'Not Authenticated.';
}
?>
This works, but I have to type the password in plain text instead of the md5 encrypted password.

my goal here is to store the password in encrypted code such as $correctPass = md5('a029d0df84eb5549c641e04a9ef389e5
'); which is the md5 encrypted word "mypass", but when doing it this way, and typing "mypass" in the form box, It does not authenticate.

is this possible?
Nay
Forum Regular
Posts: 951
Joined: Fri Jun 20, 2003 11:03 am
Location: Brisbane, Australia

Post by Nay »

Are you typing it as:

Code: Select all

md5("mypass");
or something? :lol:. That's how I understood what you said. You'll have to use something like:

Code: Select all

md5($_POST['mypass'])
-Nay
dmcglone
Forum Newbie
Posts: 20
Joined: Sun Sep 28, 2003 7:54 pm
Location: Columbus, Ohio

Post by dmcglone »

what im trying to say is, everything works fine if and only if I use the password in plain text. For instance

$correctPass = md5('mypass');

this authenticates, because my password is set to "mypass"

Now here is the same thing, except "mypass" is encrypted using md5:

$correctPass = md5('89326269cd0c04ca98e4c3630c541931
');

This does not authenticate when the correct password is used (mypass).

see what im saying?
Nay
Forum Regular
Posts: 951
Joined: Fri Jun 20, 2003 11:03 am
Location: Brisbane, Australia

Post by Nay »

You mean when you match it with the password that was already encrypted, you don't get a match and it doesn't authenticate?

-Nay
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

If you md5 the md5'd value then the two won't match, for example, instead of:

Code: Select all

if (md5('mypass') == md5('89326269cd0c04ca98e4c3630c541931')) {
    echo 'match';
} else {
    echo 'no match';
}
you should have

Code: Select all

if (md5('mypass') == '89326269cd0c04ca98e4c3630c541931') {
    echo 'match';
} else {
    echo 'no match';
}
Mac
evilMind
Forum Contributor
Posts: 145
Joined: Fri Sep 19, 2003 10:09 am
Location: Earth

Post by evilMind »

umm... I try to stay away from it also; $_REQUEST was just for example ;)
Post Reply