I found a solution for php: $str = rtrim (base64_encode (pack ('H*', md5 ('123456'))), '='); This returns the desired string in 22 characters, rtrim used for discarding trailing '=' pad characters. Thanks for the help. 2010/11/20 Paul <paul.a@aandc.org>

At 07:01 AM 11/20/2010 -0500, Chris Nighswonger wrote:

2010/11/20 Altaf Mahmud <altaf.mahmud@gmail.com> Hi, I want to know how Koha saves its borrowers' password in database? Is it one-way conversion? For example, if a password is saved as '4QrcOUm6Wau+VuBX8g+IPg', can I decode it back to its original text which was '123456'? They are stored as MD5 hashes and you cannot "decode" them as such. IIRCC, what you must do is make an MD5 hash of the password and then compare the two hashes. They should be the same.

The above is not a "pure" MD5 hash [32 character hexadecimal value]; for 123456, it would be

e10adc3949ba59abbe56e057f20f883e

However, the decrypt function at <http://www.cmd5.org/> does return 123456 for 4QrcOUm6Wau+VuBX8g+IPg

Best - Paul

_______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz http://lists.katipo.co.nz/mailman/listinfo/koha

-- Altaf Mahmud System Programmer Ayesha Abed Library BRAC University Bangladesh.