Ajax to create password hash

software development

#1

The unique username verification works, so I’m not asking about that.
Javascript doesn’t do md5, so I’m attempting to farm it out with ajax here.
I can’t seem to get the syntax right for the part in blue.
I’m a rank beginner in javascript, so I could use a little help here.

[code]
// Test to see if there is an existing user by this name…
$(document).ready(function() {
$(’#myIDLoading’).hide();
$(’#myID’).blur(function(){
$(’#myIDLoading’).show();
$.post("…/assets/scripts/check.php", {
myID: $(’#myID’).val()
}, function(response){
$(’#myIDResult’).fadeOut();
setTimeout(“finishAjax(‘myIDResult’, '” escape(response) “’)”, 400);
});
return false;
});

[color=#0000CC]//Create md5 hash from string in field ‘password2’ and put it into hidden field ‘password’.
$(’#password2’).blur(function(){
$.post("…/assets/scripts/hashpass.php", {
password2: $(’#password2’).val()
}, function(response){
$(’#password’).val(response);
});
return false;
});
});[/color]

function finishAjax(id, response) {
$(’#myIDLoading’).hide();
$(’#’ id).html(unescape(response));
$(’#’ id).fadeIn();
} //finishAjax

[/code]This is my php code in hashpass.php:

[code]<?php
$password2 = $_POST[‘password2’]; // get the password
$password2 = trim(htmlentities($password2)); // strip some crap out of it

$myHashedPass = md5($password2);

return $myHashedPass;

?>[/code]From the form that where the fields exist:<input name="password2" id="password2" type="text" value="" size="32"/> <input name="password" id="password" type="text" value=""/>How do I word it so the hashed password gets inserted into hidden field ‘password’ on blur?
For purposes of diagnostics, I’ve left password as type=“text”.

Cheers.


#2

Sending the cleartext password to a PHP script to take the MD5 loses you all the security that hashing the password gains you. However, there are Javascript implementations of MD5 available - here’s one: http://www.onicos.com/staff/iz/amuse/javascript/expert/md5.txt


#3

Doh! you’re right! I’ll check it out. Thanks.


#4

So, assuming I’ve sourced the suggested md5.js above my in-doc js thus:

I might try something like this instead:

//Create md5 hash from string in field ‘password2’ and put it into hidden field ‘password’.
$(’#password2’).blur(function(){
var hashedpass = md5(document.form1.password2.value);
document.form1.password.value = hashedpass;
});

That doesn’t seem to work either.
Am I even close?