View Full Version : How to add security and sessions to login page

02-22-2007, 07:29 AM

Iam new to PHP,please help me how to give security and sessions in login page.If possible give one example.

02-22-2007, 03:11 PM
http://www.php.net/md5 for the password
http://www.php.net/mysql_escape_string to prevent sql injection

there's examples on each of them pages

02-22-2007, 03:40 PM
What about using sha1() for the password? Benefits/cons to that?

02-22-2007, 03:54 PM
sha1's been known to be th successor of md5, but I don't know the pros or cons of them really. I know that md5 can be easily 'broken' as you can look online for the decrypters and stuff. I think sha2 is meant to be the best, but I don't really know anything about hashes

02-22-2007, 03:57 PM
It's better to use SHA1 than MD5 as SHA1 has a higher encryption strength.

When storing passwords, use a salt with the password. For instance, you'd return the encoded version like this:

$salt = uniqid();
$password = sha1($actual_password . $salt);

It prevents some minor things (such as when people have the same password, the hash will show up different).

02-22-2007, 03:59 PM
From what I hear, sha1() is more secure. I know for sure that it's hash is longer (40 characters), so that's got to be a benefit. I recently changed my passwords to sha1(). And I'm not sure I've heard of sha2()...are you talking about sha256()?

02-22-2007, 04:13 PM
Yeah sorry, I meant to put sha2**, meaning sha224 and sha256