Using Salt To Encrypt Password PHP

Question

Here is my code,

    <?php 


    function($string){
    $salt = "@x5v";
    $hash = sha1(md5($salt.$string)).md5($string).sha1(md5($string));
    return $hash;
    }   
    ?>
    <?php

    print "<center>";
    if(isset($_POST['username'])){
    echo 'Variable is set and I can use it!';
   }
   $Username = $_POST["username"]; 
   $Password = md5($_POST["password.$hash"]);
   $Email  = $_POST["email"];


?>

I think it's this line causing the problem:

$Password = md5($_POST["password.$hash"]);

What would be the correct syntax to pass the users password into the database, encrypted with the string I defined above?

2

I hope salt is not a constant. – Leri Nov 19 '12 at 09:08

score 2 · Accepted Answer · answered Nov 19 '12 at 10:04

I think it's this line causing the problem:

$Password = md5($_POST["password.$hash"]);

What you are doing here is incorrect. It should be:

$Password = md5($_POST["password"] . $hash);

What you were doing is actually indexing in to $_POST with a key that would have ended up something like 'password.fdg858fug83u5g5'.

score 0 · Answer 2 · edited May 23 '17 at 11:43

0

I recommend this library instead of rolling your own solution:

http://www.openwall.com/phpass/

Here's an article that explains how to use it:

http://sunnyis.me/blog/secure-passwords/

You should read this StackOverflow answer too:

https://stackoverflow.com/a/6337021/943102

edited May 23 '17 at 11:43

Community

1
1

answered Nov 19 '12 at 09:06

Botond Balázs

2,512
1
24
34

Using Salt To Encrypt Password PHP

2 Answers2