2. PHPRunner General questions
  3. [SOLVED]  MD5 Encryption
This topic is locked
[SOLVED]

 MD5 Encryption

 		10/10/2005 9:00:09 AM
PHPRunner General questions
J
 jeremy2011 author

Hello,
I'm using PHPRunner 2.0 with Login/password access activated.
I would like to encrypt my user password database with MD5. But I don't manage to modify the PHPRunner source. I know that I have to modify login.php and probably remind.php.
I saw a topic on this forum, but it doesn't help.
Is there someone able to help me ?
Thanks,
Jeremy
Admin 10/11/2005

Jeremy,
you won't be able to use Remind password function if you encrypt passwords.
You should modify login.php, register.php and changepwd.php files.

Here are the modifications, please see my changes in bold:
login.php

  $strSQL = "select * from ".AddTableWrappers($cLoginTable)." where ".AddFieldWrappers($cUserNameField).

  "=".$strUsername." and ".AddFieldWrappers($cPasswordField).

  "=MD5(".$strPassword.")";


register.php Replace "Password" with your actual password field name

  $fields.=",".AddFieldWrappers("Password");

  $values.=",MD5(".$dbval.")";


changepwd.php

  $strSQL= "update ".AddTableWrappers($cLoginTable)." set ".AddFieldWrappers($cPasswordField)."=MD5(".$passvalue.")".$sWhere;
J
 		jeremy2011 author 10/12/2005

thanks for your help, it's working very well.
Why is it not going to work in remind.php ? If I include MD5() in the message build :
$message.="Password: "MD5(.$data[1].)"\r\n";
or something like that ?
prleo1 10/12/2005

If I am correct, MD5 cannot be reversed once it is encrypted; it can only be compared to another value to see if it matches.
O
 		omegix 10/21/2005

For some reason this is working except for the changepwd.php page.

This is what was suggested:

changepwd.php

  $strSQL= "update ".AddTableWrappers($cLoginTable)." set ".AddFieldWrappers($cPasswordField)."=MD5(".$passvalue.")".$sWhere;


And this is a copy\paste from my file:

if($_POST["opass"] == $row[$cPasswordField])

  {

    $strSQL= "update ".AddTableWrappers($cLoginTable)." set

    ".AddFieldWrappers($cPasswordField)."=MD5(".$passvalue.")".$sWhere;

    db_exec($strSQL,$conn);

    $changed = true;

  }


My login and register pages are fine.

Is this working for everyone else?
500334 10/21/2005

Not sure if this is related, but I just spent half a day trying to get MD5 to work on an older site where I had used another database.
I finally uploaded ALL the files (not just the changed ones) and that solved the problem.
Russ
O
 		omegix 10/24/2005

I tired this, but still not working. thanks for the tip anyway <img src='https://asprunner.com/forums/file.php?topicimage=1&fieldname=reply&id=6483&image=1&table=forumreplies' class='bbc_emoticon' alt=':)' />
If the MD5 is working on the "change password" page for everyone else, then I'll know whether the problem is just on my machine. Has anyone else gotten this to work?
Admin 10/25/2005

Hi,
this is working fragment of code you can use in changepwd.php file.

It will be included into the next PHPRunner release.

if (@$_POST["btnSubmit"] == "Submit")

{

$conn=db_connect();

$rstemp=db_query("select * from ".AddTableWrappers($cLoginTable)." where 1=0",$conn);
$opass = $_POST["opass"];

$newpass = $_POST["newpass"];

$opass = md5($opass);

$newpass = md5($newpass);



$value = @$_SESSION["UserID"];

if(NeedQuotes(db_fieldtype($rstemp,$cUserNameField)))

 $value="'".$value."'";

$passvalue = $newpass;

if(NeedQuotes(db_fieldtype($rstemp,$cPasswordField)))

 $passvalue="'".$passvalue."'";
if($newpass!=$opass)

{

   $sWhere = " where ".AddFieldWrappers($cUserNameField)."=".$value;

 $strSQL = "select * from ".AddTableWrappers($cLoginTable).$sWhere;

 $rstemp=db_query($strSQL,$conn);
 if($row=db_fetch_array($rstemp))

 {

 if($opass == $row[$cPasswordField])

 {

   $strSQL= "update ".AddTableWrappers($cLoginTable)." set ".AddFieldWrappers($cPasswordField)."=".$passvalue.$sWhere;

   db_exec($strSQL,$conn);

   $changed = true;

 }

 else

   $strMessage = "Invalid password";

 }

}

}

else

$_SESSION["BackURL"] = @$_SERVER["HTTP_REFERER"];

?>