I know all this. I used a switch because I normnally use a switch to do a password forgotten case and register.
Here is a quick secure class I wrote which you can use to secure your password:
<?php
class secure{
## GET A RANDOM SALT
function secure_random_salt(){
$randtext = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
$varlen = rand(5, 20);
$randtextlen = strlen($randtext);
$salt = '';
for($i = 0; $i < $varlen; $i++){
$salt .= substr($randtext,rand(1,$randtextlen),1);
}
return $salt;
}
## ENCODES PASSWORD
function secure_encode_password($password, $salt = ''){
if($salt == ''){
$salt = $this->secure_random_salt();
}
return md5($password.$salt).':'.$salt;
}
## CHECK PASSWORDS MATCHES
function secure_check_password($password, $db_password){
$explode = explode(':', $db_password);
if(isset($explode[1])){
if($this->secure_encode_password($password, $explode[1]) == $db_password){
return true;
}else{
return false;
}
}else{
return false;
}
}
}
$secure = new secure;
?>
Simply including the class file and do this to create your password string.
// There is more to this class but I have cut it down. You could create a new function which will secure the posted values like the guys mention above.
$insert_password = $secure->secure_encode_password($password); // Password to insert into the db.
// And to check if the password is the same when they post it:
// $db_password is the actual password from the database.
// $password is the password posted from the login form.
if($secure->secure_check_password($password, $db_password)){
// Log the user in. $_SESSION etc..
}