MySQL and PHP guru's help needed - GoFuckYourself.com

acctman · 01-22-2004, 12:44 AM

is there a piece of coding that will convert MySQL password() to PHP MD5() ? i have a database of users on one board and i need to move there account to a new one but the password encrytion is different.

is there a way to de-crypt MySQL passwoard() and then re-encrypt with PHP MD5() ?

JDog · 01-22-2004, 12:47 AM

Quote:

Originally posted by acctman
is there a piece of coding that will convert MySQL password() to PHP MD5() ? i have a database of users on one board and i need to move there account to a new one but the password encrytion is different.

is there a way to de-crypt MySQL passwoard() and then re-encrypt with PHP MD5() ?

In my experience there is no way to decrypt MySQL password function!

jDoG

SilverTab · 01-22-2004, 12:58 AM

From the MySQL manual... PASSWORD(str) Calculates a password string from the plaintext password str. This is the function that is used for encrypting MySQL passwords for storage in the Password column of the user grant table. mysql> select PASSWORD('badpwd'); -> '7f84554057dd964b' PASSWORD() encryption is non-reversible. PASSWORD() does not perform password encryption in the same way that Unix passwords are encrypted. You should not assume that if your Unix password and your MySQL password are the same, PASSWORD() will result in the same encrypted value as is stored in the Unix password file. See ENCRYPT(). If you could decrypt this, you might be able to decrypt user passwords from the mysql db.

venturi · 01-22-2004, 01:01 AM

OY. Never even considered this one. There *should* be a way but I've never seen anything. Have you checked out mysql.org to see if they have anything there? If/when you figure out how to decrypt you can basically do anything with them.

Another option - not exactly an eloquent one - would be to send out a bulk mail to all your members that autogenerates new passwords for them and they just have to confirm the email. Messy, yes, but it would also allow you to notify them that you're changing the board script so they can re-bookmark you. Just an idea - and for every problem facing humanity there is a simple and eloquent, and equally WRONG solution.

acctman · 01-22-2004, 03:47 AM

hmm i think i found something http://www.php.net/manual/en/function.md5.php what do you think?

Claude · 01-22-2004, 03:52 AM

Quote:

Originally posted by venturi
Another option - not exactly an eloquent one - would be to send out a bulk mail to all your members that autogenerates new passwords for them and they just have to confirm the email. Messy, yes, but it would also allow you to notify them that you're changing the board script so they can re-bookmark you. Just an idea - and for every problem facing humanity there is a simple and eloquent, and equally WRONG solution.

Just do it like that, this way you might also get some older inactive members to renew interest for your board. Sure, it´s not pretty, but if it works why spend time with encryption. You might even benefit from emailing everybody....

woj · 01-22-2004, 07:02 AM

Quote:

Originally posted by acctman
is there a piece of coding that will convert MySQL password() to PHP MD5() ? i have a database of users on one board and i need to move there account to a new one but the password encrytion is different.

is there a way to de-crypt MySQL passwoard() and then re-encrypt with PHP MD5() ?

You can also tweak the code of the new board a little, so the hashing schemes are the same in both.

01-22-2004, 12:44 AM	#1
acctman Confirmed User Join Date: Oct 2003 Location: Atlanta Posts: 2,840	MySQL and PHP guru's help needed is there a piece of coding that will convert MySQL password() to PHP MD5() ? i have a database of users on one board and i need to move there account to a new one but the password encrytion is different. is there a way to de-crypt MySQL passwoard() and then re-encrypt with PHP MD5() ?

01-22-2004, 12:58 AM	#3
SilverTab Confirmed User Join Date: Nov 2001 Location: MTL Posts: 5,060	From the MySQL manual... PASSWORD(str) Calculates a password string from the plaintext password str. This is the function that is used for encrypting MySQL passwords for storage in the Password column of the user grant table. mysql> select PASSWORD('badpwd'); -> '7f84554057dd964b' PASSWORD() encryption is non-reversible. PASSWORD() does not perform password encryption in the same way that Unix passwords are encrypted. You should not assume that if your Unix password and your MySQL password are the same, PASSWORD() will result in the same encrypted value as is stored in the Unix password file. See ENCRYPT(). If you could decrypt this, you might be able to decrypt user passwords from the mysql db. __________________ mmm my sig was too big... no more cool animation but hey still! need php? ICQ: 94586959

01-22-2004, 01:01 AM	#4
venturi Confirmed User Join Date: Aug 2001 Location: An Oasis atop a High Desert Mesa Posts: 386	OY. Never even considered this one. There should be a way but I've never seen anything. Have you checked out mysql.org to see if they have anything there? If/when you figure out how to decrypt you can basically do anything with them. Another option - not exactly an eloquent one - would be to send out a bulk mail to all your members that autogenerates new passwords for them and they just have to confirm the email. Messy, yes, but it would also allow you to notify them that you're changing the board script so they can re-bookmark you. Just an idea - and for every problem facing humanity there is a simple and eloquent, and equally WRONG solution. __________________ I'm not a porn monger. I'm a porn ... STYLIST! Buildit Cheap, build it Fast, Build it Right. - Pick Two.

01-22-2004, 03:47 AM	#5
acctman Confirmed User Join Date: Oct 2003 Location: Atlanta Posts: 2,840	hmm i think i found something http://www.php.net/manual/en/function.md5.php what do you think?