Encrypted but not able to decrypt password in php MYSQL

I run a script to encrypt the password table in mysql database (Script attached) and I have not been able to logon. I guess I need a php decrypt script which I don't have. Also where do I run the script? is it in my login page or as a standalone php script.
Please I need help. Thanks
encrypt.txt
omojesuAsked:
Who is Participating?
 
Aaron TomoskySD-WAN SimplifiedCommented:
When you try to login, encrypt the password you typed in and see I that matches the db field. Also, never run this script again as it will double encrypt your passwords. You should be encrypting each password as a user is created. This was a utility script to convert a big table of passwords to their encrypted versions and can never be run again.
0
 
Ray PaseurCommented:
That is a really scary script.  Back up your data base before you ever run anything like that - it directly mungs the data!

It looks like what you will need to do now is use the md5() function to convert the client-input password into a 32-character string.  Then you should be able to compare the resulting string to the password field in the data base.

When you register a new user, the code will look something like this...

$coded_password = md5($_POST["clear_text_password"]);
$sql = INSERT INTO myUserTable (password) values ( '$coded_password' )
0
 
Aaron TomoskySD-WAN SimplifiedCommented:
Much more eloquently spoken Ray. That's what I get for answering questions on my phone :)
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

 
gr8gonzoConsultantCommented:
A minor extra comment (not points-worthy):

Whenever you run administrative or maintenance scripts like this, I highly recommend that you do NOT make them web-accessible. A good rule to follow is that anything web-accessible could potentially be executed by accident. So if it would be a bad thing if someone unwittingly stumbled across the script, then put the script into a folder and use the PHP command line to run the script.

Case in point: I knew someone who had a "Live Bookmarks" type of system where their bookmarks were posted online. They bookmarked a "secret", unlinked page used for deploying some code changes to a production system. A search engine discovered the bookmark and proceeded to "index" all of the links, which resulted in all sorts of development code being sent into a live environment.

So always keep these types of scripts outside of any sort of web-accessible location and run them from the command line if you need to do it.
0
 
blueghoztCommented:
md5 encryption is really meant to be one-way - it is considered vulnerable given the presence of resources like http://md5.rednoize.com/ which you can use to decrypt quite a lot of MD5 hashes - maybe use this if you need to find the plain string version of what you have stored in your db.
0
 
Ray PaseurCommented:
http://md5.rednoize.com/about/

The vulnerability of md5() is more about the speed of attacking computers than the availability of rednoize.  Rednoize does not decrypt; it only does a data base lookup.  Still, it might contain some of the md5() strings for common words or passwords.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.