How to compare password with old md5?

M

m1rvi2020-09-15 18:38:27

PHP

m1rvi, 2020-09-15 18:38:27

I ran into a problem that the password comparison does not want to give true, although I know for sure that they are the same.
md5, because my task is to save the database with users, and the site was made 5 years ago and it needs to be updated and other features added ..
Here is the code:

if(password_verify($data['password'], $row['pass'])) {
//row - это то что я достал с дб(пароль). 
$_SESSION['logged_user'] = $user;
header("Location: cabinet/index.php");
}
else { 
    echo "не получилось";
}

Just in case:

spoiler

e67459d13869483c8d70238fee01b158c6459609a3854b724db0221fd0d659cd - hashed password in db
1234 - real password

sorry for stupid question

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

Dmitry, 2020-09-15
@m1rvi

If you have a password md5 hash stored in the database (which is not recommended ), then compare passwords using the md5 function https://www.php.net/manual/en/function.md5.php

S

SagePtr, 2020-09-15
@SagePtr

For example, you can store several types of hashes - old md5 and new ones obtained by the password_hash function.
And in the code itself, check if the hash starts with $ - then this is a new hash, check it through password_verify, and if not, then this is the old hash, check it like this:
if (hash_equals(md5($password), $hash))
Well, in the event that the hash of the old format is suitable, then not only let the user in, but also generate a new hash from the password entered by him with the password_hash function and save it to the database so that over time the old hashes are replaced by new ones.