This following query returned null.
SELECT `email`, `password`, `salt` FROM `users` WHERE `password` = md5(`salt`+md5('123123'+`salt`)+'123123') AND `email` = 'xeka@xeka.ru'
The following query returned 'd2b4312db21705dafd96df14f8525fef', but why?
SELECT md5( 'Vwm' + md5( '123123' + 'Vwm' ) + '123123' )
This code returned '422ad0c19a38ea88f4db5e1fecaaa920'.
$salt = 'Vwm';
$password = '123123';
echo md5($salt . md5($password . $salt) . $password);
Do user authorization. How do I create a query to the database so that the first took SALT and SALT have this I did some MD5 function?
SELECT md5(CONCAT('Vwm', md5(CONCAT('123123', 'Vwm' )), '123123' )) ;
You need to concat() the strings then execute md5() on them.
This way it returns correctly the same value as your PHP script:
+--------------------------------------------------------------+
| md5(CONCAT('Vwm', md5(CONCAT('123123', 'Vwm' )), '123123' )) |
+--------------------------------------------------------------+
| 422ad0c19a38ea88f4db5e1fecaaa920 |
+--------------------------------------------------------------+
Marc B
String concatenation in MySQL requires using CONCAT()`. This;
md5( '123123' + 'Vwm' )
is actually adding a number to a string:
mysql> select '12123' + 'Vwm';
+-----------------+
| '12123' + 'Vwm' |
+-----------------+
| 12123 |
+-----------------+
So your query is not the same as the PHP side, as you're not hashing the same string.
- salt should be in your script
- salted password in your database
- your script is salting password and compare with salted version in db
- if same consider OK
来源:https://stackoverflow.com/questions/4844717/mysql-md5-select