1

I'm finding this a very difficult subject to find a definitive answer for! Hoping you guys can help...

I have the following code

<form action='test2.php?' name ='gen' method='post'>
Text to hash <input type='text' name='pass'><br />
         <input type='submit' value='Go!'>
</form>

<?php
$pass2=$_POST['pass'];
$pass=md5($pass2);
echo $pass;
?>

How would I add a SPECIFIC salt code to the end of the text that the user will input? For example, if the user input PETERPAN, I would like to input ;LivesForever as the salt, which would then obviously return a hash code.

Then I'd like to produce a url using BOTH the input text and the hashed code. This would just need to appear in a div below the input box.

So the url would look like this...

http://www.website.com/+USER_INPUT_VALUE+/randomfolder/+HASH_PRODUCED+

Obviously the produced url won't look exactly like that but you get the idea...

I'm struggling to find an answer to this!

thanks guys

AdamH
  • 141
  • 5
  • 16
  • 2
    May I first ask what you are going to use it for? If it is used for password-hashing, you should never communicate the generated hash to the user... Salting can be done by concatenating the string before hashing like so: `md5($pass2 . 'salt salt salt');` – RichardBernards Nov 18 '14 at 14:45
  • 2
    As a second comment... md5 is a really weak hashing algorithm... I have seen setups which can brute-force it within the hour for a 30-char string... – RichardBernards Nov 18 '14 at 14:47
  • @RichardBernards this is part of a small project I've been given for work training...I do absolutely appreciate and understand your concern though, and thanks for taking the time to reply :) – AdamH Nov 18 '14 at 14:56
  • @RichardBernards If I wanted to pass the url to the source of an iframe on the page, how would I achieve this? – AdamH Nov 18 '14 at 15:42
  • Please ignore that...I got it. Lol – AdamH Nov 18 '14 at 15:46
  • You can change either the comment, or reload the source of the iframe. Try reading http://stackoverflow.com/questions/8240101/set-content-of-iframe Just so you know... it would be nicer to do this via AJAX-calls and jQuery... But I dont know what the scope of your training is... – RichardBernards Nov 18 '14 at 15:46

3 Answers3

2

from what you describe:

$random = 'dolly'; // specific salt
$pass2 = $_POST['pass'] . $random; // add it to user input

$pass = md5($pass2); // md5() both

$url = 'http://www.website.com/'.$_POST['pass'].'/'.$random.'/'.$pass; // the url you need

echo $pass.'<br>'.$url;
andrew
  • 2,058
  • 2
  • 25
  • 33
  • If I wanted to pass the url to the source of an iframe on the page, how would I achieve this? – AdamH Nov 18 '14 at 15:41
  • It would really be interesting to know what the OP has in mind, but with this code you would find the original password in the URL. – martinstoeckli Nov 19 '14 at 09:02
  • 1
    @martinstoeckli yes.. what he asks is dangerous. It would be good to know what he wants to do and advice on different approach – andrew Nov 19 '14 at 14:49
1

You could do a salt by doing something like

$pass = md5($pass2 . $salt)

However, if you want to actually do a secure hash, a function like password_hash is more suitable.

Note that a hash is not just a catch-all security method. Depending on what your use-case is, this may not be very secure. It's worthwhile to look into potential security vectors before using hashes.

Arda Xi
  • 2,616
  • 3
  • 19
  • 24
0

You could just concatenate the salt string to the end of the user inputted string.

<?php
    $pass2=$_POST['pass'] . 'LivesForever';
    $pass=md5($pass2);
    echo $pass;
?>

Then build the url: 

$url = 'http://www.website.com/' . $_POST['pass'] . '/' . $randomfolder . '/' . $pass;
Danilo
  • 83
  • 7