Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Trying to wrap my head around PHP password salt/encryption
- $res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'");
- $num = mysql_num_rows($res);
- //check if there was not a match
- if($num == 0){
- //if not display error message
- echo "<center>The <b>Password</b> you supplied does not match the one for that username!</center>";
- $username = mysql_real_escape_string($_POST['username']);
- $password = mysql_real_escape_string($_POST['pass']);
- $pass_hash = md5($SALT.$password);
- mysql_query(*query to insert $username and $pass_hash into db*)
- $username = mysql_real_escape_string($_POST['username']);
- $password = mysql_real_escape_string($_POST['pass']);
- $res = mysql_query(*query to extract $pass_hash from db where username==$username)
- //get the password from the $res and put it in a var
- if(md5($SALT.$pass_hash_from_db) == $password){*correct pass*} else {*invalid login*}
- // you save this in the database
- $encPass = encFunction( $password.$salt );
Add Comment
Please, Sign In to add comment