Need help... how to add md5 to password field in php?

Question

Hi mates,

i looking some help and nice attention here..

i bought some php script many years ago and now no suport anymore... i just want to add md5 to password field..

here my form:

<?php
$SQL = "SELECT * from USERS WHERE USERNAME = '$_SESSION[username]'"; $result = @mysql_query( $SQL ); $row = @mysql_fetch_array( $result );

include 'menu.php';
?>
<FORM METHOD="post" ACTION="?page=query_client">
 <INPUT TYPE="hidden" NAME="controller" VALUE="USERS~update~account_details&up=1~<?php echo $row[ID]; ?>">

 <TABLE CLASS="basictable">
  <TR> 
   <TD CLASS="tdmenu"  WIDTH="40%">Username</TD>
   <TD CLASS="tdmenu"  WIDTH="60%"> 
    <b><?php echo $row[USERNAME]; ?></b>
   </TD>
  </TR>
  <TR> 
   <TD CLASS="tdmenu"  WIDTH="40%">Password *</TD>
   <TD CLASS="tdmenu"  WIDTH="60%"> 
    <INPUT TYPE="PASSWORD" NAME="PASSWORD" SIZE="40" VALUE="<?php echo $row[PASSWORD]; ?>">
   </TD>
  </TR>
  <TR> 
   <TD CLASS="tdmenu"  WIDTH="40%">Email Address *</TD>
   <TD CLASS="tdmenu"  WIDTH="60%"> 
    <INPUT TYPE="text" NAME="EMAIL" SIZE="40" VALUE="<?php echo $row[EMAIL]; ?>">
   </TD>
  </TR>
  <TR> 
   <TD CLASS="tdmenu"  WIDTH="40%">Full Name *</TD>
   <TD CLASS="tdmenu"  WIDTH="60%"> 
    <INPUT TYPE="text" NAME="FULLNAME" SIZE="40" VALUE="<?php echo $row[FULLNAME]; ?>">
   </TD>

  <TR> 
   <TD CLASS="tdmenu"  WIDTH="40%">Address *</TD>
   <TD CLASS="tdmenu"  WIDTH="60%"> 
    <INPUT TYPE="text" NAME="ADDRESS1" SIZE="40" VALUE="<?php echo $row[ADDRESS1]; ?>">
   </TD>
  </TR>

 <BR>
 <TABLE CLASS="basictable">
  <TR> 
   <TD CLASS="tdhead2" > 
    <DIV ALIGN="CENTER"><B> 
     <INPUT TYPE="submit" NAME="Submit" VALUE="Submit">
     </B></DIV>
   </TD>
  </TR>
 </TABLE>
</FORM>

and the

it self as query_client.php inside look like:

<?PHP
@session_start();

$controller = $_POST['controller'];
$pieces = explode("~", $controller);
$table = $pieces[0];
$qt =  $pieces[1];
$return =  $pieces[2];
$id =  $pieces[3];
$hack =  $pieces[4];

if ($qt == insert) $qt = 'INSERT INTO';
if ($qt == update) { $qt = 'UPDATE'; $end = "WHERE ID = '$id'"; }
$pre = array_keys( $_POST );

mysql_query ("CREATE TABLE IF NOT EXISTS `$table` (`ID` INT NOT NULL AUTO_INCREMENT , PRIMARY KEY ( `id` ) )");

$count = count($pre); $count = $count - 2;
$sql = "$qt $table SET";
for ($i=0; $i < $count; $i++)
{
$x=$i+1;
$y = $_POST[$pre[$x]];
$d = $y;
mysql_query ("ALTER TABLE `$table` ADD `$pre[$x]` TEXT NOT NULL");
$sql .= " `$pre[$x]` = '$d',";
}
$sql .= " ID = '$id' $end";
$query = mysql_query($sql) or die("$sql_error" . mysql_error());

if (empty($hack)) { } else {
$pieces = explode("/", $hack);
$h0 = $pieces[0];
$h1 = $pieces[1];
$h2 = $pieces[2];
$h3 = $pieces[3];
$h4 = $pieces[4];
$h5 = $pieces[5];

mysql_query ("ALTER TABLE `$table` $h0 $h1 $h2 $h3 $h4 $h5");
$query = mysql_query($sql) or die("$sql_error" . mysql_error());
}

if (isset($_GET[inc])) include "$_GET[inc].php";

?>

so please help me how to add md5 in PASSWORD field? thanks in advance..

Answer 1

Best to use a salt also - hashing and verification should be done at server - see secure hash and salt for PHP

Some links on writing secure code:

• OWASP Top 10 for 2010
• PHP Security: Fortifying Your Website
• Writing Secure PHP