HELP - MySql Password Decrypt with PHP

xDario · 09-04-2009 01:07 PM

MD5 is a way of protecting your files.
Whats the point in encrypting if you can easily decrypt?

So how do you log your users in the first place?
If your register bungs the pass into the DB with md5-hash, all you need to do is take the pass from the user, and then encrypt and compare -

$pass = $_POST['password'];
$checkpass = md5($pass);
If ($checkpass == $sqlpassword)
{
Success!
}
else
{
Fail!
}

Yeah, live with my nooby coding. can't be bothered to take a look at my login / register, but im sure its similar to that.

aloycasmir · 09-04-2009 04:12 PM

You're exactly correct x d

If you can hack it , why call it security anyways :lol:

Btw nagas , you trying to hack into your own users' accounts or something ?

Nagas · 09-07-2009 09:48 PM

Nope.

I got a news sistem in the internet but before install it on my site
I decided to check it?s codes to search for vulnerabilities.

And then, I decided to check how does the SQL database process the info the
news sistem send to it and....BANG!

I saw that the damn sistem doesn?t encrypt the password.
So, if anyone could display the info from my database, he would get
my password easily.

Then, I decided to find a way to encrypt it.

That?s it.