Well, there have been a fuss around the globe regarding the user data.
And how well we had done to protect their interest on our side.
Online forum, portal.. and all sort of password-required to access.
Should really not put the password on the plaintext on MySQL table or even on the textfile.
Provided the administrator access is easily slipped.. one shouldn’t take the user password for easy viewing..
Here is some example of getting the simple “SHA1” into user table in place..
/* Store user details */
$passwordHash = sha1($_POST['password']);
$sql = 'INSERT INTO user (username,passwordHash) VALUES (?,?)';
$result = $db->query($sql, array($_POST['username'], $passwordHash));
or
$query = sprintf("INSERT INTO USER ( username,passwordHash) VALUES ('%s','%s' )",
mysql_real_escape_string($_POST['username']),
sha1(mysql_real_escape_string($_POST['password'] )) );
// Perform SQL Query
$result = mysql_query($query);
[ad#postad]
.. so it got something like this is user table ..
For login form..
$userid = mysql_escape_string($_REQUEST['login_id']);
$userpassword = sha1($_REQUEST['password']);
# here do whatever u need to auth.
# check for matching user id and password in local database
$processor = new DatabaseClassName();
$processor->login($userid,$userpassword);
and somewhere in the library or whatsoever..
DatabaseClassName {
function DatabaseClassName () {
session_start ();
}
function do_login ($user,$password) {
$sqlstatement = sprintf ( "SELECT count(*) AS UserCount FROM user_table ".
"WHERE username = '%s' AND ".
"pw='%s'",$user,$password);
$sqlq = mysql_query($sqlstatement,$db);
$users = mysql_fetch_array( $sqlq,MYSQL_ASSOC);
$result = $users['UserCount'];
if ( $users['UserCount'] == 1) {
$this->logged_in ($user);
};
return ($result == 1);
}
function logged_in ($user) {
$_SESSION['id'] = $user;
$_SESSION['ip'] = $_SERVER['REMOTE_ADDRESS'];
$_SESSION['timeout'] = time() + 10;
}
function logout () {
$_SESSION= array();
session_unset();
session_destroy ();
}
}
[ad#postad]
…Hmm..
For md5.. just need to changed “sha1” to “md5”..
$userpassword = sha1($_REQUEST['password']);
to
$userpassword = md5($_REQUEST['password']);
** update..
if want to use SHA-256
$userpassword = sha256($_REQUEST['password']);
but if using SHA-256 .. you might have to calculate the hash by yourself before adding it via phpMyAdmin interface..
as the function there only up to MD5 and SHA1.i think.
.. can also add some noise.. or salt.. and whatever craps to it.. to make it harder.. a bit.
it might be still be spoofed/ sniffed by ip address or browser and all..
but at least.. it should not leave the user password in plaintext format somewhere in server itself..
Further read up.. Web Auth[pdf].
p/s : just my two cents ..
Hello,
Nice article for anyone who need plan for wedding. I like it very much. Thank you for writing such type article. I will arrange a wedding ceremony very soon and this site helped me.
Thanks
I’m linking this webpage from my private blog . this has all the usefull information necessary.
____________________________________
amoxicillin capsules 500mg
home
Ridiculous article with LOADS of spelling errors. Author obviously copied more than half of the text from other websites.
It’s
This piece of writing will assist the internet visitors for
building up new web site or even a weblog from start to end.
Mу partnеr and I stumbled ovеr here frоm a different web pagе and thought I may as well check thіngѕ out.
I like what Ӏ ѕee so noω i am folloωing you.
Look forωard to going οveг your ωeb page yet
again.
It’s amazing designed for me to have a web site, which is beneficial designed for my knowledge. thanks admin
Neat blog! Is your theme custom made or did you download it from somewhere?
A design like yours with a few simple adjustements
would really make my blog shine. Please let me know where you
got your design. Many thanks
This paragraph is really a fastidious one it helps new
web users, who are wishing in favor of blogging.
Currently it seems like Expression Engine is the best blogging platform out there right now.
(from what I’ve read) Is that what you’re using on your blog?
http://ufc162freeonline.blogspot Watch UFC 162 live free
I like to share understanding that I’ve accrued with the calendar year to assist improve team overall performance.
Good blog post. I absolutely appreciate this website.
Stick with it!
Well I truly enjoyed studying it. This subject offered by you is very useful for proper planning.
Nice blog here! Additionally your site loads up fast! What host are
you the use of? Can I get your affiliate hyperlink for your host?
I wish my website loaded up as fast as yours lol.
Yes! Finally something about 2013 nfl season.
Do you mind if I quote a couple of your articles as long as I provide
credit and sources back to your blog? My blog site is in the very same area of
interest as yours and my users would really benefit from a lot of
the information you present here. Please let me know if
this okay with you. Regards!