md5() problem [Archive] - Dynamic Drive Forums

View Full Version : md5() problem

devil_vin

10-28-2007, 08:04 AM

Hi,guys! I have some user records in database which need to encrpyt their password by using md5().So, i write a piece of code to set passwords to encrypted value.

<?php
include("dbconn.cfg");
$tbl_name1 = "member";
$tbl_name2 = "staff";
$result1 = mysql_query("SELECT * FROM $tbl_name1");
$result2 = mysql_query("SELECT * FROM $tbl_name2");

while($row = mysql_fetch_array($result1)){
$encrypted1 = md5($row['password']);
mysql_query("UPDATE member SET password = '".$encrypted1."' WHERE
`member_id` = '".$row['member_id']."'");
}

while($row = mysql_fetch_array($result2)){
$encrypted2 = md5($row['password']);
mysql_query("UPDATE staff SET password = '".$encrypted2."' WHERE
`staff_id` = '".$row['staff_id']."'");
}

?>

After run the above script once,I noticed that passwords are being encrypted,then modified the login script to validate user typed password.
with encrypted password

$tbl_name1 = "member";
$tbl_name2 = "staff";

$select1 = "SELECT * FROM $tbl_name1 WHERE
email = '" . $_REQUEST['email'] . "'
AND password = '" . MD5($_REQUEST['password']) . "' ";

$select2 = "SELECT name FROM $tbl_name2 WHERE
email = '" . $_REQUEST['email'] . "'
AND password = '" . MD5($_REQUEST['password']) . "' ";

Well, the problem arise here is I can't login also when typing the correct password.

insanemonkey

10-28-2007, 08:10 AM

you have md5 capitalized

$tbl_name1 = "member";
$tbl_name2 = "staff";

$select1 = "SELECT * FROM $tbl_name1 WHERE
email = '" . $_REQUEST['email'] . "'
AND password = '" . md5($_REQUEST['password']) . "' ";

$select2 = "SELECT name FROM $tbl_name2 WHERE
email = '" . $_REQUEST['email'] . "'
AND password = '" . md5($_REQUEST['password']) . "' ";

devil_vin

10-28-2007, 09:53 AM

Not really. I have tried that before.

devil_vin

10-28-2007, 10:35 AM

Problem resolved.It is about field length of password.I set it only for varchar(15),not really enough for hashed value

Twey

10-28-2007, 08:10 PM

PHP is case-insensitive for function and variable names. I suggest using the MySQL function MD5() rather than the PHP one. It will neaten your code somewhat.

djr33

10-29-2007, 01:47 AM

Case insensitive for functions; strictly case sensitive for variables, though.

In this case, using it in mysql would be simpler, but it would result in less control, if you were to desire comparing the value later, etc. If you're not storing it in the php, though [as a varaible], then just go ahead and use the mysql function.