Jump to content

Recommended Posts

So I'm assuming this is a very basic question. I've made... and by "made", I mean downloaded the code offered free by someone else and am using it... a login page. It all works since the person who offered it actually knew what they were doing. The problem is that I do not know what I'm doing.

 

It's a great code for my needs. The only alteration I need to make yet that I couldn't figure out is that when the user registers, it takes a username, e-mail, etc and automatically creates them a random password. I want the user to be able to set their own password. Ideally, I want it to be like what is below, but I'm not sure if it will work the same... except using my desired password value instead of the random one like the current code -

 

$password = "blahblahblah" (this value will pull from a form though)

$db_password = md5($password);

 

 

 

Below is the current code -

 

function makeRandomPassword() {
  $salt = "abchefghjkmnpqrstuvwxyz0123456789";
  srand((double)microtime()*1000000);
      $i = 0;
      while ($i <= 7) {
            $num = rand() % 33;
            $tmp = substr($salt, $num, 1);
            $pass = $pass . $tmp;
            $i++;
      }
      return $pass;
}

$random_password = makeRandomPassword();

$db_password = md5($random_password);

 

Link to comment
https://forums.phpfreaks.com/topic/277380-really-basic-question/
Share on other sites

create another input on your form called 'password' then use $_POST to grab it in your script

 

<input type="password" name"password">

 

 

so when you hit submit:

$pass = $_POST['password'];

 

then you can:

$db_password = $pass;

 

Im pretty new to this so theres probably something missing there but that should work :)

Edited by Phear46

The only thing I'm worried about is the current code uses MD5 to regsiter the user/password and for the login page to verify the user/password.

 

Your code snippet doesn't have the MD5 part. I'm worried when the login portion goes to read it, that it will fail because the code to save it doesn't use MD5 but when it checks for login it does use MD5. The site doesn't need to be super secure. If someone wants to watch a few crappy videos and are willing to break the script, have at it. But I'd rather not have just plain text all together.

 

One other concern of my code above is it uses a $salt parameter for the MD5 and I'd assume my new code would need the salt as well?

 

Sorry to sound nick-picky and I really do appreciate the quick reply!

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.