hash function

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
cade
Forum Commoner
Posts: 55
Joined: Tue Jul 03, 2007 8:18 pm

hash function

Post by cade »

I have a table which stores user's password. The password is hashed using coldfusion from another application. My problem is, I'm unable to access the password in PHP. I have tried php md5 function to unhash it. Does anyone has fully working code for this?
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: hash function

Post by VladSun »

cade wrote:I have tried php md5 function to unhash it.
You can't "unhash" it. Instead, use md5 or whatever hashing coldfusion uses to compare user input with the stored hashed value.
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Re: hash function

Post by superdezign »

cade wrote:My problem is, I'm unable to access the password in PHP.
You shouldn't ever need the password.
cade
Forum Commoner
Posts: 55
Joined: Tue Jul 03, 2007 8:18 pm

Post by cade »

sorry i dont know what you mean? Could you clarify? Is there any option for me to unhash it
EricS
Forum Contributor
Posts: 183
Joined: Thu Jul 11, 2002 12:02 am
Location: Atlanta, Ga

Post by EricS »

One of the main reasons people use hashes is because they AREN'T supposed to be reversible and they are generally fast. Now depending on the hashing algorithm, that may or may not be true in this case.

To validate the user, you must determine which algorithm was used by ColdFusion to hash the password. Many times this can be identified just by looking at the length of the hashed password.

Once you have identified the hashing algorithm. You can then hash passwords (using the same algorithm in PHP) provided by users and compare the PHP hash to the one stored in the database.
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

MD5 is 32 chars long, SHA1 is higher. If SHA256 or another one was used (check the Coldfusion docs for whatever hash function you used) you may need the mhash or hash extension enabled.
lnt
Forum Newbie
Posts: 12
Joined: Mon Sep 24, 2007 8:47 am

Post by lnt »

Use the same algorithm to encode user input, eg md5($_POST['password']), and compare with what you saved in database to authenticate the user.
Post Reply