Hi all,
Why do we do password salting/hashing? Just because we need our admin or user panel be protected even if you break into the database you cant find it, even with md5 decoder it won’t work .
Now am going to do this with md5() function in php, when a user registers i mix up the username and password and convert it to md5 hash string, now view the code below
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>SIMPLE PASSWORD SALTING BY 2NETLODGE</title>
</head>
<body>
<?php
//your db connections
if(isset($_POST['username']))
{
$username = mysql_real_escape_string(trim($_POST['username']));
$pwd = mysql_real_escape_string(trim($_POST['pwd']));
if(!$username and !$pwd)
{
echo "Empty fields";
}
else
{
$username = md5($username);
$pwd = md5($pwd);
echo $username.$pwd;//you can write this echo into the db
}
}
?>
<form action="" method="post">
<input type="text" name="username" placeholder="Username" /><br/>
<input type="password" name="pwd" placeholder="Password" /><br/>
<input type="submit" value="Register" /></form>
</body>
</html>
Now when the user wants to log in just concatenate the username and the password as the password
<?php
$username = $_POST['username'];
$pwd = md5($_POST['username'].$_POST['pwd']);
//select sql where password='$pwd'
?>