Hi all,
Why do we do password salting/hashing? Just because we need our admin or user panel be protected even if you hacked into the database you cant find it, even with md5 decoder it won't work
.Now am going to do this with md5() function in php, when a user registers i mix up the username and password and convert it to md5 hash string, now view the code below
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>SIMPLE PASSWORD SALTING BY 2NETLODGE</title></head><body><?php//your db connectionsif(isset($_POST['username'])){$username = mysql_real_escape_string(trim($_POST['username']));$pwd = mysql_real_escape_string(trim($_POST['pwd']));if(!$username and !$pwd){echo "Empty fields";}else{$username = md5($username);$pwd = md5($pwd);echo $username.$pwd;//you can write this echo into the db}}?><form action="" method="post"><input type="text" name="username" placeholder="Username" /><br/><input type="password" name="pwd" placeholder="Password" /><br/><input type="submit" value="Register" /></form></body></html>
Now when the user wants to log in just concatenate the username and the password as the password
<?php$username = $_POST['username'];$pwd = md5($_POST['username'].$_POST['pwd']);//select sql where password='$pwd'?>
No comments:
Post a Comment