Storing cleartext password in database is the worst idea, instead, you should store the hash of the password and use a salt for even best results.
<?php /*$password contains the password*/ $salt = 'SHIFTLEFT'; $passwordHash = md5($salt.md5($password.$salt)); /* insert the $passwordHash to database */ ?>
And to check whether user input the correct password, hash the provided password using the same technique, and compare them.
<?php $userPass = $_POST['password']; $salt = 'SHIFTLEFT'; $passwordHash = md5($salt.md5($userPass).$salt); /*compare $passwordHash with password stored in database*/ ?>
Hope it helps.
0 comments:
Post a Comment