How do I encrypt this password with MD5 using PHP?

php mysql encryption login md5

14,529

You should be checking and querying the database for a match, not bringing the results down and checking them locally. With that said:

$password = md5($_POST['password']);

Then also change:

SELECT * FROM users WHERE username='$username' AND password='$password'

But I'd also have a look at using PDO instead of placing the values directly in a SQL query. At the very least you should be using mysql_real_escape_string to avoid injection attacks.

14,529

Author by

user1710563

Updated on November 22, 2022

Comments

user1710563 over 1 year

The code below is from a login script, written in PHP. The database that it checks passwords against encrypts the passwords using MD5 however when the login script checks against the database for a password, it is checking the raw password without encryption. I am familiar with the md5() function but how would I incorporate that into the following:

<?php
session_start();

$username = $_POST['username'];
$password = $_POST['password'];

if ($username && $password) {
    $connect = mysql_connect("host", "user", "password") or die("Couldn't connect");
    mysql_select_db("dbname") or die("Couldn't find the database");

    $query = mysql_query("SELECT * FROM users WHERE username='$username'");
    $numrows = mysql_num_rows($query);

    if ($numrows != 0) {
        while ($row = mysql_fetch_assoc($query)) {
            $dbusername = $row['username'];
            $dbpassword = $row['password'];
        }

        if ($username == $dbusername && $password == $dbpassword) {
            echo "You're in! Click <a href='../member.php'>here</a> to enter the member page.";
            $_SESSION['username'] = $username;
        }else{
            echo "Incorrect password";
        }
    }else{
        die("That username does not exist.");
    }
}else{
    die("Please enter a valid username and password.");
}
?>

Jeremy Roman over 11 years

Changing $password == $dbpassword to md5($password) == $dbpassword should work.
Zaffy over 11 years

Your code is vulnerable to famous SQL Injection.
user1710563 over 11 years

Still working on the mysql_escape_real_string() stuff as well
Brendan Long over 11 years

MD5 is nowhere near good enough for this purpose.
hakre over 11 years

Before touching mysql_escape_real_string, use mysli or PDO instead with prepared statements. No need to actually continue to learn mysql_* nowadays.

Explosion Pills over 11 years

I would also recommend not to use MD5 as it gives you practically no security. bcrypt or PBKDF2
Zaffy over 11 years

@ExplosionPills Right, or use salt. But better is something stronger with salt.
user2990791 over 10 years

<?php class password { // get a new hash for a password public function stringbreak ($postpassword) { $salt=sha1($postpassword); $arr= strlen($postpassword); $count=ceil($arr/2); $stringarr=str_split($postpassword,$count); $password1=hash("sha512", $stringarr['0']); $password2=$salt . ( hash( 'whirlpool', $salt . $stringarr['1'] ) ); return $password1.$password2; } } ?>