Create account



CodeIgniter.com Twitter      


Thread Modes
Verifying an md5 password against plain text?

El Forum
Guest
 
#1
11-05-2009, 03:00 PM
[eluser]Cheese[/eluser]
I have a simple log in system with an sql call to check for a username and password, problem is, upon registration I set the password field to be encrypted. Now when I try and log in, the sql call does not return anything since the plain text pass on the client side does not match up against the encrypted hash in the database. Is there a function to compare text strings against hash encryptions or anything like that? Or should I be verifying the password field some other way?

El Forum
Guest
 
#2
11-05-2009, 03:21 PM
[eluser]jedd[/eluser]
Encrypt the login password, and compare the result to the contents of your encrypted field in your database.

El Forum
Guest
 
#3
11-05-2009, 03:52 PM
[eluser]Cheese[/eluser]
Just set the rules of the password field client side to md5 correct? That doesn't seem to be working though for some reason.

El Forum
Guest
 
#4
11-05-2009, 03:56 PM
[eluser]jedd[/eluser]
[quote author="Cheese" date="1257479532"]Just set the rules of the password field client side to md5 correct?
[/quote]

What?

Quote:That doesn't seem to be working though for some reason.

It's probably that extra semicolon on line 27.

El Forum
Guest
 
#5
11-05-2009, 04:02 PM
[eluser]andrewtheandroid[/eluser]
depending on which you use in your database php has a corresponding hash function.

if you use md5 it's md5($str) and similar for sha1. sha is preferred over md5 as apparently md5 is considered unsafe. so in ur php code

Code:
$myDBPassword = ... // from ur database

if(md5($thisFormPassword)==$myDBPassword) { // true
} else { // invalid
}

El Forum
Guest
 
#6
11-05-2009, 04:04 PM
[eluser]andrewtheandroid[/eluser]
oh you using the form_validation helper?

El Forum
Guest
 
#7
11-05-2009, 04:04 PM
[eluser]Cheese[/eluser]
Quote:What?

Sorry, I meant form validation rules, when a user registers for the first time and enters a password in a text box, one of the rules I set for that box was to encrypt the pass to md5. I tried doing the same on the login page, however it seems the pass is still being submitted as plain text.

Quote:It's probably that extra semicolon on line 27.

No no, it's actually an extra curly bracket, and it's on line 28, but that's an unrelated problem. >.>

El Forum
Guest
 
#8
11-05-2009, 04:05 PM
[eluser]Cheese[/eluser]
[quote author="andrewtheandroid" date="1257480149"]depending on which you use in your database php has a corresponding hash function.

if you use md5 it's md5($str) and similar for sha1. sha is preferred over md5 as apparently md5 is considered unsafe. so in ur php code

Code:
$myDBPassword = ... // from ur database

if(md5($thisFormPassword)==$myDBPassword) { // true
} else { // invalid
}
[/quote]

Awesome, thanks. I gotta run now, but I'll see if this works later.

El Forum
Guest
 
#9
11-05-2009, 04:13 PM
[eluser]clip[/eluser]
[quote author="jedd" date="1257479818"]
It's probably that extra semicolon on line 27.
[/quote]

forward slash sarcasm? lol

El Forum
Guest
 
#10
11-05-2009, 04:44 PM
[eluser]BrianDHall[/eluser]
Code:
if (($_POST['seriousness'] - __SARCASM__ - ($user['jedd']['sarcasm_average'] - __SARCASM__) <= 3)
{
   unset($_POST);
   exec('shutdown -h');
   // Go play outside now...

}


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.