inserting certain chars into db

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

inserting certain chars into db

Post by John Cartwright »

OK my problem is I want to securly encrypt and decrypt md5 passwords:

So i look on php.net and find this function to encrypt it

Code: Select all

<?php
  function crypt_md5($msg,$heslo)
  {
   	$key=$heslo;$sifra="";
   	$key1=binmd5($key);
   	while($msg) 
	{
     	$m=substr($msg,0,16);
     	$msg=substr($msg,16);
    	$sifra.=bytexor($m,$key1,16);
    	$key1=binmd5($key.$key1.$m);
    }
    echo "\n";
    $pass = $sifra;
  	echo $sifra."<br><br>";
	echo $pass;
  }
?>
which works fine... it encrypts the password and returns something like this: à Έ)È×….g

Notice in the function I use both echo $sifra and $pass to ensure they are being set properly... heres is the problem.. furthur down in my code i have the following:

Code: Select all

<?php
				crypt_md5($pass,$key);
				
				@mysql_query("INSERT INTO users SET user='$user',pass='$pass',datejoined='$datejoined',email='$email',access='0'"); 
?>
and it insets it properly to my knowledge.....

but for example i entered my password as: dadsfdfadsfdasdafafdfads (which returns à Ü
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

you need to either return the new password, or use references to modify the passed password..
kettle_drum
DevNet Resident
Posts: 1150
Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England

Post by kettle_drum »

Follow the usual rules for variable scope.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

i'm sorry im feeling stupid right now...

to the both of you: ... what?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

when you call your crypt_md5() function, you are passing it a copy of the variables, so anything you do to those variables inside the function, does not affect the outside data. It's probably best if your function retured the new password value. You then need to store the return from the function into a variable. Use that variable in your query..
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

but in the function it has

$pass = $sifra;

which gives pass its new value
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

$pass inside the function is considered a local variable, not from the global variable space.
Post Reply