Adding new user/admin record in more secure way

Question

I'm a learner and creating my first website. after adding a login and add new user forms to my website, i came to know that I must not save my passwords in DB as plaintext. I did some search and find out about md5(), salt, encryption etc etc. Most of my finding were from this same site but there were more long long codes, which I couldn't understand clearly. In short I want to know what modifications i must do to my code (given below)?

Adding new user/Admin form:

<form action="add_user.php" method="post">
<label for="new_username">New User Name : </label><input type="text" name="username" placeholder = "New User Name"><br>
<label for="new_password">New Password :</label><input type="password" name="password" placeholder = "New Password"><br>
<label for="confirm_password"> Confirm Password :</label><input type="password" name="againpassword" placeholder = "Enter Password Again"><br>
<p id="btn">
<input type="submit" value="Save" name="Submit-Event" style="font-size:16px"><input type="reset" value="Reset" style="font-size:16px"><br>
</form>

php file: add_user.php

<?php
$server="localhost";
$user="root";
$password="";
$database="camouflage_studio";

$con = mysqli_connect($server,$user,$password,$database);
if (mysqli_connect_errno())
  {
  echo "Connection Error: " . mysqli_connect_error();
  }

//check if password matches
$firstpassword = $_POST['password'];
$secondpassword = $_POST['againpassword'];
$username = $_POST['username'];

if(($firstpassword == $secondpassword) and $firstpassword !== '' and $username !== '')
{
    // prepare and bind
    $stmt = $con->prepare("insert into users (username, password) VALUES (?, ?)");
    $stmt->bind_param("ss", $_POST['username'], $_POST['password']);
    if(mysqli_stmt_execute($stmt))
    {
    echo '<script language="javascript" type="text/javascript"> 
                    alert("User Added succesfully");
                    window.location = "admin.php";
            </script>';
    }
    else
    echo "Prepare Error: ",$con->error;     //remove $con->error before making ONLINE THE CODE.
} 
else    
{       echo '<script language="javascript" type="text/javascript"> 
                    alert("Incorrect Credentials!");
                    window.location = "add_user.html";
            </script>';

    }
$stmt->close();
$con->close();

?>

`$firstpassword = mysql_real_escape_string($_POST['password']); $secondpassword = mysql_real_escape_string($_POST['againpassword']); $username = mysql_real_escape_string($_POST['username']);` — Ramesh S, Jul 24 '17 at 11:29
but how brother? where is the place/button etc from where i can accept? — Muhammad Aatif, Jul 24 '17 at 11:41
I am looking at your profile as well as mine, but I can't find the place/button etc from where we can start chat, accept invitations etc etc. — Muhammad Aatif, Jul 24 '17 at 11:43

Adding new user/admin record in more secure way

0 Answers0