stackoom
  简体   繁体   中英

Query MySql database with md5 passwords

 原文  2013-08-17 09:34:19       php/ mysql/ connection

Question

So I have in the database mysql.user the users stored with password encryption method(it is by default from what I know) and my database.users which have the login credentials user and password(password is encrypted with md5). The problem is that I want to encrypt the inserted passwords(from form) using md5 with the user being able to query the database.

These are the login credentials as extracted from $_POST method of the form and made them as session for easy use on connection: 

$_SESSION['utilizator']=$utilizator; //user
$_SESSION['parola']=md5($parola); //password

And this is the DB connection included in every file where I need to query the database: 

$link = mysqli_connect('localhost', $_SESSION['utilizator'], $_SESSION['parola']);
if(!$link){
    die('Unable to connect to the database: ' . mysqli_error($link));
}

3 answers

solution1
 2 ACCPTED  2013-08-17 09:44:34

Try not to use md5 cause it is not safe anymore. Why are you connecting to the database with user credentials? You should have a password and user, specific for that and use it everywhere you need a DB connection and allow a user to alter the DB only if he passes your login (what you are doing is not safe), in other words those user credentials are for the DB and DB only, and only known by you. After doing this you can save in a table user related stuff: pass and username encrypted how you want them, make a login that checks the encrypted pass and the DB pass if that is ok then make the queries.

EDIT:

Since you wnat to store the pass in a cookie or session this method will help since you can simply store the encrypted password and check if it is the same as the one in your DB.

solution2
 2  2013-08-17 09:46:12

i would advise you to trim ans sanitize the username and password before storing them in the session. As for the mysqli_connect it takes 4 arguments 

<?php $link = mysqli_connect("myhost","myuser","mypassword","mydatabase") or die("Error " .     mysqli_error($link));?>

Look at the examples on the php page for mysql-_connect . Another thing that i have noticed with your code, why does the user have to login into the database? The database user and the app user have to be different for security reasons.

solution3
 1  2013-08-17 09:40:09

MySQL does not use md5 to store user passwords (at least by default). It uses the MySQL PASSWORD() function. If you use the password without running it through md5() it should work. 

$_SESSION['parola']=$parola; //password

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Not matching md5 passwords How do I create and store md5 passwords in mysql Is is possible to decrypt MD5 passwords? SQL Update of MD5 Passwords Insert md5 hash into mysql database Importing MD5+Salt Passwords to MD5 How to transfer wordpress mysql md5 user passwords field into another mysql table PHP MD5 Vs MySQL md5 Display MD5 hashed passwords as asterisked text Php md5 Passwords on C# Client
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM