[SOLVED] MD5 Encryption

This topic is locked

[SOLVED] Â MD5 Encryption		10/10/2005 09:00:09
PHPRunner General questions
J jeremy2011 author Hello, I'm using PHPRunner 2.0 with Login/password access activated. I would like to encrypt my user password database with MD5. But I don't manage to modify the PHPRunner source. I know that I have to modify login.php and probably remind.php. I saw a topic on this forum, but it doesn't help. Is there someone able to help me ? Thanks, Jeremy

Mark as Solved Mark as not solved

7 replies


	Sergey Kornilov admin 10/11/2005
	Jeremy, you won't be able to use Remind password function if you encrypt passwords. You should modify login.php, register.php and changepwd.php files. Here are the modifications, please see my changes in bold: login.php $strSQL = "select * from ".AddTableWrappers($cLoginTable)." where ".AddFieldWrappers($cUserNameField). "=".$strUsername." and ".AddFieldWrappers($cPasswordField). "=MD5(".$strPassword.")"; register.php Replace "Password" with your actual password field name $fields.=",".AddFieldWrappers("Password"); $values.=",MD5(".$dbval.")"; changepwd.php $strSQL= "update ".AddTableWrappers($cLoginTable)." set ".AddFieldWrappers($cPasswordField)."=MD5(".$passvalue.")".$sWhere;


J	jeremy2011 author 10/12/2005
	thanks for your help, it's working very well. Why is it not going to work in remind.php ? If I include MD5() in the message build : $message.="Password: "MD5(.$data[1].)"\r\n"; or something like that ?


	prleo1 10/12/2005
	If I am correct, MD5 cannot be reversed once it is encrypted; it can only be compared to another value to see if it matches.


O	omegix 10/21/2005
	For some reason this is working except for the changepwd.php page. This is what was suggested: changepwd.php $strSQL= "update ".AddTableWrappers($cLoginTable)." set ".AddFieldWrappers($cPasswordField)."=MD5(".$passvalue.")".$sWhere; And this is a copy\paste from my file: if($_POST["opass"] == $row[$cPasswordField]) { $strSQL= "update ".AddTableWrappers($cLoginTable)." set ".AddFieldWrappers($cPasswordField)."=MD5(".$passvalue.")".$sWhere; db_exec($strSQL,$conn); $changed = true; } My login and register pages are fine. Is this working for everyone else?


	500334 10/21/2005
	Not sure if this is related, but I just spent half a day trying to get MD5 to work on an older site where I had used another database. I finally uploaded ALL the files (not just the changed ones) and that solved the problem. Russ


O	omegix 10/24/2005
	I tired this, but still not working. thanks for the tip anyway <img src='https://asprunner.com/forums/file.php?topicimage=1&fieldname=reply&id=6483&image=1&table=forumreplies' class='bbc_emoticon' alt=':)' /> If the MD5 is working on the "change password" page for everyone else, then I'll know whether the problem is just on my machine. Has anyone else gotten this to work?


	Sergey Kornilov admin 10/25/2005
	Hi, this is working fragment of code you can use in changepwd.php file. It will be included into the next PHPRunner release. if (@$_POST["btnSubmit"] == "Submit") { $conn=db_connect(); $rstemp=db_query("select * from ".AddTableWrappers($cLoginTable)." where 1=0",$conn); $opass = $_POST["opass"]; $newpass = $_POST["newpass"]; $opass = md5($opass); $newpass = md5($newpass); $value = @$_SESSION["UserID"]; if(NeedQuotes(db_fieldtype($rstemp,$cUserNameField))) $value="'".$value."'"; $passvalue = $newpass; if(NeedQuotes(db_fieldtype($rstemp,$cPasswordField))) $passvalue="'".$passvalue."'"; if($newpass!=$opass) { $sWhere = " where ".AddFieldWrappers($cUserNameField)."=".$value; $strSQL = "select * from ".AddTableWrappers($cLoginTable).$sWhere; $rstemp=db_query($strSQL,$conn); if($row=db_fetch_array($rstemp)) { if($opass == $row[$cPasswordField]) { $strSQL= "update ".AddTableWrappers($cLoginTable)." set ".AddFieldWrappers($cPasswordField)."=".$passvalue.$sWhere; db_exec($strSQL,$conn); $changed = true; } else $strMessage = "Invalid password"; } } } else $_SESSION["BackURL"] = @$_SERVER["HTTP_REFERER"]; ?>

7 replies

Mark as Solved Reply