#2 MD5 passwords


in INSTALL you write:
* username and password for users in dbmail must
currently be stored as plain text - support for other
encryption methods to come in the future

Do you know MD5 is *very* easy? just put it in MD5()
in the SQL string.

$sql = "SELECT * FROM dbmail_users WHERE
userid='".db_escape_direct($this->email)."' AND


  • Borvik Bramblewood

    • status: open --> pending
  • Borvik Bramblewood

    Logged In: YES

    I believe I tried that at one point and it didn't work.

    However that may be because I had copied the entire database
    to a different machine running a different version of MySQL
    for development reasons.

    I will experiment with this again at some point, but I want
    to concentrate first getting the program running correctly.

  • Borvik Bramblewood

    • priority: 5 --> 4
  • Borvik Bramblewood

    • status: pending --> open
  • Borvik Bramblewood

    Logged In: YES

    Yup I just tried it.

    I created a user using dbmail-users making sure the p flag
    (passwordtype) was set to MD5.

    I then ran the following select statement: SELECT
    MD5('password') AS Encrypted, userid, passwd FROM
    dbmail_users WHERE user_idnr = xx

    There was one row returned as I suspected, but the passwd
    column was different from the Encrypted column - so dbmail
    is most likely using a different MD5 encryption.

    I'll work on converting that to PHP.

  • Borvik Bramblewood

    Logged In: YES

    Well I've determined the MD5 encryption used by dbmail and
    should be able to modify the login procedure (and change
    password) to work properly with it.

    The key was the crypt() command.

  • Borvik Bramblewood

    • priority: 4 --> 1
    • assigned_to: nobody --> borvik
    • status: open --> closed
  • Borvik Bramblewood

    Logged In: YES

    MD5 Encrypted passwords now supported.

    Unfortunately while MySQL enables you to salt an encryption
    string in the ENCRYPT function (making pure SQL checking
    possible), I have been unable to find the equivalent in
    PostgreSQL - thus it's all handled in PHP.


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks