?
Solved

Encrypted but not able to decrypt password in php MYSQL

Posted on 2010-11-26
6
Medium Priority
?
791 Views
Last Modified: 2013-12-12
I run a script to encrypt the password table in mysql database (Script attached) and I have not been able to logon. I guess I need a php decrypt script which I don't have. Also where do I run the script? is it in my login page or as a standalone php script.
Please I need help. Thanks
encrypt.txt
0
Comment
Question by:omojesu
6 Comments
 
LVL 39

Accepted Solution

by:
Aaron Tomosky earned 668 total points
ID: 34218942
When you try to login, encrypt the password you typed in and see I that matches the db field. Also, never run this script again as it will double encrypt your passwords. You should be encrypting each password as a user is created. This was a utility script to convert a big table of passwords to their encrypted versions and can never be run again.
0
 
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 668 total points
ID: 34219237
That is a really scary script.  Back up your data base before you ever run anything like that - it directly mungs the data!

It looks like what you will need to do now is use the md5() function to convert the client-input password into a 32-character string.  Then you should be able to compare the resulting string to the password field in the data base.

When you register a new user, the code will look something like this...

$coded_password = md5($_POST["clear_text_password"]);
$sql = INSERT INTO myUserTable (password) values ( '$coded_password' )
0
 
LVL 39

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 668 total points
ID: 34219417
Much more eloquently spoken Ray. That's what I get for answering questions on my phone :)
0
Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

 
LVL 36

Assisted Solution

by:gr8gonzo
gr8gonzo earned 332 total points
ID: 34220160
A minor extra comment (not points-worthy):

Whenever you run administrative or maintenance scripts like this, I highly recommend that you do NOT make them web-accessible. A good rule to follow is that anything web-accessible could potentially be executed by accident. So if it would be a bad thing if someone unwittingly stumbled across the script, then put the script into a folder and use the PHP command line to run the script.

Case in point: I knew someone who had a "Live Bookmarks" type of system where their bookmarks were posted online. They bookmarked a "secret", unlinked page used for deploying some code changes to a production system. A search engine discovered the bookmark and proceeded to "index" all of the links, which resulted in all sorts of development code being sent into a live environment.

So always keep these types of scripts outside of any sort of web-accessible location and run them from the command line if you need to do it.
0
 
LVL 6

Assisted Solution

by:blueghozt
blueghozt earned 332 total points
ID: 34326755
md5 encryption is really meant to be one-way - it is considered vulnerable given the presence of resources like http://md5.rednoize.com/ which you can use to decrypt quite a lot of MD5 hashes - maybe use this if you need to find the plain string version of what you have stored in your db.
0
 
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 668 total points
ID: 34411859
http://md5.rednoize.com/about/

The vulnerability of md5() is more about the speed of attacking computers than the availability of rednoize.  Rednoize does not decrypt; it only does a data base lookup.  Still, it might contain some of the md5() strings for common words or passwords.
0

Featured Post

[Webinar] Improve your customer journey

A positive customer journey is important in attracting and retaining business. To improve this experience, you can use Google Maps APIs to increase checkout conversions, boost user engagement, and optimize order fulfillment. Learn how in this webinar presented by Dito.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we’ll look at how to deploy ProxySQL.
The title says it all. Writing any type of PHP Application or API code that provides high throughput, while under a heavy load, seems to be an arcane art form (Black Magic). This article aims to provide some general guidelines for producing this typ…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

592 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question