Page 1 of 1
hash function
Posted: Mon Sep 24, 2007 4:16 am
by cade
I have a table which stores user's password. The password is hashed using coldfusion from another application. My problem is, I'm unable to access the password in PHP. I have tried php md5 function to unhash it. Does anyone has fully working code for this?
Re: hash function
Posted: Mon Sep 24, 2007 7:20 am
by VladSun
cade wrote:I have tried php md5 function to unhash it.
You can't "unhash" it. Instead, use md5 or whatever hashing coldfusion uses to compare user input with the stored hashed value.
Re: hash function
Posted: Mon Sep 24, 2007 7:33 am
by superdezign
cade wrote:My problem is, I'm unable to access the password in PHP.
You shouldn't ever need the password.
Posted: Tue Sep 25, 2007 1:42 am
by cade
sorry i dont know what you mean? Could you clarify? Is there any option for me to unhash it
Posted: Tue Sep 25, 2007 2:12 am
by EricS
One of the main reasons people use hashes is because they AREN'T supposed to be reversible and they are generally fast. Now depending on the hashing algorithm, that may or may not be true in this case.
To validate the user, you must determine which algorithm was used by ColdFusion to hash the password. Many times this can be identified just by looking at the length of the hashed password.
Once you have identified the hashing algorithm. You can then hash passwords (using the same algorithm in PHP) provided by users and compare the PHP hash to the one stored in the database.
Posted: Tue Sep 25, 2007 4:00 am
by Maugrim_The_Reaper
MD5 is 32 chars long, SHA1 is higher. If SHA256 or another one was used (check the Coldfusion docs for whatever hash function you used) you may need the mhash or hash extension enabled.
Posted: Tue Sep 25, 2007 4:08 am
by lnt
Use the same algorithm to encode user input, eg md5($_POST['password']), and compare with what you saved in database to authenticate the user.