md5() problem

**devil_vin** · 10-28-2007, 08:04 AM

Hi,guys! I have some user records in database which need to encrpyt their password by using md5().So, i write a piece of code to set passwords to encrypted value.

PHP Code:


<?php 

include("dbconn.cfg"); 

$tbl_name1 = "member"; 

$tbl_name2 = "staff"; 

$result1 = mysql_query("SELECT * FROM $tbl_name1"); 

$result2 = mysql_query("SELECT * FROM $tbl_name2"); 



while($row = mysql_fetch_array($result1)){ 

      $encrypted1 = md5($row['password']); 

      mysql_query("UPDATE member SET password = '".$encrypted1."' WHERE 

                  `member_id` = '".$row['member_id']."'"); 

} 



while($row = mysql_fetch_array($result2)){ 

      $encrypted2 = md5($row['password']); 

      mysql_query("UPDATE staff SET password = '".$encrypted2."' WHERE 

                  `staff_id` = '".$row['staff_id']."'"); 

} 



?>

After run the above script once,I noticed that passwords are being encrypted,then modified the login script to validate user typed password.
with encrypted password

PHP Code:


$tbl_name1 = "member"; 

$tbl_name2 = "staff"; 



$select1 = "SELECT * FROM $tbl_name1 WHERE 

                  email = '" . $_REQUEST['email'] . "' 

           AND password = '" . MD5($_REQUEST['password']) . "' "; 



$select2 = "SELECT name FROM $tbl_name2 WHERE 

                 email = '" . $_REQUEST['email'] . "' 

         AND password = '" . MD5($_REQUEST['password']) . "' ";

Well, the problem arise here is I can't login also when typing the correct password.

**insanemonkey** · 10-28-2007, 08:10 AM

you have md5 capitalized

Code:

$tbl_name1 = "member";  
$tbl_name2 = "staff";  

$select1 = "SELECT * FROM $tbl_name1 WHERE  
                  email = '" . $_REQUEST['email'] . "'  
           AND password = '" . md5($_REQUEST['password']) . "' ";  

$select2 = "SELECT name FROM $tbl_name2 WHERE  
                 email = '" . $_REQUEST['email'] . "'  
         AND password = '" . md5($_REQUEST['password']) . "' ";

**devil_vin** · 10-28-2007, 09:53 AM

Not really. I have tried that before.

**devil_vin** · 10-28-2007, 10:35 AM

Problem resolved.It is about field length of password.I set it only for varchar(15),not really enough for hashed value

**Twey** · 10-28-2007, 08:10 PM

PHP is case-insensitive for function and variable names. I suggest using the MySQL function MD5() rather than the PHP one. It will neaten your code somewhat.

**djr33** · 10-29-2007, 01:47 AM

Case insensitive for functions; strictly case sensitive for variables, though.

In this case, using it in mysql would be simpler, but it would result in less control, if you were to desire comparing the value later, etc. If you're not storing it in the php, though [as a varaible], then just go ahead and use the mysql function.

Thread: md5() problem

Thread Tools

Search Thread

md5() problem

Bookmarks

Bookmarks

Posting Permissions