O'Reilly logo

PHP Hacks by Jack D. Herrington

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Hack #59. Migrate to MD5 Passwords

Use a migration script to turn your plain-text passwords into MD5-encrypted passwords.

From years of consulting work, I can tell you that although people say their web applications have encrypted passwords, they often do not. Realistically, though, encrypting passwords is just not that difficult to do. Even worse, any site that can send you the exact text of your password when you click the "I forgot my password" link stores a copy of your password in clear text somewhere. Needless to say, this isn't a good thing.

So why are encrypted passwords so important? First, because anyone who gets access to the database through a security hole can get access to the entire system. Second, most people talk about using different passwords on different accounts, but end up using the same, or similar, passwords, simply because it's easier. Getting a password on one machine can mean having access to other, possibly more important accounts. This hack describes how to migrate a table of users and passwords from plain text to MD5 encryptions.

The Code

Save the code in Example 6-27 as schema.sql.

Example 6-27. The original schema file

DROP TABLE IF EXISTS users;
CREATE TABLE users (
	id MEDIUMINT NOT NULL AUTO_INCREMENT,
	name TEXT,
	pass TEXT,
	PRIMARY KEY( id ) 
);

Save the code in Example 6-28 as users.sql.

Example 6-28. The original nonencoded passwords

INSERT INTO users VALUES ( 0, "jack", "toronto" ); 
INSERT INTO users VALUES ( 0, "megan", "omaha" );

Save the code in Example ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required