I have a password and the corresponding hash. It is a 32 character hash that looks like md5 but I am positive it is not md5 since no md5 generator generates the correct password. Is there any way to identify the algorithm used if I have the password and hash?
It could be salted in some way.
If you have access to the source, that would be your best bet.
Where would the salts generally be located? I have access to his mysql server but in the members column there is only member id, email, password, and date registered. The guy who setup the mysql server is no longer around.
as unix-ninja suggested, use the source to find out how the hash is created.
Usually the source code that generates the hashes is in an php file and should have something like md5(md5($user).$mail)