md5() Hashing Using PHP Tutorial Author - Scrowler (http://forums.biorust.com/member.php?userid=66)

One of the many ways of hashing data using PHP is a function called md5(). md5() converts a string of text into a 32-character hash, using a secret algorithm, thus protecting the original source information. md5() hashed strings cannot be dehashed either, which presents us with the novel problem of working out if two md5-hashed strings are equal. The answer is actually quite simple. Take a login system - instead of dehashing the string and comparing it to a regular password, you take the hashed string and compare it to a string that has already been hashed! Sounds simple doesn't it?

A Simple MD5-Hashing Script
So, let’s write ourselves a little test script:

<?php $string = “string to be encrypted”; $encstring = md5($string); echo $encstring; ?>

This will produce a 32-character jumble of letters and numbers, which will not resemble the original input string in the slightest. In this case, the output would be "fc8de8ee2c43a9ae2f9023f205d960d6".

To use md5, simple enclose the string in md5( x ); by replacing the x demonstrated with your string name variable. E.g. md5($stringname);. Yes, it’s that simple!

You can use this method to protect admin areas and member only pages, but it has limited reliability, so I do not recommend using this function to protect administration areas for big businesses or important websites. It is, however, more than sufficient for small businesses and for personal use.

The md5 hashing algorithm is a non-reversible hash, although recently there has been much activity in building scripts that have this functionality. There are numerous accomplishments from people who have achieved this so far, although the de-hashing of an md5 hash takes an incredibly powerful computer and a lot of time (I ran a PHP script to do a 5 character password hashed into an md5 hash and it crashed my PC).

A Log-in Password Verifier (using MD5)
Let’s write a quick login script to demonstrate my point.  Assume in the example below that you have a form, which uses POST and points to login.php, with a field called username and a password field called password.

<?php // login.php written by Robbie Averill for BioRUST $username = $_POST['username']; $password = $_POST['password']; $encpassword = md5($password); $checkpw = "fc8de8ee2c43a9ae2f9023f205d960d6"; if($encpassword === $checkpw){ echo 'User logged in successfully! Welcome '.$username.'!'; } else { echo 'Password was wrong!'; } ?>

In this instance, the hashed value checks whether the posted password is equal (in this case the password would be “string to be hashed”). I hope this basic tutorial on md5() hashing has helped you! Good luck!

For more information on the md5() function visit the following link:
http://www.php.net/md5

For a more indepth look at hashing algorithms and procedures with PHP, check out the section of my Text & Number Functions tutorial on Mhash Library.