Re: PHP to md5 the $var before it reaches MySQL's gen query log

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Once again sorry to all for indulging you.  I have found the answer, plus a
little additional security on the this.
Here is the code that works with additional encrypting of the md5 from PHP. 
My syntax was incorrect before.
Bedul got me thinking by changing the BLOB to VARCHAR.  That led to the
answer.
Blessings, 
Chetan


function addNewUser($username,$password){
global $q;
global $tbl_name;
global $con;
$usrname=md5($username);
$passname=md5($password);

//hash then encrypt a string
function Encrypt($string) {$crypted = crypt(md5($string),
md5($string));return $crypted; } 

$user = encrypt($usrname);
$pass = encrypt($passname);

mysql_query("INSERT INTO $tbl_name
(username,password)VALUES('$user','$pass')");

return mysql_query($q,$con);

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;



Chetanji wrote:
> 
> Hey Bedul,
> My mistake as md5 on MySQL side still works.  I put an extra ' in the
> passwords value by mistake.  I corrected it.
> Still no error from MySQL I can not tell the difference from either INSERT
> in the log as both look the same(except one is  binary 32bits and the
> other md5('text').
> 
> Still haven't figured this silly problem out.
> Thanks for your quick help though.
> Chetan
>  
> 
> Chetanji wrote:
>> 
>> Hey Bedul,
>> I dropped the table and recreated it with VARCHAR (50) for both. (The
>> reason I like BLOB is when you edit the table all you see is BLOB until
>> you have the permission to open it to binary or text.
>> 
>> Here is the log message:
>> 
>> 070512 16:36:07	     35 Connect     root@localhost on 
>> 		     35 Init DB     aims site
>> 		     35 Query       INSERT INTO docproedit (username,password)VALUES
>>                                          
>> ('61d46e51e01c5c77ffb9a60f00a842a1'),('2ccd89b67324dd915dd2d286f613332e')
>> 		     35 Query       INSERT INTO docproedit
>> (username,password)VALUES(md5('mata's'),md5('blessing'))
>> 		     35 Query       1
>> 		     35 Quit       
>> 
>> Now neither INSERT works.  Do you know what the '1' is by the way?
>> With BLOB at least one worked with inserting $var's in the values.
>> This seems like a silly problem.
>> There must be some way to do this proper.  I'm just a baby at this.
>> Blessings,
>> Chetan
>> 
>> 
>> 
>> 
>> Bedul says:
>> 
>> 
>> bedul wrote:
>>> 
>>> username BLOB NOT NULL default '',
>>> password BLOB NOT NULL default '',
>>> 
>>> do you try
>>> username varchar 50,
>>> password varchar 50??
>>> 
>>> i'm just ask..
>>> sry, hope that's can solve your problem
>>> 
>>> ----- Original Message -----
>>> From: "Chetan Graham" <chetan_graham@xxxxxxxxxxxxxx>
>>> To: <php-db@xxxxxxxxxxxxx>
>>> Sent: Saturday, May 12, 2007 4:28 PM
>>> Subject:  PHP to md5 the $var before it reaches MySQL's gen
>>> query
>>> log
>>> 
>>> 
>>>> Greetings to All,
>>>> I am having difficulty in 'md5'ing a $var in a function before it is
>>>> placed into the ("INSERT INTO table...
>>>>
>>>> The whole point is I don't want the MySQL DB logs showing my $var's
>>>> password and username 'before' it is encrypted by MySQL's md5.
>>>>
>>>> When MySQL receives PHP's encrypted $var the log shows query INSERT
>>>> with
>>>> the 32 bits but it is not inserted into the DB.
>>>>
>>>> MySQL will not accept the $var's in the code that is commented out.
>>>> It shows no errors by the way.
>>>> MySQL accepts what is shown, but this is not as I explained what I
>>>> want.
>>>> Thanks In Advance,
>>>> Chetan
>>>>
>>>>  mysql_query("CREATE TABLE IF NOT EXISTS docproedit (
>>>>               id int(11) NOT NULL auto_increment,
>>>>               username BLOB NOT NULL default '',
>>>>               password BLOB NOT NULL default '',
>>>>               TimeEnter timestamp,
>>>>               PRIMARY KEY (id)
>>>>                )
>>>>               ENGINE=MyISAM;")or die('Create Died' . mysql_error());
>>>>
>>>>
>>>> <?php
>>>> $db_server='localhost';
>>>> $db_user='root';
>>>> $db_pass='somepassword';
>>>> $db_name='aims site';
>>>> $tbl_name='docproedit';
>>>> $con = mysql_connect($db_server,$db_user,$db_pass) or
>>>> die(mysql_error());
>>>> $q=mysql_select_db($db_name, $con) or die(mysql_error());
>>>>
>>>> function addNewUser($username,$password){
>>>> global $q;
>>>> global $tbl_name;
>>>> global $con;
>>>> //$user=md5($username);
>>>> //$pass=md5($password);
>>>> //mysql_query("INSERT INTO $tbl_name
>>>> (username,password)VALUES('$user'),('$pass')");
>>>> $user=$username;
>>>> $pass=$password;
>>>> mysql_query("INSERT INTO $tbl_name
>>>> (username,password)VALUES(md5('$user'),md5('$pass'))");
>>>> return mysql_query($q,$con);
>>>> }
>>>> ?>
>>>> <?php
>>>> $username="somename";
>>>> $password="somepassword";
>>>>
>>>> addNewUser($username,$password);
>>>> echo "<h2>New User Added!</h2>";
>>>> ?>
>>>>
>>>> --
>>>> PHP Database Mailing List (http://www.php.net/)
>>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>>
>>> 
>>> -- 
>>> PHP Database Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>> 
>>> 
>>> 
>> 
>> 
> 
> 

-- 
View this message in context: http://www.nabble.com/PHP-to-md5-the-%24var-before-it-reaches-MySQL%27s-gen-query-log-tf3731340.html#a10445307
Sent from the Php - Database mailing list archive at Nabble.com.

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux