1

As of now I have this line of code

<?php $pass = "12312312"; echo md5(crypt($pass)) ?>

I know crypt can randomly generate salt but I don't have any idea how can I compare it on the user input.

What are the fields do I need for my log in table? and also, what data will I insert to my table?

thanks!

Improve this question
4
  • 1
    md5 is broken, so you should use something else. try bcrypt. Commented May 24, 2012 at 5:00
  • thanks!! but what fields do I need? hmm can I insert both the password with salt in 1 field? or I need to have a salt field ? Commented May 24, 2012 at 5:03
  • You will need to store the salt in it's own field. Commented May 24, 2012 at 5:04
  • this is my table structure tblogin user_id username password salt is this correct? Commented May 24, 2012 at 5:08

1 Answer 1

Reset to default
5

You can store password in table as below

$pass = "12312312"; // store this in table with separate column $salt = md5("any variable"); // may be email or username // generate password $password = sha1($salt.$pass); // now store salt and password in table

And you can check password like

$pass = "User input"; // get the user from database based on user id or username // and test the password stored in db with if($passwordFromTable == sha1($saltFromTable.$pass)) { // correct }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.