M
M
m1rvi2020-09-15 18:38:27
PHP
m1rvi, 2020-09-15 18:38:27

How to compare password with old md5?

I ran into a problem that the password comparison does not want to give true, although I know for sure that they are the same.
md5, because my task is to save the database with users, and the site was made 5 years ago and it needs to be updated and other features added ..
Here is the code:

if(password_verify($data['password'], $row['pass'])) {
//row - это то что я достал с дб(пароль). 
$_SESSION['logged_user'] = $user;
header("Location: cabinet/index.php");
}
else { 
    echo "не получилось";
}

Just in case:
spoiler

e67459d13869483c8d70238fee01b158c6459609a3854b724db0221fd0d659cd - hashed password in db
1234 - real password


sorry for stupid question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
D
Dmitry, 2020-09-15
@m1rvi

If you have a password md5 hash stored in the database (which is not recommended ), then compare passwords using the md5 function https://www.php.net/manual/en/function.md5.php

S
SagePtr, 2020-09-15
@SagePtr

For example, you can store several types of hashes - old md5 and new ones obtained by the password_hash function.
And in the code itself, check if the hash starts with $ - then this is a new hash, check it through password_verify, and if not, then this is the old hash, check it like this:
if (hash_equals(md5($password), $hash))
Well, in the event that the hash of the old format is suitable, then not only let the user in, but also generate a new hash from the password entered by him with the password_hash function and save it to the database so that over time the old hashes are replaced by new ones.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question