Wednesday, September 22, 2010

Encrypting Password Using md5() Function

This turorial will teach you that how to make your login system more secure. We will use md5(); function for this.


Syntax
{code type=codetype}

$pwd="123456";

md5($pwd);
{/code}

Use md5(); to encrypts password to make it more secure


Overview


Look at these two databases, it's the same person and same info, the first one we don't encrypt his password but the second one we encrypted his password


when you encryte "john856" using this code, you'll see this result
"ad65d5054042fda44ba3fdc97cee80c6" This is not a random result, everytime you encrypt the same password you will get the same result.

{code type=codetype}
$pwd="john856";
$encrypt_pwd=md5($pwd);


echo $encrypt_pwd;


{/code}

Example - Login


This is an example Login with encrypted password but don't forget to encrypt password and insert into database in sign up process.

// username and password sent from form
{code type=codetype}
$tpuser=$_POST['user'];
$tppass=$_POST['pass'];

// encrypt password
$encrypted_pwd=md5($tppass);


$sql="SELECT * FROM $tbl_name WHERE username='$tpuser' and password='$encrypted_pwd'";
$result=mysql_query($sql);

{/code}

5 comments:

  1. Thats really great and amazing, it really worked.

    ReplyDelete
  2. This is a great starting to secure passwords I would recommend anyone using this take a look at salting passwords. Basically is someone uses the password "ilovecats" we can get the md5 for that by using md5("ilovecats")

    By using a salt we would do:
    $password = "ilovecats";
    $salt = "aB1cD2eF3G";
    $encrypt_pwd = md5($salt.$password);


    This just makes the password a little more random and secure when stored in the DB you can call it back the same way making sure the md5 of salt plus password is equal to what the user typed in.

    Hope that is helpful.

    Source: http://pbeblog.wordpress.com/2008/02/12/secure-hashes-in-php-using-salt/

    ReplyDelete
  3. It is a must to save encrypted password on database, if not, the Administrator can easily read the client password..

    ReplyDelete
  4. Thanks for good stuff

    ReplyDelete