I've been using md5() to "encrypt" my password's so that when they are displayed in the address bar they are not readable, however, I'm having a problem.
When I use this function on my password,
$login_pword = md5($login_pword[FALSE]);
Everything appears to be working normally and fine. But after this long string created from md5() is added to the database and I run my pword verification code, it seems that whenever the pword's first character or any first characters are tested, they all pass.
code eg.
$pword = "joshua ";
$chk_pword = md5($pword[FALSE]);
$grabbedpword = "54kl3j4a40c043kois3"; // Taken from Database.
if($chk_pword != $grabbedpword) {
echo("Verification Failed!");
} else {
echo("Verification Passed!");
}
So for this code, let's assume that long string actually was the md5() for "joshua". Now anytime "j", "jo", "jos", etc. are tested in the $pword var. it still passes verification.
Can anyone tell me why? Is the md5() function only for the first char in a string? From reading the documentation I was under the impression that it wasn't but I very well could be wrong.
When I use this function on my password,
$login_pword = md5($login_pword[FALSE]);
Everything appears to be working normally and fine. But after this long string created from md5() is added to the database and I run my pword verification code, it seems that whenever the pword's first character or any first characters are tested, they all pass.
code eg.
Code:
$pword = "joshua ";
$chk_pword = md5($pword[FALSE]);
$grabbedpword = "54kl3j4a40c043kois3"; // Taken from Database.
if($chk_pword != $grabbedpword) {
echo("Verification Failed!");
} else {
echo("Verification Passed!");
}
So for this code, let's assume that long string actually was the md5() for "joshua". Now anytime "j", "jo", "jos", etc. are tested in the $pword var. it still passes verification.
Can anyone tell me why? Is the md5() function only for the first char in a string? From reading the documentation I was under the impression that it wasn't but I very well could be wrong.
