I have used md5() for this purpose
// username and password sent from form
$username=$_POST['myusername'];
$password=$_POST['mypassword'];
$encrypted_password=md5($password);
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$encrypted_password'";
$result=mysql_query($sql);
But I heard that it is not safe.
I'm a beginner so please suggest me a good password encryting method? also if post data was intercepted would it be visible as plaintext?
Answer
I'm a beginner so please suggest me a good password encryting method
Make use of crypt() instead of md5()
$hashed_password = crypt('mypassword'); // let the salt be automatically generated
if (crypt($user_input, $hashed_password) == $hashed_password) {
echo "Password verified!";
}
?>
Some examples from the PHP Manual
also if post data was intercepted would it be visible as plaintext ?
Ofcourse! If you are really concerned about that, Get an SSL Certificate configured on your domain.
No comments:
Post a Comment