How do i MD5 crypt password at registration?

Question

I downloaded a full php forum and have been removing the errors and fixing things i didnt like with it.

Theres still one thing, I am not sure how to have my passwords stored as a MD5 key. whould be great if someone could rewrite this php code to crypt passwords of people who register.

<?php
    session_start();
    include '../_database/database.php';
    if(isset($_REQUEST['signup_button'])){
        $user_email=$_REQUEST['user_email'];
        $user_firstname=$_REQUEST['user_firstname'];
        $user_lastname=$_REQUEST['user_lastname'];
        $user_username=$_REQUEST['user_username'];
        $user_password=$_REQUEST['user_password'];
        $sql="INSERT INTO user(user_firstname,user_lastname,user_email,user_username,user_password,user_joindate,user_avatar,user_backgroundpicture) VALUES('$user_firstname','$user_lastname','$user_email','$user_username','$user_password',CURRENT_TIMESTAMP,'default.jpg','default.jpg')";
        mysqli_query($database,$sql) or die(mysqli_error($database));
        $_SESSION['user_username'] = $user_username;
        header('Location: ../update-profile-after-registration.php?user_username='.$user_username);
    }
?>

The register page calls for this code.

What PHP version are you using? If you are using PHP >= 5.5.0 I would suggest using `password_hash();` If you are not high enough but working with PHP5 as you said, you could try using ircmaxwell workaround [password_hash()](https://github.com/ircmaxell/password_compat) — Naruto, Jan 15 '16 at 09:57
You can use as `$user_password=md5($_REQUEST['user_password']);` — AnkiiG, Jan 15 '16 at 09:59
md5($user_password), but try to find another way of crypting your password. MD5 is not safe for storing passwords in database! Btw. This is a duplicate: http://stackoverflow.com/questions/13213237/encrypt-password-in-md5 — Frank W., Jan 15 '16 at 09:59
MD5 is not considered a secure method to hash passwords, please use the native PHP password library http://php.net/manual/en/function.password-hash.php You should also use paramterized/prepared queries to avoid sql injection hacks http://php.net/manual/en/mysqli-stmt.bind-param.php — JimL, Jan 15 '16 at 09:59
im not realy good with php and no clue how to figure out what version i am using. however, i belive im using php5 — AvatarLand Razer, Jan 15 '16 at 10:00
$user_password=md5($_REQUEST['user_password']); worked :) thanks alot! — AvatarLand Razer, Jan 15 '16 at 10:01
why in God's name *(or whatever higher power you believe in),* would you want to use a hashing function that's over 30 years old and is totally unsafe to use in this century?? — Funk Forty Niner, Jan 15 '16 at 12:12

score 2 · Answer 1 · answered Jan 15 '16 at 09:59

2

You could use $user_password=MD5($_REQUEST['user_password']); however, I WOULD NOT suggest doing this. MD5 is not secure for password hashing anymore. Take a look at the password_hash function or crypt function for a more secure hashing algorithm.

answered Jan 15 '16 at 09:59

Matt

2,851
1
13
27

score 0 · Answer 2 · answered Jan 15 '16 at 10:00

Try this

<?php
        session_start();
        include '../_database/database.php';
        if(isset($_REQUEST['signup_button'])){
            $user_email=$_REQUEST['user_email'];
            $user_firstname=$_REQUEST['user_firstname'];
            $user_lastname=$_REQUEST['user_lastname'];
            $user_username=$_REQUEST['user_username'];
            $user_password=$_REQUEST['user_password'];


             $user_password = md5( $user_password);




            $sql="INSERT INTO user(user_firstname,user_lastname,user_email,user_username,user_password,user_joindate,user_avatar,user_backgroundpicture) VALUES('$user_firstname','$user_lastname','$user_email','$user_username','$user_password',CURRENT_TIMESTAMP,'default.jpg','default.jpg')";
            mysqli_query($database,$sql) or die(mysqli_error($database));
            $_SESSION['user_username'] = $user_username;
            header('Location: ../update-profile-after-registration.php?user_username='.$user_username);
        }
    ?>

devpro · Accepted Answer · 2016-01-15T10:07:12.863

-1

You need to use like that for your INSERT Statement:

$user_password= md5($_REQUEST['user_password']);

Now how can you select md5() password from database after insertion?

Its very simple, you must need to follow same step:

$user_password= md5($_REQUEST['user_password']); // your input with md5

MD5() PHP Manual

As per manual, it will return you the hash as a 32-character hexadecimal number.

Here is the basic example of md5() hash convert and selection.

// convert md5 hash
$insertString = 'apple';
$convert_md5 = md5($insertString); // 1f3870be274f6c49b3e31a0c6728957f

// select md5 hash
$selectString = 'apple';
if (md5($selectString) === $convert_md5) {
    echo "Would you like a green or red apple?";
}

edited Jan 15 '16 at 10:07

answered Jan 15 '16 at 09:59

devpro

16,184
3
27
38

atleast add comments after downvote.... downvoters... how can i improve this if u didnt guide. – devpro Jan 15 '16 at 13:09
Not my downvote, but you probably got those because someone didn't agree in you're not instructing the OP in regards to the use of MD5 and including mentions/links of a password hashing function of *"this century"* ;-) – Funk Forty Niner Jan 15 '16 at 13:41
@Fred-ii-: yes may be... just try to explain how it works... well my bad, but useful answer for OP .... :) – devpro Jan 15 '16 at 13:56
1

I agree. Oh well, what can you do ;-) People can be *strange animals* at times. – Funk Forty Niner Jan 15 '16 at 13:59

How do i MD5 crypt password at registration?

3 Answers3