View Source

Hi guys ,

I have designed a form for users to create a login account . I found that passwords are MD5 protected .In my form i asked Firstname, lastname , email and password for account creation . Insert work very well but i am not being able to protect the password that has been entered . Password are stored in workflow variable named NewUserPassword .

My code is :

String password = "#variable.NewUserPassword#";
				String insertQuery = "INSERT INTO dir_user (id, username, firstName, lastName, password, email, active, timezone) values (?, ?, ?, ?, ?, ?, '1', '0')";
                PreparedStatement istmt = con.prepareStatement(insertQuery);
                istmt.setString(1, row.getProperty("UserEmail"));
                istmt.setString(2, row.getProperty("UserEmail"));
                istmt.setString(3, row.getProperty("UserFirstname"));
                istmt.setString(4, row.getProperty("UserLastname"));
                istmt.setString(5, here i need to md5 the password ??? ));
		istmt.setString(6, row.getProperty("UserEmail"));
                istmt.executeUpdate();

				//Setting role for this new user
    			String SqlSetRole = "INSERT INTO dir_user_role (roleId,userId) values ('ROLE_USER',?) ";
    			PreparedStatement statementAffectRole = con.prepareStatement(SqlSetRole);
				statementAffectRole.setString(1, row.getProperty("UserEmail"));
    			statementAffectRole.executeUpdate();

I also have this in my code :

public static String md5Base16(String content) {
    try {
        MessageDigest md = MessageDigest.getInstance("MD5");
        byte[] bytes = md.digest(content.getBytes());
        StringBuffer sb = new StringBuffer();
        for (int i = 0; i < bytes.length; i++) {
            byte b = bytes[i];
            String hex = Integer.toHexString((int) 0x00FF & b);
            if (hex.length() == 1) {
                sb.append("0");
            }
            sb.append(hex);
        }
        return sb.toString();
    } catch (Exception e) {}
    return "";
}

public static String md5(String content) {
    try {
        MessageDigest m = MessageDigest.getInstance("MD5");
        byte[] data = content.getBytes();
        m.update(data, 0, data.length);
        BigInteger i = new BigInteger(1, m.digest());
        return String.format("%1$032X", i);
    } catch (Exception ex) {}
    return "";
}

when in my sql command i do : md5('password') ; the insert work well with "password" as password . But i need to md5 a variable , i am not being able to put the correct syntax . Can anyone one give me the correct syntax ?

Thank you very much . Best .