CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Advanced:
password encryption problem

 



subodhkeskar
New User

Jun 18, 2002, 9:15 AM

Post #1 of 3 (1336 views)
password encryption problem Can't Post

Hello friends,

With this perl script i am trying to retrieve the data from one database and inserting it into another database.

Once i retrieved all the fields from first database than before inserting into the second database, i am encrypting the password (field10) using md5_hex function.

On the other hand, i am taking the user input (username & password) using a PHP script (script is not given here) and encrypting the user input password in with md5()

PHP function.

Now the problem ...............when (using the perl script) the data is inserted into the database, the value of encrypted password stored in the second database ($passwordfromdb) is totally different from the expected encrypted value

($field10 = md5_hex($field10);


Therefore the put password is never matching with the password in the database. It is giving the following error:

Password does not match (from PHP script).

**

I have already made sure that the function in PERL md5_hex() gives the same encryption value as the function in PHP md5().

Please let me know if anybody has any idea about this problem. I appreate your help.

Thanks

Subodh



#!/usr/local/bin/perl
use DBI();
use Digest::MD5 qw(md5 md5_hex md5_base64);
# Connect To Database
# * The DBI interface to MySQL uses the method "connect" to make a
# * connection to the database. It takes as it's first argument
# * the string "DBI:mysql:database:hostname", where database is equal
# * to the name of your database, and hostname to the server that it's
# * located on. The second and third arguments, respectively, should
# * be your account username and password. The connection is assigned
# * to a variable that is used by most other methods in the module.

$db = DBI->connect("DBI:Sybase:server=blue", username, password);

# Execute a Query
# * executing a query is done in two steps. First,
# * the query is setup using the "prepare" method.
# * this requires the use of the variable used to
# * initiate the connection. Second, the "execute"
# * method is called, as shown below.
$query = $db->prepare("SELECT id, name,addr1,addr2,city,state,zip,phone,username,password FROM customer");
$query->execute;

# How many rows in result?
# * the "rows" method using the variable name the
# * query was executed under returns the number
# * of rows in the result.
$numrows = $query->rows;

# Display Results
# * the fetchrow_array method executed on the
# * query returns the first row as an array.
# * subsequent calls return the other rows in
# * sequence. It returns zero when all rows have
# * been retrieved.
$dbh = DBI->connect("DBI:mysql:database=database;host=server, username, password)|| die "Connect failed:$DBI::errstr\n";
print"Hood Server connected successfully";
while (@array = $query->fetchrow_array)
{
($field1, $field2, $field3, $field4, $field5, $field6, $field7, $field8, $field9, $field10) = @array;

#$field10 =~ s/\s+$//;
#print "$field10";
$field10 = md5_hex($field10);
$sql = "INSERT into custdata values (\"$field1\", \"$field2\", \"$field3\",\"$field4\",\"$field5\",\"$field6\",\"$field7\",\"$field8\", \"$field9\", \"$field10\")";

$sth = $dbh->prepare($sql);
$sth->execute;
$sth->finish;
print"Hello";

print "Customer ID = $field1, Name = $field2, Address1 = $field3, Address2
= $field4, City = $field5, State = $field6,Zip = $field7, Phone = $field8,
username=$field9, password = $field10\n"; }
$dbh->disconnect;

# Cleaning Up
# * with the DBI module, it is a good idea to clean up by
# * explicitly ending all queries with the "finish" method,
# * and all connections with the "disconnect" method.
$query->finish;
$db->disconnect;

exit;


fashimpaur
User / Moderator

Jun 18, 2002, 1:08 PM

Post #2 of 3 (1332 views)
Re: [subodhkeskar] password encryption problem [In reply to] Can't Post

Subod,

If I may use the abbreviated name...Cool

Okay, here is a suggestion. Make sure that the field data type in the
database is not stored as MD5 or Password. If it is, just passing the plain
text to the database insert statement causes an encryption algorithm to be
run. Do not encrypt the data before sending it in the insert statement if
this is the case.

If this occurs, your MD5_hex would double encrypt the value and it would now
be useless.

Just a suggestion of something to check,
Dennis

$a="c323745335d3221214b364d545".
"a362532582521254c3640504c3729".
"2f493759214b3635554c3040606a0",
print unpack"u*",pack "h*",$a,"\n\n";


arhuman
New User

Jul 2, 2002, 2:12 PM

Post #3 of 3 (1308 views)
Re: [subodhkeskar] password encryption problem [In reply to] Can't Post

Of course $field10 is chomp'ed, isn't it ?
(no trailing \n)
Smile

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives