Jump to content


Photo

md4


  • Please log in to reply
5 replies to this topic

#1 mbvo

mbvo
  • Members
  • PipPip
  • Member
  • 13 posts

Posted 04 September 2006 - 08:31 PM

I'm working on writing a forum and would like to store the passwords as hashes.  is there some function built into php to do so?  or is there a php file i could download containing that function?

#2 extrovertive

extrovertive
  • Members
  • PipPipPip
  • Advanced Member
  • 235 posts

Posted 04 September 2006 - 08:37 PM

MD5 or SHA1 would work.

You can try this http://www.openwall.com/phpass/

#3 mbvo

mbvo
  • Members
  • PipPip
  • Member
  • 13 posts

Posted 04 September 2006 - 09:14 PM

I don't get this, I downloaded phpass-0.0 and extracted to my htdocs, and ever time i refresh test.php it gives me something differant.  are these the password hashes that would be saved to the database? and if so why do they keep changing and how do i compare 2 hashes that rn't identical?

#4 radar

radar
  • Members
  • PipPipPip
  • Advanced Member
  • 645 posts
  • LocationSLC

Posted 04 September 2006 - 09:28 PM

Personally I would use MD5 -- its the most secure that ive found.. 

So when they register you run this..

$pw = md5($_POST['password']);

then when they log in you do this...
<?php
$pw = md5($_POST['password']);
$un = $_POST['username'];
$query = mysql_query("SELECT * FROM users WHERE username LIKE BINARY '$un' AND password = '$pw'");
$query = mysql_fetch_assoc($query);
if (sizeof($query) == "" || sizeof($query) == "0") {
// invalid user
} else {
// valid user
}
?>

Thats a quick type job and might contain some errors though for the most part should work.. 

note: using LIKE BINARY in your query will make it so the username is case sensitive..  its the same I way I do mine.

#5 mbvo

mbvo
  • Members
  • PipPip
  • Member
  • 13 posts

Posted 04 September 2006 - 09:35 PM

isn't the correct syntax:

"SELECT * FROM users WHERE username LIKE BINARY '" . $un . "' AND password = '" . $pw . "'"

not:

"SELECT * FROM users WHERE username LIKE BINARY '$un' AND password = '$pw'"

or will both work?

#6 radar

radar
  • Members
  • PipPipPip
  • Advanced Member
  • 645 posts
  • LocationSLC

Posted 04 September 2006 - 09:39 PM

Both will work...  now if you did it like this..

'SELECT * FROM users WHERE username LIKE BINARY '$un' AND password = $pw'

it would not...  if you are going to submit strings in your query you have to use " at the beginning and end and escape the string by using ' around it...  Thats the way I've always done it though sometimes I'll do it like the way you've shown -- well almost..




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users