James John – Software Engineer

PASSWORD SALTING USING PHP

PASSWORD SALTING USING PHP

Hi all,

Why do we do password salting/hashing? Just because we need our admin or user panel be protected even if you break into the database you cant find it, even with md5 decoder it won’t work  ;D :P.

Now am going to do this with md5() function in php, when a user registers i mix up the username and password and convert it to md5 hash string, now view the code below

  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3. <head>
  4. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  5. <title>SIMPLE PASSWORD SALTING BY 2NETLODGE</title>
  6. </head>
  7. <body>
  8. <?php
  9. //your db connections
  10. if(isset($_POST['username']))
  11. {
  12. $username = mysql_real_escape_string(trim($_POST['username']));
  13. $pwd = mysql_real_escape_string(trim($_POST['pwd']));
  14. if(!$username and !$pwd)
  15. {
  16. echo "Empty fields";
  17. }
  18. else
  19. {
  20. $username = md5($username);
  21. $pwd = md5($pwd);
  22. echo $username.$pwd;//you can write this echo into the db
  23. }
  24. }
  25. ?>
  26. <form action="" method="post">
  27. <input type="text" name="username" placeholder="Username" /><br/>
  28. <input type="password" name="pwd" placeholder="Password" /><br/>
  29. <input type="submit" value="Register" /></form>
  30. </body>
  31. </html>

Now when the user wants to log in just concatenate the username and the password as the password

  1. <?php
  2. $username = $_POST['username'];
  3. $pwd = md5($_POST['username'].$_POST['pwd']);
  4. //select sql where password='$pwd'
  5. ?>

James John

Software Engineer