Results 1 to 4 of 4

Thread: password to password(md5) and back

  1. #1
    Join Date
    Mar 2006
    Location
    Belgium
    Posts
    81
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Default password to password(md5) and back

    I found a little script to easily insert items into a MySQL dbase. I modified it a bit with the very little knowledge I have on php to accomodate my needs.
    Amazingly it worked fine.
    Now i would like to check the list on a website (without having to go into phpmyadmin). I also found a script that would do fine with some adjusting.
    And here lies problem.
    In the 1st script i changed the password to an encrypted on.
    I would like to reverse it in the 2nd.
    Here are both scripts so u can see what i'm talking about

    Script 1 : putting data in dbase
    PHP Code:
    <?php

    $host
    ="localhost"// Host name 
    $username="*****"// Mysql username 
    $password="*****"// Mysql password 
    $db_name="*****"// Database name 
    $tbl_name="leden"// Table name 

    // Connect to server and select database.
    mysql_connect("$host""$username""$password")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB");

    // Get values from form 
    $lid=$_POST['lid'];
    $pasw=$_POST['pasw'];

    $pasw_md5=md5($pasw);

    // Insert data into mysql 
    $sql="INSERT INTO $tbl_name(lid, pasw_md5)VALUES('$lid', '$pasw_md5')";
    $result=mysql_query($sql);

    // if successfully insert data into database, displays message "Successful". 
    if($result){
    echo 
    "Successful";
    echo 
    "<BR>";
    echo 
    "<a href='invoeg.php'>Back to main page</a>";
    }

    else {
    echo 
    "ERROR";
    }

    // close connection 
    mysql_close();
    ?>
    Script 2 : retrieving data and outputting it in a table
    PHP Code:
    <?php

    $host
    ="localhost"// Host name 
    $username="*****"// Mysql username 
    $password="*****"// Mysql password 
    $db_name="*****"// Database name 
    $tbl_name="leden"// Table name 

    // Connect to server and select database.
    mysql_connect("$host""$username""$password")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB");

    // Retrieve data from database 
    $sql="SELECT * FROM $tbl_name";
    $result=mysql_query($sql);

    // Start looping rows in mysql database.
    while($rows=mysql_fetch_array($result)){
    ?>
    <table width="500" border="1" cellspacing="0" cellpadding="3">
    <tr>
    <td width="20%"><? echo $rows['id']; ?></td>
    <td width="50%"><? echo $rows['lid']; ?></td>
    <td width="30%"><? echo $rows['pasw']; ?></td>
    </tr>
    </table>

    <?
    // close while loop 
    }

    // close connection 
    mysql_close();
    ?>
    I know i have to put somewhere a line to change the encrypted password back to normal.

    Can anyone help me on this?

  2. #2
    Join Date
    May 2006
    Location
    Sydney, Australia - Near the coast.
    Posts
    1,995
    Thanks
    0
    Thanked 8 Times in 7 Posts

    Default

    You can't reverse MD5.
    Peter - alotofstuffhere[dot]com - Email Me - Donate via PayPal - Got spare hardware? Donate 'em to me :) Just send me a PM.
    Currently: enjoying the early holidays :)
    Read before posting: FAQ | What you CAN'T do with JavaScript | Form Rules | Thread Title Naming Guide

  3. #3
    Join Date
    Mar 2006
    Location
    Belgium
    Posts
    81
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Default

    Thanks.
    So i guess I have to get a login script and check all the passwords manually.

  4. #4
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    md5 is entirely secure* because it cannot be reversed; that's the point. Any input generates a 32 character hash, which by odds won't be a duplicate (since ANYTHING can be used as input, including files, there are infinite inputs to every output, but just unlikely, and really long-- I doubt more than 10 passwords under 15 characters actually overlap, but that's getting off topic).
    This allows you to compare a new password easily, though:
    if (md5($sentpass)==$storedmd5pass) { ...they match... }


    (*md5 is actually a bit older now, and there are a few decryption databases-- just based on stored pairs of inputs and outputs; if you MUST have a secure system, look into using a different algorithm, like sha1, or md6 (coming soon, I believe), or a combination, like md5(sha1($a)), etc.)
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •