PROTECTED]
Sent: Tuesday, August 26, 2003 11:34 AM
Subject: [PHP] MD5 System Password check with PHP
Hello everybody,
I want to authenticate my user from web with PHP
script. The user's passwords are stored in System as
MD5 format (in /etc/shadow).
Can anybody help me?
- Chinmoy
On Tuesday, August 26, 2003, at 04:04 PM, Chinmoy Barua wrote:
Hello everybody,
I want to authenticate my user from web with PHP
script. The user's passwords are stored in System as
MD5 format (in /etc/shadow).
Can anybody help me?
Which part do you want help with?
The form?
The SQl query?
The
Quoting Justin French [EMAIL PROTECTED]:
On Tuesday, August 26, 2003, at 04:04 PM, Chinmoy Barua wrote:
Hello everybody,
I want to authenticate my user from web with PHP
script. The user's passwords are stored in System as
MD5 format (in /etc/shadow).
Can anybody help me?
See
Burhan,
Please try to quote the right person when replying to a thread -- your
messages was, I assume, intended for Chinmoy Barua, not me.
It saves confusion, and keeps the thread more useful and easier to
follow.
Thanks,
Justin French
On Tuesday, August 26, 2003, at 04:17 PM, Burhan wrote:
Quoting Justin French [EMAIL PROTECTED]:
Burhan,
Please try to quote the right person when replying to a thread -- your
messages was, I assume, intended for Chinmoy Barua, not me.
It saves confusion, and keeps the thread more useful and easier to
follow.
My apologies Justin, I
Hi,
I was womdering if it is possible to update a MD5 Digest.
No functions seem te refelect this:
(C code)
MD5_Init(md5_ctx);
MD5_Update(md5_ctx, char *data, int);
MD5_Update(md5_ctx, char *data, int);
MD5_Final(char *dst, md5_ctx);
Notice the two updates, the
Hello All,
Im having trouble with compatibility between MD5 Digest in Perl and in
PHP. They dont give the same results.
Perl
#!/usr/local/bin/perl
use strict;
use Digest::MD5 ();
my $to_be_hashed = Cheese;
my ($hash) = Digest::MD5-md5_hex($to_be_hashed);
print to_be_hashed :
In PHP..
$data = Cheese\n;
- trailing newline char
Steven Carr wrote:
Hello All,
Im having trouble with compatibility between MD5 Digest in Perl and in
PHP. They dont give the same results.
Perl
#!/usr/local/bin/perl
use strict;
use Digest::MD5 ();
my $to_be_hashed = Cheese;
my ($hash) =
hello all,
Cookie noob here :s
how do I add md5 hash so it encrypts the password only in the cookie? and
how do I increase the expire time to 30 days? Here's the snip:
setcookie(pass,$HTTP_POST_VARS[password],time()+(3600*24*7));
Thanks in advanced.
cheers,
- Sebastian
oops, miscounted a postion of the md5 parentheses :-0
Jason k Larson wrote:
First of all, the example you gave is only using one argument to the MD5
function.
Secondly, if you *want* to seed/salt the MD5 with a key you can use:
http://www.php.net/manual/en/ref.mhash.php
--
Jason k Larson
aka:
I don't see anywhere on that page where it shows using a seed. It shows
**selecting a hash algorithm**, but no salt. Maybe that's the second
argument that you're looking at.
Jason k Larson wrote:
First of all, the example you gave is only using one argument to the MD5
function.
Secondly, if
mhash (PHP 3= 3.0.9, PHP 4 )
mhash -- Compute hash
Description:
string mhash ( int hash, string data [, string key])
^ salt/seed/key - whatever you want to
call it
--
Jason k Larson
Dennis Gearon wrote:
I don't see anywhere on that page where it
What page is that on?
BTW, I figured out I could just prepend a long, complex string to
whatever I am hashing and it will 'seed' it before it gets to my stuff.
Jason k Larson wrote:
mhash (PHP 3= 3.0.9, PHP 4 )
mhash -- Compute hash
Description:
string mhash ( int hash, string data [, string
The usage of md5() in PHPLIB show TWO arguments, a seed and the string. Nothing in the
online manual shows 2 args. What's the dealio?
Line 111 from PHPLIB7.2c - session.inc:
$id = $this-that-ac_newid(md5(uniqid($this-magic)), $this-name);
--
PHP General Mailing List (http://www.php.net/)
To
First of all, the example you gave is only using one argument to the MD5 function.
Secondly, if you *want* to seed/salt the MD5 with a key you can use:
http://www.php.net/manual/en/ref.mhash.php
--
Jason k Larson
aka: der Ritter
Dennis Gearon wrote:
The usage of md5() in PHPLIB show TWO arguments,
Having a wee bit o' trouble with a simple md5 script:
for ($x=1 ; $x 62 ; $x++) {
$mypass = sports . $x;
$mypass = md5($mypass);
dbConnect(UPDATE user_login SET password = '$mypass' WHERE
school_id
= $x);
}
For some reason, when I attempt to login with my
Exactly right, John.
Sorry to clutter the forum -- it was a varchar(30)!
Thanks,
--Noah
- Original Message -
From: John W. Holmes [EMAIL PROTECTED]
To: 'CF High' [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, March 11, 2003 4:06 AM
Subject: RE: [PHP] md5 encrypt problem
Hey all.
Having a wee bit o' trouble with a simple md5 script:
for ($x=1 ; $x 62 ; $x++) {
$mypass = sports . $x;
$mypass = md5($mypass);
dbConnect(UPDATE user_login SET password = '$mypass' WHERE school_id
= $x);
}
For some reason, when I attempt to login with my md5'd
Hey all,
I'm using the following code to save an MD5 password into a database along
with an unencrypted username and email address:
$insertSQL = sprintf(INSERT INTO penpals (email, password, username) VALUES
(%s, MD5(%s), %s),
All seems to have worked well, the password is encrypted and so
= mysql_query($query) or die(mysql_error());
rick
People will forget what you said. People will forget what you did.
But people will never forget how you made them feel.
- Original Message -
From: Vernon [EMAIL PROTECTED]
To:
Sent: Monday, February 17, 2003 10:16 AM
Subject: [PHP] MD5 login troubles
I'm thinking that the MD5 function more than likely encrypts a password to
store into a database, and when you log in using the MD5 function it will
simply encrypt the value being passed along again the same way. Now I'm
wondering what happens when I user has lost there password and needs to
On Mon, 17 Feb 2003, Vernon wrote:
I'm thinking that the MD5 function more than likely encrypts a password to
store into a database, and when you log in using the MD5 function it will
simply encrypt the value being passed along again the same way. Now I'm
wondering what happens when I user has
No, it's not reversable. When a user loses their password, you must
generate a new one. To stop malicious users from requesting a new
password for a user they dislike with a program (and stopping the user
from logging in, since their password keeps changing), a link with a
random code is
For what ever reason I cannot seem to get a user to login using MD5. The
user creates the password on log and it works fine, password encrypted and
all. I test to see if the process is working ok on creation by using the
UPDATE penpals SET password = MD5(password)
and the encrypted passwords
on 18/02/03 6:42 AM, Vernon ([EMAIL PROTECTED]) wrote:
When the user goes to login into the page though I have the encrypted
password echo to the page and they match except a 52 on the end of it which
I am assuming is a space or something being picked up on submit or
something. I recall there
on 18/02/03 3:59 AM, Vernon ([EMAIL PROTECTED]) wrote:
I'm thinking that the MD5 function more than likely encrypts a password to
store into a database, and when you log in using the MD5 function it will
simply encrypt the value being passed along again the same way. Now I'm
wondering what
If you do a password reset system please remember not to reset the
password before they confirm who they are.
This means instead of having them entering their login and email address
and immediatly resetting their password send the account owner an e-mail
with a link that will reset their
Very true -- forgot to mention that step :)
Thanks for the reminder!!
Justin
on 18/02/03 12:49 PM, Jason Sheets ([EMAIL PROTECTED]) wrote:
If you do a password reset system please remember not to reset the
password before they confirm who they are.
This means instead of having them
On Tuesday 18 February 2003 01:03, Greg Donald wrote:
md5 is one-way encryption. I use a password 'hint' field in conjunction
with md5.
It is not an encryption at all -- it's a hash. Encryption implies a
corresponding decryption, so a one-way encryption is either useless or an
oxymoron.
--
I don't want to store my users passwords in the db as clear text so I know I
can use md5(). But, what do I do when a user has forgotten his/her password
and I need to send it to them? Can I reverse md5()?
Thanks,
Eddie
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
You reset the password to something new... either manually (a person) or
with a self-help script.
md5 is one way encryption.
Justin
on 24/12/02 12:38 AM, Edward Peloke ([EMAIL PROTECTED]) wrote:
I don't want to store my users passwords in the db as clear text so I know I
can use md5().
Edward Peloke wrote:
I don't want to store my users passwords in the db as clear text so I know I
can use md5(). But, what do I do when a user has forgotten his/her password
and I need to send it to them? Can I reverse md5()?
No. You send them a new password. Ideally, the only person who
On Monday 23 December 2002 14:38, Edward Peloke wrote:
[...] Can I reverse md5()?
No. You could only send the user a new password wich must be activated.
johannes
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Thanks Johannes and Chris! That is what I will do.
Eddie
-Original Message-
From: Johannes Schlueter [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 23, 2002 8:36 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [PHP] md5()
On Monday 23 December 2002 14:38, Edward Peloke
On Friday 06 December 2002 15:41, conbud wrote:
Hey. Is there a way to get the actual word/phrase from the long string that
the md5 hash creates. Lets say, is there a way find out what
b9f6f788d4a1f33a53b2de5d20c338ac
stands for in actuall words ?
Consider this, md5() takes (practically) any
Hey. Is there a way to get the actual word/phrase from the long string that
the md5 hash creates. Lets say, is there a way find out what
b9f6f788d4a1f33a53b2de5d20c338ac
stands for in actuall words ?
Lee
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
On Fri, 6 Dec 2002, conbud wrote:
Hey. Is there a way to get the actual word/phrase from the long string that
the md5 hash creates. Lets say, is there a way find out what
b9f6f788d4a1f33a53b2de5d20c338ac
stands for in actuall words ?
In all cases, an md5sum string means, You've got better
I have login = sysdata and
password = sysdata on md5 function
How to select md5 function
mysql select COUNT(*) AS result from User where login = sysdata and
password = md5(sysdata);
+---+
| result |
+---+
| 0 |
+---+
1 row in set (0.00 sec)
I wanna the result display
Show us the output of:
select login, password from user where login='sysdata';
My guess is that the password is not 1b1c2457d12dd976d4cfa556ac6661f6
- the md5 of sysdata.
Chris
Reymond wrote:
I have login = sysdata and
password = sysdata on md5 function
How to select md5 function
password's field int(20) ..??
-Original Message-
From: Chris Shiflett [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 15, 2002 11:17 AM
To: Reymond
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] md5() ...
Show us the output of:
select login, password from user where login='sysdata';
My guess
Upss sorry...
My password's field Varchar(20)
...
-Original Message-
From: Chris Shiflett [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 15, 2002 11:17 AM
To: Reymond
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] md5() ...
Show us the output of:
select login, password from user where
Yeah, that's a little short for md5, plus you want to allow alphabetic
characters, too.
Try varchar(32).
Happy hacking.
Chris
Reymond wrote:
This is output...
select login, password from User where login = 'sysdata';
+-+--+
| login | password |
Thank you...
I got it...
:)
-Original Message-
From: Chris Shiflett [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 15, 2002 11:44 AM
To: Reymond
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] md5() ...
Yeah, that's a little short for md5, plus you want to allow alphabetic
characters
On Wed, 14 Aug 2002, Robert Parker wrote:
-On Tuesday 13 August 2002 10:57 am, you wrote:
- MD5 encryption of passwords is secure since you do not need to decrypt the
- password ever (in fact you can't). You just encrypt the password that the
- user entered and check if the MD5 of each password
Hi,
I'm trying to rewrite a perl finction to php. The function uses Digest::MD5.
PHP md5() returns a 32 char hex number. The perl Digest::MD5 function
returns a 16 char (ascii??) string. Can I also get this from PHP? If so
how do I do that?
My ultimate goal is to have compatible PHP/Perl
On Sun, 16 Jun 2002, Danny Kruitbosch wrote:
-Hi,
-
-I'm trying to rewrite a perl finction to php. The function uses Digest::MD5.
-
-PHP md5() returns a 32 char hex number. The perl Digest::MD5 function
-returns a 16 char (ascii??) string. Can I also get this from PHP? If so
-how do I do
Does anyone have a crypt() function that can use the $apr1$ prefixed
salt that apache's htpasswd uses?
David
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
The PHP one supports that if your OS does.
On Thu, 14 Mar 2002, David Ford wrote:
Does anyone have a crypt() function that can use the $apr1$ prefixed
salt that apache's htpasswd uses?
David
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
On the same box, php is generating $1$ md5 hashes properly, two char and
$apr1$ hashes as DES. The htpassword is generating $apr1$ hashes.
Where is the gadget that needs fixed?
David
Rasmus Lerdorf wrote:
The PHP one supports that if your OS does.
On Thu, 14 Mar 2002, David Ford wrote:
Ah, PHP doesn't understand $apr1$ to be an md5 salt. Not quite sure why
Apache's htpasswd uses that salt instead of the standard $1$
On Thu, 14 Mar 2002, David Ford wrote:
On the same box, php is generating $1$ md5 hashes properly, two char and
$apr1$ hashes as DES. The htpassword is
~]$ php testmd5.php
X-Powered-By: PHP/4.0.3pl1
Content-type: text/html
6f1ed002ab5595859014ebf0951522d9
[mavrekh ~]$ cat testmd5.php
?=md5(blah)?
I've tried it without the quotes too, or with single quotes. I wonder if
this is something that can be configured at compile time ?
I'm using PHP/4.0.3pl1
md5() appears to return a different value from Linux's md5sum
command:
[mavrekh ~]$ echo blah | md5sum
0d599f0ec05c3bda8c3b8a68c32a1b47 -
[mavrekh ~]$ php testmd5.php
X-Powered-By: PHP/4.0.3pl1
Content-type: text/html
6f1ed002ab5595859014ebf0951522d9
[mavrekh ~]$ cat testmd5.php
?=md5(blah
Is there away to take a md5 encrypted password and decrypt it and give that to the
client, if they
fogot their password.
=
dan mccullough
Theres no such thing as a problem unless the servers are on fire!
On Wed, 5 Dec 2001, Dan McCullough wrote:
-Is there away to take a md5 encrypted password and decrypt it and give that to the
client, if they
-fogot their password.
No.
-
-=
-dan mccullough
-
-Theres no such thing as a problem unless
, 2001 2:21 PM
Subject: [PHP] md5 decrypt
Is there away to take a md5 encrypted password and decrypt it and give
that to the client, if they
fogot their password.
=
dan mccullough
Theres no such thing as a problem unless
Dan McCullough [EMAIL PROTECTED] wrote:
Is there away to take a md5 encrypted password and decrypt it and give
that to the client, if they
fogot their password.
Short answer is no, long answer below. I just answered this on another list
10 minutes ago so I'm pasting in part of my reply
Is mysql's PASSWORD() function secure for storing passwords?
Or should I use one of PHP's md5() or uniqid(), or even md5(uniqid()) ???
. Christian Dechery (lemming)
. http://www.tanamesa.com.br
. Gaita-L Owner / Web Developer
--
PHP General Mailing List
Hello,
excuse my ignorance on that field, but if I use md5 in a java server page
(jsp), can I decrypt it
in php ? Is the implemantation of md5 the same on both language ?
py
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional
excuse my ignorance on that field, but if I use md5 in a java server page
(jsp), can I decrypt it
in php ? Is the implemantation of md5 the same on both language ?
Sure, but you don't decrypt md5. You md5 again and compare the two md5's
-Rasmus
--
PHP General Mailing List
Subject: Re: [PHP] md5 on different platform
excuse my ignorance on that field, but if I use md5 in a java server
page
(jsp), can I decrypt it
in php ? Is the implemantation of md5 the same on both language ?
Well . . . the implementations *should* produce the same result, but md5
Yeah, I'm getting 2 and 0. Lame. What's the answer to this.
Go back to your PHP source directory and start digging through config.log
and config.cache or even re-run the configure to see what's going on with
various crypt libraries.
If you installed them in a non-standard place, maybe PHP
This is all better now.
I compiled with libmcrypt and php-4.0.6 at the same time, so I'm not sure
exactly which caused the fix, but it works now. Also, the perl module I
was using seemed to generate apache stype md5 hash, which is another
reason why authenticating with postgres and md5 hashes
I'd like to use php to do what I'm able to do in perl.
use String::Random;
use Crypt::PasswdMD5;
$foo = new String::Random;
$rand = $foo-randpattern(ss);
print Type in your password: ;
$password = STDIN;
$hash = unix_md5_crypt($password,$rand);
$salt = substr($hash,3,2);
print SUBSTR:
not sure if you've gotten any help on this yet. perhaps test the
CRYPT_SALT_LENGTH and CRYPT_MD5 constants to make sure that your system
and compiled php support md5 via crypt(). also, what salts did you try?
note the comments at the bottom of
http://php.net/manual/en/function.crypt.php about
Well, I'm assuming, perhaps incorrectly that the perl modules I used
derived its md5 capabilities from the system. I did see all the comments
on the crypt() page and basically copied each one. When passing a md5
looking salt, crypt() doesn't seem to do anything special with it and my
salt
On Tue, 17 Jul 2001, tc lewis wrote:
try:
php echo(CRYPT_SALT_LENGTH); ?
php echo(CRYPT_MD5); ?
or:
php echo constant(CRYPT_SALT_LENGTH); ?
php echo constant(CRYPT_MD5); ?
you should get output of 12 and 1 (not 2 and 0) if md5 is supported in
crypt(), i think.
you compiled php on
On Tue, 17 Jul 2001, tc lewis wrote:
try:
php echo(CRYPT_SALT_LENGTH); ?
php echo(CRYPT_MD5); ?
or:
php echo constant(CRYPT_SALT_LENGTH); ?
php echo constant(CRYPT_MD5); ?
you should get output of 12 and 1 (not 2 and 0) if md5 is supported in
crypt(), i think.
Yeah, I'm getting 2 and
On Tue, 17 Jul 2001, Jeremy Hansen wrote:
On Tue, 17 Jul 2001, tc lewis wrote:
try:
php echo(CRYPT_SALT_LENGTH); ?
php echo(CRYPT_MD5); ?
or:
php echo constant(CRYPT_SALT_LENGTH); ?
php echo constant(CRYPT_MD5); ?
you should get output of 12 and 1 (not 2 and 0) if md5 is
On Tue, 17 Jul 2001, tc lewis wrote:
On Tue, 17 Jul 2001, Jeremy Hansen wrote:
On Tue, 17 Jul 2001, tc lewis wrote:
try:
php echo(CRYPT_SALT_LENGTH); ?
php echo(CRYPT_MD5); ?
or:
php echo constant(CRYPT_SALT_LENGTH); ?
php echo constant(CRYPT_MD5); ?
you should get
On Fri, 4 May 2001, Thimo von Rauchhaupt wrote:
Hi there assume that I had a password field in md5 format like this
$1$uJ8d$jJKOHnfh^79824/.
how do i compare an input password to the password that I sore in database
so it can return right or wrong password
Just compare the md5
Get Input password into $pwd
Get hashed password from db into $hashed_pwd
do compare like:
if (md5($pwd) == $hashed_pwd) { // good! }
Yamin Prabudy [EMAIL PROTECTED] wrote in message
004901c0d462$ff394240$[EMAIL PROTECTED]">news:004901c0d462$ff394240$[EMAIL PROTECTED]...
Hi there assume that I
Hi there assume that I had a password field in md5 format like this
$1$uJ8d$jJKOHnfh^79824/.
how do i compare an input password to the password that I sore in database
so it can return right or wrong password
Just compare the md5 hashed password with the md5 hashed string from the
database.
Hi there assume that I had a password field in md5 format like this
$1$uJ8d$jJKOHnfh^79824/.
how do i compare an input password to the password that I sore in database
so it can return right or wrong password
thanks
Yamin Prabudy
--
PHP General Mailing List (http://www.php.net/)
To
Hello,
What is the best way to encrypt/decrypt strings when passing between php
pages?
I am using md5 and currently get strings that produce "unprintable"
characters
or characters like slashes or other things that could interfere with the
passing
between php pages. (e.g.
Dan Harrington wrote:
What is the best way to encrypt/decrypt strings when passing between
php pages?
If your encryption is meant to be anything near secure, there is only
one way:
DON'T
GET or POST-Parameters are for user-input. Handing information over to
the client and taking it back
GET or POST-Parameters are for user-input. Handing information over to the
client and taking it back later is a potential security leak. If you have
no means of revalidating the information after it crossed the so called
trust boundary, you should't do it.
Send a handler, some random and
If your encryption is meant to be anything near secure, there is only
one way:
DON'T
Well, this is true. I kinda just want to be able to pass things back and
forth without
giving the average user the ability to even have a clue as to what I am
doing. If
they can't see, they will have less
101 - 177 of 177 matches
Mail list logo