Log in

View Full Version : md5() with javascript



viktor
01-13-2012, 04:33 PM
I'm pulling a password from a database, which was encrypted with MD5. So, my $pass is the variable with MD5 password string.

I'm trying to do a simple, popup alert to check the password to show a hidden DIV. But, I'm not too familiar with MD5 and I know that javascript does not have that function, so I tried converting it to PHP. It doesn't work, so I wanted to get some help on getting it fixed (if possible) or approaching it from a different perspective. The problem is I still have to deal with MD5.


<?php
echo "<script type=\"text/javascript\">";
echo "function rdfShow(obj){";
echo "var ".$popup." = prompt(\"What's the password?\", \"\");";
$hash = md5($_GET["popup"]);
echo "if(\"".$hash."\" === \"".$pass."\")";
echo "document.getElementById(obj).style.display = 'block';";
echo "else";
echo "alert('Wrong password!');";
echo "}";
echo "</script>";
?>

Thanks, a lot for any help.

traq
01-13-2012, 07:12 PM
You can not mix PHP and Javascript. PHP happens first, on the server, and then it's over and done with. Javascript happens later, on the client's machine, and has no clue PHP ever existed.

If the user already entered their password (i.e., $_GET['popup'] is not empty), then use PHP to check the password and include (or don't) the contents before you serve the page.

Otherwise, you need to use only javascript, or use AJAX to submit the password to the server, where PHP can check it and send a response.

However, be aware that Javascript passwords are not secure and never will be. Javascript can be manipulated by the user. If you really need security, you need to do it server-side - instead of "hiding" the content, simply don't serve it at all until you have authenticated the user.