-1

I have made a login system.In the file that checks login, if login is correct then it redirect to the profile page with a get statement like:

http://yoursite.com/profile.php?username=md5(username)
here when in profile.php, i want to decode that md5(username) and show it as WELCOME username.
Any suggestions to decode md5() or any other way to display Welcome message.

Mrigank
  • 136
  • 1
  • 8

3 Answers3

3

MD5 is a One-Way Digest Algorithm

You can turn a cow into a burger, but you can't turn a burger into a cow.

The purpose of a digest algorithm is to create a 'hash' which can be compared to another 'hash' to check if the inputs are probably identical, without revealing the actual inputs. This is why hashes are regularly used in databases to store passwords, because someone with access to the database will not be able to work out the actual passwords.

If you want to make sure that your usernames and passwords are communicated securely, you should use SSL to create a secure connection between your website and your user. Your web server will take care of decryption automatically.

On a side note, do not use MD5 to hash passwords, it's an old and vulnerable algorithm. Check out PHP's password_hash function instead. If using PHP prior to 5.5, ircmaxell has ported this for you.

Glitch Desire
  • 14,632
  • 7
  • 43
  • 55
  • 2
    Lunch is good but I don't understand why we insist on duplicating content when answers to other specific questions are much better. This answer is a summary digest of much more in depth topics which should be learned. http://stackoverflow.com/questions/1240852/is-it-possible-to-decrypt-md5-hashes, http://stackoverflow.com/questions/4795385/how-do-you-use-bcrypt-for-hashing-passwords-in-php, http://stackoverflow.com/questions/549/the-definitive-guide-to-form-based-website-authentication/477578 – Mike B Oct 17 '13 at 12:10
  • @MikeB Totally agree, I just don't like leaving a question like this without a warning not to hash passwords in MD5. Successful delete votes are too uncommon. – Glitch Desire Oct 17 '13 at 12:31
  • +1 For the analogy ;-) – Dan Lugg Oct 31 '13 at 15:10
0

There's no way you can "decode" md5, as md5 is a one-way hashing algorithm, it means given an input it will generate an output. But if only given an output, you cannot deduce its input. Of course that's not the whole story, but md5 is not used for transferring data in such a way.

What you might want to do is some basic encryption algorithm or even just base64 encode if it's only a username. But you can probably just pass it in clear text and there's no security implications.

TheOnly92
  • 1,723
  • 2
  • 17
  • 25
-1

MD5 is one way! It cannot be decrypted. Why don't you store the username in the session:

$_SESSION['username'] = 'Adam' // Add username here.

Then in your welcome page you can retrieve it:

Welcome, <?php echo $_SESSION['username']; ?>!

You also need this as the top (before any this is outputted on the page) on any page that uses the session:

session_start();
Adam Rivers
  • 1,065
  • 7
  • 13