PDA

View Full Version : password to password(md5) and back



Rohan72
10-31-2007, 06:46 AM
I found a little script to easily insert items into a MySQL dbase. I modified it a bit with the very little knowledge I have on php to accomodate my needs.
Amazingly it worked fine.
Now i would like to check the list on a website (without having to go into phpmyadmin). I also found a script that would do fine with some adjusting.
And here lies problem.
In the 1st script i changed the password to an encrypted on.
I would like to reverse it in the 2nd.
Here are both scripts so u can see what i'm talking about

Script 1 : putting data in dbase

<?php

$host="localhost"; // Host name
$username="*****"; // Mysql username
$password="*****"; // Mysql password
$db_name="*****"; // Database name
$tbl_name="leden"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Get values from form
$lid=$_POST['lid'];
$pasw=$_POST['pasw'];

$pasw_md5=md5($pasw);

// Insert data into mysql
$sql="INSERT INTO $tbl_name(lid, pasw_md5)VALUES('$lid', '$pasw_md5')";
$result=mysql_query($sql);

// if successfully insert data into database, displays message "Successful".
if($result){
echo "Successful";
echo "<BR>";
echo "<a href='invoeg.php'>Back to main page</a>";
}

else {
echo "ERROR";
}

// close connection
mysql_close();
?>

Script 2 : retrieving data and outputting it in a table

<?php

$host="localhost"; // Host name
$username="*****"; // Mysql username
$password="*****"; // Mysql password
$db_name="*****"; // Database name
$tbl_name="leden"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Retrieve data from database
$sql="SELECT * FROM $tbl_name";
$result=mysql_query($sql);

// Start looping rows in mysql database.
while($rows=mysql_fetch_array($result)){
?>
<table width="500" border="1" cellspacing="0" cellpadding="3">
<tr>
<td width="20%"><? echo $rows['id']; ?></td>
<td width="50%"><? echo $rows['lid']; ?></td>
<td width="30%"><? echo $rows['pasw']; ?></td>
</tr>
</table>

<?
// close while loop
}

// close connection
mysql_close();
?>

I know i have to put somewhere a line to change the encrypted password back to normal.

Can anyone help me on this?

tech_support
10-31-2007, 06:52 AM
You can't reverse MD5.

Rohan72
10-31-2007, 07:03 AM
Thanks.
So i guess I have to get a login script and check all the passwords manually.

djr33
10-31-2007, 11:11 AM
md5 is entirely secure* because it cannot be reversed; that's the point. Any input generates a 32 character hash, which by odds won't be a duplicate (since ANYTHING can be used as input, including files, there are infinite inputs to every output, but just unlikely, and really long-- I doubt more than 10 passwords under 15 characters actually overlap, but that's getting off topic).
This allows you to compare a new password easily, though:
if (md5($sentpass)==$storedmd5pass) { ...they match... }


(*md5 is actually a bit older now, and there are a few decryption databases-- just based on stored pairs of inputs and outputs; if you MUST have a secure system, look into using a different algorithm, like sha1, or md6 (coming soon, I believe), or a combination, like md5(sha1($a)), etc.)