trg86 Posted October 29, 2012 Share Posted October 29, 2012 (edited) Good afternoon all, I am currently using md5 on my password field for my login processor, but I know I can secure this better. I was given advice the other day to use a hash, but I am not quite sure how to do it. Here is a relevant snippet from my code, I am open to all suggestions! Thanks! // //User Login // session_start(); $username = $_POST['username']; //Username $password = md5($_POST['password']); //Password $query = "SELECT * FROM users WHERE username='" . mysql_real_escape_string($username) . "' AND password='$password'"; $result = mysql_query($query); if (mysql_num_rows($result) != 1) { $error = "Invalid login, Please check your credentials and try again"; include "login.html"; } else { $_SESSION['username'] = $username; include "main_interface.php"; } ?> Edited October 29, 2012 by trg86 Quote Link to comment https://forums.phpfreaks.com/topic/270041-securing-my-password-field-better/ Share on other sites More sharing options...
jcbones Posted October 29, 2012 Share Posted October 29, 2012 I wouldn't use md5 as it is easily broken through look up tables. I think todays standards are sha1 or better, some even going to crypt. Whatever you decide, use a salt. Very important. Quote Link to comment https://forums.phpfreaks.com/topic/270041-securing-my-password-field-better/#findComment-1388532 Share on other sites More sharing options...
trg86 Posted October 29, 2012 Author Share Posted October 29, 2012 I wouldn't use md5 as it is easily broken through look up tables. I think todays standards are sha1 or better, some even going to crypt. Whatever you decide, use a salt. Very important. Yeah, I was actually just doing some research on this, it looks like a Sha1/Salt setup is the way to go. Quote Link to comment https://forums.phpfreaks.com/topic/270041-securing-my-password-field-better/#findComment-1388535 Share on other sites More sharing options...
Christian F. Posted October 29, 2012 Share Posted October 29, 2012 For this you really should read this article on secure login systems, as it'll tell you everything you need to know. Quote Link to comment https://forums.phpfreaks.com/topic/270041-securing-my-password-field-better/#findComment-1388538 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.