mbvo Posted September 4, 2006 Share Posted September 4, 2006 I'm working on writing a forum and would like to store the passwords as hashes. is there some function built into php to do so? or is there a php file i could download containing that function? Quote Link to comment Share on other sites More sharing options...
extrovertive Posted September 4, 2006 Share Posted September 4, 2006 MD5 or SHA1 would work.You can try this http://www.openwall.com/phpass/ Quote Link to comment Share on other sites More sharing options...
mbvo Posted September 4, 2006 Author Share Posted September 4, 2006 I don't get this, I downloaded phpass-0.0 and extracted to my htdocs, and ever time i refresh test.php it gives me something differant. are these the password hashes that would be saved to the database? and if so why do they keep changing and how do i compare 2 hashes that rn't identical? Quote Link to comment Share on other sites More sharing options...
radar Posted September 4, 2006 Share Posted September 4, 2006 Personally I would use MD5 -- its the most secure that ive found.. So when they register you run this..$pw = md5($_POST['password']);then when they log in you do this...[code]<?php$pw = md5($_POST['password']);$un = $_POST['username'];$query = mysql_query("SELECT * FROM users WHERE username LIKE BINARY '$un' AND password = '$pw'");$query = mysql_fetch_assoc($query);if (sizeof($query) == "" || sizeof($query) == "0") {// invalid user} else {// valid user}?>[/code]Thats a quick type job and might contain some errors though for the most part should work.. note: using LIKE BINARY in your query will make it so the username is case sensitive.. its the same I way I do mine. Quote Link to comment Share on other sites More sharing options...
mbvo Posted September 4, 2006 Author Share Posted September 4, 2006 isn't the correct syntax:"SELECT * FROM users WHERE username LIKE BINARY '" . $un . "' AND password = '" . $pw . "'"not:"SELECT * FROM users WHERE username LIKE BINARY '$un' AND password = '$pw'"or will both work? Quote Link to comment Share on other sites More sharing options...
radar Posted September 4, 2006 Share Posted September 4, 2006 Both will work... now if you did it like this..'SELECT * FROM users WHERE username LIKE BINARY '$un' AND password = $pw'it would not... if you are going to submit strings in your query you have to use " at the beginning and end and escape the string by using ' around it... Thats the way I've always done it though sometimes I'll do it like the way you've shown -- well almost.. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.