Results 1 to 2 of 2

Thread: md5() with javascript

  1. #1
    Join Date
    Dec 2004
    Posts
    83
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question md5() with javascript

    I'm pulling a password from a database, which was encrypted with MD5. So, my $pass is the variable with MD5 password string.

    I'm trying to do a simple, popup alert to check the password to show a hidden DIV. But, I'm not too familiar with MD5 and I know that javascript does not have that function, so I tried converting it to PHP. It doesn't work, so I wanted to get some help on getting it fixed (if possible) or approaching it from a different perspective. The problem is I still have to deal with MD5.

    Code:
    <?php
    echo "<script type=\"text/javascript\">";
    echo "function rdfShow(obj){";
    echo "var ".$popup." = prompt(\"What's the password?\", \"\");";
    $hash = md5($_GET["popup"]);	
    echo "if(\"".$hash."\" === \"".$pass."\")";
    echo "document.getElementById(obj).style.display = 'block';";
    echo "else";
    echo "alert('Wrong password!');";
    echo "}";
    echo "</script>";
    ?>
    Thanks, a lot for any help.

  2. #2
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    You can not mix PHP and Javascript. PHP happens first, on the server, and then it's over and done with. Javascript happens later, on the client's machine, and has no clue PHP ever existed.

    If the user already entered their password (i.e., $_GET['popup'] is not empty), then use PHP to check the password and include (or don't) the contents before you serve the page.

    Otherwise, you need to use only javascript, or use AJAX to submit the password to the server, where PHP can check it and send a response.

    However, be aware that Javascript passwords are not secure and never will be. Javascript can be manipulated by the user. If you really need security, you need to do it server-side - instead of "hiding" the content, simply don't serve it at all until you have authenticated the user.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •