md5 encryption
Moderator: General Moderators
md5 encryption
Hi all, Im trying to learn how to encrypt a password with md5 and I've built a simple form that takes a password in plain text and converts it to md5, but my problem is, if you go back to the form and try and encrypt another word, the md5 doesn't change from the previous password.
If I change echo md5('password') to echo md5('test') then I finally get a new md5 line.
otherwise, the line stays the same no matter what word you type in the password form box.
If I change echo md5('password') to echo md5('test') then I finally get a new md5 line.
otherwise, the line stays the same no matter what word you type in the password form box.
-
Paddy
- Forum Contributor
- Posts: 244
- Joined: Wed Jun 11, 2003 8:16 pm
- Location: Hobart, Tas, Aussie
- Contact:
Not exactly sure what you are trying to do but this may give you some joy if no one else answers.
http://www.php.net/uniqid
http://www.php.net/uniqid
Yea, I am don't really understand what you mean. But if what you want to do is store a users password's md5 hash and then when a user attempts to login you check the stored password and compare it to the entered password then all you need to do is the following:
Example (Assumes you will be using the method POST in the login form):
Example (Assumes you will be using the method POST in the login form):
Code: Select all
<?php
$enteredPass = $_POST['password'];
// Check to see if input was entered in the password field here
$correctPass = md5('CORRECTPASSHERE');
if (md5($enteredPass) == $correctPass)
{
echo 'Authenticated.';
}
else
{
echo 'Not Authenticated.';
}
?>I didn't know we could paste code, so I'll paste mine here.
the object is to get an md5 and a crypted line for any word entered into the form. the crypt line seems to work correctly and changes every time there's a new word entered into the form. But the md5 password doesn't change anytime after you submit the form for the first time unless the code is changed.
<!--password_creator.php-->
<html>
<head>
<title>Password Creator</title>
</head>
<body>
<form action="generate_passwords.php" method="POST">
<h3>Enter a password to create MD5 and Crypt based passwords.</h3>
Password: <input type="text" name="password">
<input type="submit" name="create" value="Create Passwords!">
</form>
<br><br>
</body>
</html>
<!--generate_passwords.php-->
<?PHP
echo $_POST['password'];
echo "<br /><br />";
echo md5($password);
echo "<br /><br />";
echo crypt('password');
?>
the object is to get an md5 and a crypted line for any word entered into the form. the crypt line seems to work correctly and changes every time there's a new word entered into the form. But the md5 password doesn't change anytime after you submit the form for the first time unless the code is changed.
<!--password_creator.php-->
<html>
<head>
<title>Password Creator</title>
</head>
<body>
<form action="generate_passwords.php" method="POST">
<h3>Enter a password to create MD5 and Crypt based passwords.</h3>
Password: <input type="text" name="password">
<input type="submit" name="create" value="Create Passwords!">
</form>
<br><br>
</body>
</html>
<!--generate_passwords.php-->
<?PHP
echo $_POST['password'];
echo "<br /><br />";
echo md5($password);
echo "<br /><br />";
echo crypt('password');
?>
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
You need to modify your code a bit, there's a few typo's and code errors. Instead of:
try:
Mac
Code: Select all
<?PHP
echo $_POST['password'];
echo "<br /><br />";
echo md5($password);
echo "<br /><br />";
echo crypt('password');
?>Code: Select all
if (!empty($_POST['password'])) {
$password = $_POST['password'];
echo 'password = '.$password;
echo '<br />';
echo 'md5(password) = '.md5($password);
echo '<br />';
echo 'crypt(password) = '.crypt($password);
} else {
echo 'No password entered.';
}md5 generates a unique hash for each item that you pass to it; when the contents change so does the hash. So you should always get the same md5 for 'foo' no matter how many times you use md5 on it;
example:
will always be the same.
nigma, if you're not sure what you are going to be using ( eg, post or get ) you can always use $_REQUEST instead.
example:
Code: Select all
<?php
for ( $i = 0; $i < 1000; $i++) {
echo md5( 'foo' ) . "<br />\n";
}
?>nigma, if you're not sure what you are going to be using ( eg, post or get ) you can always use $_REQUEST instead.
that worked. Im starting to wonder if I'll ever get the hang of coding with PHP.
