0

Possible Duplicate:
md5 password with phpMailer

Hello everybody and thanks in advance for reading this. I have stored in my database in md5 format the password of an email account. Then when i send a notification email to the webmaster through phpMailer using the following code i get an stmp connection failed error. The same code without md5 encryption works perfectly.

  $mail = new PHPMailer(); 
  $mail->IsSMTP(); // send via SMTP
  $mail->SMTPAuth = true; // turn on SMTP authentication
  $mail->Username = $USR_EMAIL; // SMTP username
  $mail->Password = md5($MAIL_PWD); // SMTP password
  .
  .
  .

Anyone has any idea why wont send emails with an md5 password? Should i change something to class.phpMailer? Thank you for reading this

Community
  • 1
  • 1
user926652
  • 145
  • 2
  • 13
  • Why do you think hashing the password would work? Does your MTA's documentation explicitly say that a simple hash of the password would work? – sarnold Jun 19 '12 at 22:42

2 Answers2

2

It would appear that you're double-hashing the password. As you say, it's stored in the database in md5 format, and then you md5 it again, so you're in effect doing:

$passwd = 'hello';
$mail->Password = md5(md5($passwd));

Maybe

$mail->Password = $MAIL_PWD;

will work.

However, note that you mostly CAN'T send the md5 hash to the mail server and have it work. The server will then do its own hashing/crypting of the pasword text you send, and the md5 of a password is very much different from the actual password. You need to send over the REAL raw text of the password, not a hashed version.

Marc B
  • 356,200
  • 43
  • 426
  • 500
  • The idea was actually to unmd5 the password by doing md5($MAIL_PWD) but as i see that cant be done actually. I am just a little worried of having an email password not encrypted in a database. – user926652 Jun 19 '12 at 22:47
  • md5 is a one-way hash. consider it the equivalent of cow->hamburger. You can **NOT** turn the hamburger back into a cow. – Marc B Jun 19 '12 at 22:47
1

You say the password in your database is stored in MD5 format. If I then look at the flow you do now is:

Database (Password in MD5) -> PHP Code (Password convert to MD5) (Access SMTP)

At the point where you do: convert to MD5 you practically do this: md5(md5("password")). If I do that in my Terminal I get:

localhost:~ user$ md5 -s password
MD5 ("password") = 5f4dcc3b5aa765d61d8327deb882cf99
localhost:~ user$ md5 -s 696d29e0940a4957748fe3fc9efd22a3
MD5 ("5f4dcc3b5aa765d61d8327deb882cf99") = 696d29e0940a4957748fe3fc9efd22a3

If this is not your case, then maybe try to look into that Password method in the PHPMailer source if it already converts to MD5. Maybe it's setting in the Class/Object too to choose what hashing method to use?