02-22-2007, 06:29 AM
Iam new to PHP,please help me how to give security and sessions in login page.If possible give one example.
02-22-2007, 02:11 PM
http://www.php.net/md5 for the password
http://www.php.net/mysql_escape_string to prevent sql injection
there's examples on each of them pages
02-22-2007, 02:40 PM
What about using sha1() for the password? Benefits/cons to that?
02-22-2007, 02:54 PM
sha1's been known to be th successor of md5, but I don't know the pros or cons of them really. I know that md5 can be easily 'broken' as you can look online for the decrypters and stuff. I think sha2 is meant to be the best, but I don't really know anything about hashes
02-22-2007, 02:57 PM
It's better to use SHA1 than MD5 as SHA1 has a higher encryption strength.
When storing passwords, use a salt with the password. For instance, you'd return the encoded version like this:
$salt = uniqid();
$password = sha1($actual_password . $salt);
It prevents some minor things (such as when people have the same password, the hash will show up different).
02-22-2007, 02:59 PM
From what I hear, sha1() is more secure. I know for sure that it's hash is longer (40 characters), so that's got to be a benefit. I recently changed my passwords to sha1(). And I'm not sure I've heard of sha2()...are you talking about sha256()?
02-22-2007, 03:13 PM
Yeah sorry, I meant to put sha2**, meaning sha224 and sha256