Every tutorial I try never works, and I just bought 2 PHP books and 1 PHP 4 XML and NONE of these books even make use of code when register_globals are off.
It seems the coding standard for PHP changes so quick, that writing a book to teach PHP seems sensless anymore, because by the time the book is published, the standard has changed.
Every tutorial I try never works, and I just bought 2 PHP books and 1 PHP 4 XML and NONE of these books even make use of code when register_globals are off.
It seems the coding standard for PHP changes so quick, that writing a book to teach PHP seems sensless anymore, because by the time the book is published, the standard has changed.
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
<OT>IMHO, yes as you are still not testing to ensure that data comes from the expected place - cookie, URL querystring, posted form. I prefer to use $_GET or $_POST etc. as I haven't got any forms which could be posted using either POST or GET. I find it also makes my code easier for other developers to follow.</OT>Paddy wrote:Using $_REQUEST is as risky as having global variables turned on isn't it?
The change to register_globals off was made about a year and a half ago and TBH books written before then should generally be avoided as should tutorials. However, once you understand register_globals and when, where and how to use $_GET, $_POST, $_COOKIE, $_SESSION, $_SERVER etc, you should find it possible to adapt the tutorial code so that the other concepts that it is trying to teach work.dmcglone wrote:Every tutorial I try never works, and I just bought 2 PHP books and 1 PHP 4 XML and NONE of these books even make use of code when register_globals are off.
It seems the coding standard for PHP changes so quick, that writing a book to teach PHP seems sensless anymore, because by the time the book is published, the standard has changed.
Books written with code that is compatible with version 4.2 of PHP should still be useful for some time. Although version 5 is in development it will be a while before that is the standard.
Everybody has to start somewhere, stick with it and you should soon find it starts making more sense.dmcglone wrote:Im starting to wonder if I'll ever get the hang of coding with PHP.
Mac
This works, but I have to type the password in plain text instead of the md5 encrypted password.nigma wrote:Yea, I am don't really understand what you mean. But if what you want to do is store a users password's md5 hash and then when a user attempts to login you check the stored password and compare it to the entered password then all you need to do is the following:
Example (Assumes you will be using the method POST in the login form):Code: Select all
<?php $enteredPass = $_POST['password']; // Check to see if input was entered in the password field here $correctPass = md5('CORRECTPASSHERE'); if (md5($enteredPass) == $correctPass) { echo 'Authenticated.'; } else { echo 'Not Authenticated.'; } ?>
my goal here is to store the password in encrypted code such as $correctPass = md5('a029d0df84eb5549c641e04a9ef389e5
'); which is the md5 encrypted word "mypass", but when doing it this way, and typing "mypass" in the form box, It does not authenticate.
is this possible?
Are you typing it as:
or something?
. That's how I understood what you said. You'll have to use something like:
-Nay
Code: Select all
md5("mypass");Code: Select all
md5($_POST['mypass'])what im trying to say is, everything works fine if and only if I use the password in plain text. For instance
$correctPass = md5('mypass');
this authenticates, because my password is set to "mypass"
Now here is the same thing, except "mypass" is encrypted using md5:
$correctPass = md5('89326269cd0c04ca98e4c3630c541931
');
This does not authenticate when the correct password is used (mypass).
see what im saying?
$correctPass = md5('mypass');
this authenticates, because my password is set to "mypass"
Now here is the same thing, except "mypass" is encrypted using md5:
$correctPass = md5('89326269cd0c04ca98e4c3630c541931
');
This does not authenticate when the correct password is used (mypass).
see what im saying?
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
If you md5 the md5'd value then the two won't match, for example, instead of:
you should have
Mac
Code: Select all
if (md5('mypass') == md5('89326269cd0c04ca98e4c3630c541931')) {
echo 'match';
} else {
echo 'no match';
}Code: Select all
if (md5('mypass') == '89326269cd0c04ca98e4c3630c541931') {
echo 'match';
} else {
echo 'no match';
}