using gravatar in classic ASP

A gravatar is a globally recognized avatar, which means that your avatar is stored in one place and it will appear on several websites, blogs, forums (which support gravatars). Whenever you change your avatar it will be updated on your existing comments, forum posts, etc. It’s a great service! Now if you know what a gravatar is you might want to use it in one of your classic ASP applications. This post describes how to solve this simple problem…

Grabbing a gravatar is simple. It’s nothing more than writing a simple img-tag. The URL for the image points to the gravatar server and includes the email adress of the user whose avatar you want to display. Because everyone could simply grab the plain-text email from the html sourcecode we need to hash it with a MD5 hash. This keeps spammers away. Example of the html



this example would show my personal gravatar which you should see on the left side. Now you have recognized that with classic ASP there is no built-in MD5 hasher. For this reason we need to use our own which you can download at the bottom of the post. Using our MD5 hasher we can easily generate gravatars from within ASP. Here is the code …


<img src="; />

Finished! Thats all we need. There are other optional options which you could provide for the gravatar like e.g. the size of the gravatar. Get more details about the options here.

Download the classic ASP md5 hash class

For all of you who are looking for implementation of gravatar, please check Peter Bucher’s gravatar C# control. Unfortunately the article is in german, but source code speaks for itself 😉

21 thoughts on “using gravatar in classic ASP

  1. Is there a way decrypt this?

    I would like to make a password system so I don’t have to buy a SSL certificate or use does hammered ones. I would like to encrypt the password (with javascript) with a public key that would be base on IP, date and hour (from server) plus password and ASP session. And decrypt on the next page to check if password is correct, since the ASP session is hard duplicate (I hope so), hour and date (from server). Someone can sniff the password and try to decrypt it, but with out the ASP Session correctly and use the encrypt password at the date and hour (with maybe a 10s interval), can not use the password. What do you think? Have you any experience with this?


  2. I thought that hashing “” was for to decrypt or for the email spammers not get the email? So why hash the email then? Is it just to be a ID for, nothing more? Sorry if these are stupid questions.


  3. rui it would not make much sense if it would be possible to decrypt the email hash.. because the spammer would also do so then 😉 gravatar knows your email addy and stores the md5 hash on their server too .. if you request a gravatar now with a hash, then they check if they have such a hash … thats the whole trick .. we achieve protection against spammers – which is the most important thing in this case.
    if u want to know something just ask ..


  4. I can’t figure out why I’m getting the error in the MD5.asp file under the first line.. Class MD5

    Do I have the wrong version of vbScript? Help please…


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create your website at
Get started
%d bloggers like this: