md5 question

I am having problems with using md5 with a password.

I am able to set the password with the md5 coverting what I type into say..
"a87ff679a2f3e71"

I'm writing to the db with the password and the condition by using

-------- pword=md5('$ud_pword')

I am having a problem reading the value from the db after it's set. I use a
form that wants an id and the password to load the record for editing, when
I type "a87ff679a2f3e71" into the form It loads, when I type the password
that I typed in the form that made coverted to "a87ff679a2f3e71" it
doesn't work.

So the password is entered, saved in the db as "a87ff679a2f3e71"

and now I want to relogin with the standard password, without having to type
"a87ff679a2f3e71"


I'm attempting to read the password in my query as follows.

$query="SELECT * FROM contacts WHERE (notid=$serid) and
pword=md5('$serpass')";


*** I altered this query so much, that I'm not sure what I have tired and
not tried, as always I appreciate your efforts and assistance on my many
questions.

Thanks! in advance,

The md5 algorithm generates a 32 characters hash. Make sure your
database field can contain those 32 characters, otherwise, it will be
truncated.

entoone wrote:
> I am having problems with using md5 with a password.
>
> I am able to set the password with the md5 coverting what I type into say..
> "a87ff679a2f3e71"
>
> I'm writing to the db with the password and the condition by using
>
> -------- pword=md5('$ud_pword')
>
> I am having a problem reading the value from the db after it's set. I use a
> form that wants an id and the password to load the record for editing, when
> I type "a87ff679a2f3e71" into the form It loads, when I type the password
> that I typed in the form that made coverted to "a87ff679a2f3e71" it
> doesn't work.
>
> So the password is entered, saved in the db as "a87ff679a2f3e71"
>
> and now I want to relogin with the standard password, without having to type
> "a87ff679a2f3e71"
>
>
> I'm attempting to read the password in my query as follows.
>
> $query="SELECT * FROM contacts WHERE (notid=$serid) and
> pword=md5('$serpass')";
>
>
> *** I altered this query so much, that I'm not sure what I have tired and
> not tried, as always I appreciate your efforts and assistance on my many
> questions.
>
> Thanks! in advance,
>
>
>
>

entoone wrote:

> I am having problems with using md5 with a password.
>
> I am able to set the password with the md5 coverting what I type into say..
> "a87ff679a2f3e71"

This doesn't seem to be long enough for a MySQL MD5 - it should be 32
hex characters. Check that the field is long enough.

MK.

--
MeerKat

I did adjust the field from 15 to 32, and then I edited my coding again and
it seemed to work.

I did have to login, change my password, for testing purposes just to the
single character of "4", which made my password the super long string of
characters. I then attempted to re-login in using the 4 as the password and
it let me in.

I did another test with an account that had a password of say "cat", but
when I typed in cat into the password box, it didn't log me in, since I
think it wants all passwords that are currently in the db to be in this
"hash" format right?

1. Do I need to covert the other account passwords? or ??
2. I have an option on the page after you login to allow password changes,
when you see the password it's the
scrambled "hash" version, and not the "4" how can they see their password as
they would understand and not the other version?

Thanks again

"Louis-Philippe Huberdeau" <lphuberdeau@sympatico.ca> wrote in message
news:el%Za.6498$Z03.341723@news20.bellglobal.com.. .
> The md5 algorithm generates a 32 characters hash. Make sure your
> database field can contain those 32 characters, otherwise, it will be
> truncated.
>
> entoone wrote:
> > I am having problems with using md5 with a password.
> >
> > I am able to set the password with the md5 coverting what I type into
say..
> > "a87ff679a2f3e71"
> >
> > I'm writing to the db with the password and the condition by using
> >
> > -------- pword=md5('$ud_pword')
> >
> > I am having a problem reading the value from the db after it's set. I
use a
> > form that wants an id and the password to load the record for editing,
when
> > I type "a87ff679a2f3e71" into the form It loads, when I type the
password
> > that I typed in the form that made coverted to "a87ff679a2f3e71" it
> > doesn't work.
> >
> > So the password is entered, saved in the db as "a87ff679a2f3e71"
> >
> > and now I want to relogin with the standard password, without having to
type
> > "a87ff679a2f3e71"
> >
> >
> > I'm attempting to read the password in my query as follows.
> >
> > $query="SELECT * FROM contacts WHERE (notid=$serid) and
> > pword=md5('$serpass')";
> >
> >
> > *** I altered this query so much, that I'm not sure what I have tired
and
> > not tried, as always I appreciate your efforts and assistance on my many
> > questions.
> >
> > Thanks! in advance,
> >
> >
> >
> >
>

With total disregard for any kind of safety measures "entoone"
<entoone@pacbell.net> leapt forth and uttered:

> $query="SELECT * FROM contacts4 WHERE (notid=$serid) and
> (pword='$serpass')";
>

$query="SELECT * FROM contacts4 WHERE notid=$serid and pword=MD5('$serpass')";


--
There is no signature.....

Very good Phil! that works... Thanks for your time.

I am able to read the value from the db now, without having to use clear
text! -- Bravo!

Now onto a script to be able to change the passwords.

"Phil Roberts" <philrob@HOLYflatnetSHIT.net> wrote in message
news:Xns93D5EAA07F429philroberts@216.196.97.132...
> With total disregard for any kind of safety measures "entoone"
> <entoone@pacbell.net> leapt forth and uttered:
>
> > $query="SELECT * FROM contacts4 WHERE (notid=$serid) and
> > (pword='$serpass')";
> >
>
> $query="SELECT * FROM contacts4 WHERE notid=$serid and
pword=MD5('$serpass')";
>
>
> --
> There is no signature.....