CodeIgniter Forums
Verifying an md5 password against plain text? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forum-21.html)
+--- Thread: Verifying an md5 password against plain text? (/thread-24312.html)

Pages: 1 2


Verifying an md5 password against plain text? - El Forum - 11-05-2009

[eluser]Cheese[/eluser]
I have a simple log in system with an sql call to check for a username and password, problem is, upon registration I set the password field to be encrypted. Now when I try and log in, the sql call does not return anything since the plain text pass on the client side does not match up against the encrypted hash in the database. Is there a function to compare text strings against hash encryptions or anything like that? Or should I be verifying the password field some other way?


Verifying an md5 password against plain text? - El Forum - 11-05-2009

[eluser]jedd[/eluser]
Encrypt the login password, and compare the result to the contents of your encrypted field in your database.


Verifying an md5 password against plain text? - El Forum - 11-05-2009

[eluser]Cheese[/eluser]
Just set the rules of the password field client side to md5 correct? That doesn't seem to be working though for some reason.


Verifying an md5 password against plain text? - El Forum - 11-05-2009

[eluser]jedd[/eluser]
[quote author="Cheese" date="1257479532"]Just set the rules of the password field client side to md5 correct?
[/quote]

What?

Quote:That doesn't seem to be working though for some reason.

It's probably that extra semicolon on line 27.


Verifying an md5 password against plain text? - El Forum - 11-05-2009

[eluser]andrewtheandroid[/eluser]
depending on which you use in your database php has a corresponding hash function.

if you use md5 it's md5($str) and similar for sha1. sha is preferred over md5 as apparently md5 is considered unsafe. so in ur php code

Code:
$myDBPassword = ... // from ur database

if(md5($thisFormPassword)==$myDBPassword) { // true
} else { // invalid
}



Verifying an md5 password against plain text? - El Forum - 11-05-2009

[eluser]andrewtheandroid[/eluser]
oh you using the form_validation helper?


Verifying an md5 password against plain text? - El Forum - 11-05-2009

[eluser]Cheese[/eluser]
Quote:What?

Sorry, I meant form validation rules, when a user registers for the first time and enters a password in a text box, one of the rules I set for that box was to encrypt the pass to md5. I tried doing the same on the login page, however it seems the pass is still being submitted as plain text.

Quote:It's probably that extra semicolon on line 27.

No no, it's actually an extra curly bracket, and it's on line 28, but that's an unrelated problem. >.>


Verifying an md5 password against plain text? - El Forum - 11-05-2009

[eluser]Cheese[/eluser]
[quote author="andrewtheandroid" date="1257480149"]depending on which you use in your database php has a corresponding hash function.

if you use md5 it's md5($str) and similar for sha1. sha is preferred over md5 as apparently md5 is considered unsafe. so in ur php code

Code:
$myDBPassword = ... // from ur database

if(md5($thisFormPassword)==$myDBPassword) { // true
} else { // invalid
}
[/quote]

Awesome, thanks. I gotta run now, but I'll see if this works later.


Verifying an md5 password against plain text? - El Forum - 11-05-2009

[eluser]clip[/eluser]
[quote author="jedd" date="1257479818"]
It's probably that extra semicolon on line 27.
[/quote]

forward slash sarcasm? lol


Verifying an md5 password against plain text? - El Forum - 11-05-2009

[eluser]BrianDHall[/eluser]
Code:
if (($_POST['seriousness'] - __SARCASM__ - ($user['jedd']['sarcasm_average'] - __SARCASM__) <= 3)
{
   unset($_POST);
   exec('shutdown -h');
   // Go play outside now...

}