Hi, I Need some help for my registration i don’t know how to put security on password or username, how can i store password in database that the password will be encoded that cannot be read by human or something like they call hash?can you help me please how can i do this hashing my password.or aside from hashing what are the security to do.
Use proper PDO sanitize technique to avoid sql injection
Always use password salting on top of your encryption (such as md5)
Always try to use a dynamic salt, not a static one that is shared across all accounts
Hi cpradio, I am having problem on this after i successfully registered,I have no idea how can i verify the password when i am going to log-in.can you help me please
No, I mean, your original post contained the salts you were using thus making your hash useless (if a search engine picked it up). So I strongly recommend changing it.
Although, I also recommend using a more dynamic salt, something like so would be simple, if you opt to use any of the other fields I listed, that will make the login a bit more complex :):
$salt1 = "this is a static salt of my own";
$salt2 = strtolower($username);
hash('sha256', $salt1.$password.$salt2)
This way each user’s hash will be different because of the second salt. If you have other static pieces of information stored in your reg table, you may want to consider using those too (date of birth, email address, date registered). Just keep in mind, if the user wishes to change any of those fields used in your salt, then you will need to force them to re-enter their password (so you can generate the new salt) or to reset their password.