Can someone explain to me what EXACTLY is going on in this code:

$newpass = md5(md5("xlg3m3qp".$pass1."s29dme3lw"));

I am trying to write a script that will allow me to change the password in my database. However, when I run the mysql code:

$sql = mysql_query("UPDATE members SET password='$newpass' WHERE id='$id' AND hash='$hashpass')") or die("mysql error");

the script runs fine, and the password is updated, however, only one problem... The new password that is generated, is the same as the original password! The original password is initially set using a similar script:

$db_password = md5(md5("xlg3m3qp".$pass1."s29dme3lw")); 

$sql = mysql_query("INSERT INTO members (username,  password)  

     VALUES('$username', '$db_password')")  or die (mysql_error());

juniper747 wrote:

The new password that is generated, is the same as the original password!

If $pass1 has the same value in both cases then of course that should happen since the text you prepend and append to $pass1 is the same, and MD5 is deterministic. On the other hand, if $pass1 really is a new "raw" password, then it is very likely that the new password hash will be different.

bradgrafelman;10981426 wrote:

The hash you're getting wouldn't happen to be c0a0a0e7930b94f75ad4939e54c9d857, would it?

No actually, I ended up figuring it out... I was using a JOIN in my query, but my syntax was incorrect.