Solved

Encrypted but not able to decrypt password in php MYSQL

Posted on 2010-11-26
6
771 Views
Last Modified: 2013-12-12
I run a script to encrypt the password table in mysql database (Script attached) and I have not been able to logon. I guess I need a php decrypt script which I don't have. Also where do I run the script? is it in my login page or as a standalone php script.
Please I need help. Thanks
encrypt.txt
0
Comment
Question by:omojesu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 39

Accepted Solution

by:
Aaron Tomosky earned 167 total points
ID: 34218942
When you try to login, encrypt the password you typed in and see I that matches the db field. Also, never run this script again as it will double encrypt your passwords. You should be encrypting each password as a user is created. This was a utility script to convert a big table of passwords to their encrypted versions and can never be run again.
0
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 167 total points
ID: 34219237
That is a really scary script.  Back up your data base before you ever run anything like that - it directly mungs the data!

It looks like what you will need to do now is use the md5() function to convert the client-input password into a 32-character string.  Then you should be able to compare the resulting string to the password field in the data base.

When you register a new user, the code will look something like this...

$coded_password = md5($_POST["clear_text_password"]);
$sql = INSERT INTO myUserTable (password) values ( '$coded_password' )
0
 
LVL 39

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 167 total points
ID: 34219417
Much more eloquently spoken Ray. That's what I get for answering questions on my phone :)
0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 
LVL 35

Assisted Solution

by:gr8gonzo
gr8gonzo earned 83 total points
ID: 34220160
A minor extra comment (not points-worthy):

Whenever you run administrative or maintenance scripts like this, I highly recommend that you do NOT make them web-accessible. A good rule to follow is that anything web-accessible could potentially be executed by accident. So if it would be a bad thing if someone unwittingly stumbled across the script, then put the script into a folder and use the PHP command line to run the script.

Case in point: I knew someone who had a "Live Bookmarks" type of system where their bookmarks were posted online. They bookmarked a "secret", unlinked page used for deploying some code changes to a production system. A search engine discovered the bookmark and proceeded to "index" all of the links, which resulted in all sorts of development code being sent into a live environment.

So always keep these types of scripts outside of any sort of web-accessible location and run them from the command line if you need to do it.
0
 
LVL 6

Assisted Solution

by:blueghozt
blueghozt earned 83 total points
ID: 34326755
md5 encryption is really meant to be one-way - it is considered vulnerable given the presence of resources like http://md5.rednoize.com/ which you can use to decrypt quite a lot of MD5 hashes - maybe use this if you need to find the plain string version of what you have stored in your db.
0
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 167 total points
ID: 34411859
http://md5.rednoize.com/about/

The vulnerability of md5() is more about the speed of attacking computers than the availability of rednoize.  Rednoize does not decrypt; it only does a data base lookup.  Still, it might contain some of the md5() strings for common words or passwords.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
This post looks at MongoDB and MySQL, and covers high-level MongoDB strengths, weaknesses, features, and uses from the perspective of an SQL user.
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question