Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Encrypted but not able to decrypt password in php MYSQL

Posted on 2010-11-26
6
Medium Priority
?
783 Views
Last Modified: 2013-12-12
I run a script to encrypt the password table in mysql database (Script attached) and I have not been able to logon. I guess I need a php decrypt script which I don't have. Also where do I run the script? is it in my login page or as a standalone php script.
Please I need help. Thanks
encrypt.txt
0
Comment
Question by:omojesu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 39

Accepted Solution

by:
Aaron Tomosky earned 668 total points
ID: 34218942
When you try to login, encrypt the password you typed in and see I that matches the db field. Also, never run this script again as it will double encrypt your passwords. You should be encrypting each password as a user is created. This was a utility script to convert a big table of passwords to their encrypted versions and can never be run again.
0
 
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 668 total points
ID: 34219237
That is a really scary script.  Back up your data base before you ever run anything like that - it directly mungs the data!

It looks like what you will need to do now is use the md5() function to convert the client-input password into a 32-character string.  Then you should be able to compare the resulting string to the password field in the data base.

When you register a new user, the code will look something like this...

$coded_password = md5($_POST["clear_text_password"]);
$sql = INSERT INTO myUserTable (password) values ( '$coded_password' )
0
 
LVL 39

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 668 total points
ID: 34219417
Much more eloquently spoken Ray. That's what I get for answering questions on my phone :)
0
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

 
LVL 35

Assisted Solution

by:gr8gonzo
gr8gonzo earned 332 total points
ID: 34220160
A minor extra comment (not points-worthy):

Whenever you run administrative or maintenance scripts like this, I highly recommend that you do NOT make them web-accessible. A good rule to follow is that anything web-accessible could potentially be executed by accident. So if it would be a bad thing if someone unwittingly stumbled across the script, then put the script into a folder and use the PHP command line to run the script.

Case in point: I knew someone who had a "Live Bookmarks" type of system where their bookmarks were posted online. They bookmarked a "secret", unlinked page used for deploying some code changes to a production system. A search engine discovered the bookmark and proceeded to "index" all of the links, which resulted in all sorts of development code being sent into a live environment.

So always keep these types of scripts outside of any sort of web-accessible location and run them from the command line if you need to do it.
0
 
LVL 6

Assisted Solution

by:blueghozt
blueghozt earned 332 total points
ID: 34326755
md5 encryption is really meant to be one-way - it is considered vulnerable given the presence of resources like http://md5.rednoize.com/ which you can use to decrypt quite a lot of MD5 hashes - maybe use this if you need to find the plain string version of what you have stored in your db.
0
 
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 668 total points
ID: 34411859
http://md5.rednoize.com/about/

The vulnerability of md5() is more about the speed of attacking computers than the availability of rednoize.  Rednoize does not decrypt; it only does a data base lookup.  Still, it might contain some of the md5() strings for common words or passwords.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this series, we will discuss common questions received as a database Solutions Engineer at Percona. In this role, we speak with a wide array of MySQL and MongoDB users responsible for both extremely large and complex environments to smaller singl…
By, Vadim Tkachenko. In this article we’ll look at ClickHouse on its one year anniversary.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question