Thursday, 13 July 2017

php - how to encrypt passwords so that it cannot be easily cracked?




I have used md5() for this purpose




// username and password sent from form 

$username=$_POST['myusername'];
$password=$_POST['mypassword'];
$encrypted_password=md5($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$encrypted_password'";
$result=mysql_query($sql);



But I heard that it is not safe.
I'm a beginner so please suggest me a good password encryting method? also if post data was intercepted would it be visible as plaintext?


Answer




I'm a beginner so please suggest me a good password encryting method




Make use of crypt() instead of md5()




$hashed_password = crypt('mypassword'); // let the salt be automatically generated
if (crypt($user_input, $hashed_password) == $hashed_password) {
echo "Password verified!";
}
?>


Some examples from the PHP Manual





also if post data was intercepted would it be visible as plaintext ?




Ofcourse! If you are really concerned about that, Get an SSL Certificate configured on your domain.


No comments:

Post a Comment

casting - Why wasn't Tobey Maguire in The Amazing Spider-Man? - Movies & TV

In the Spider-Man franchise, Tobey Maguire is an outstanding performer as a Spider-Man and also reprised his role in the sequels Spider-Man...