Hi i just started learning codeigniter, through tutorials on youtube. I've learned a different hashing method with each tutorial, and I wonder which of the methods are better and safer. I have read people's different opinions about md5(), that it's safe by proper use, and that it's not safe because it's very fast. So should I only use the hashing method from exaple 1? Or are there even better easy methods to hash the password? I'm a dummy so please expand your answer as much as posible.
Exaple 1 using:
$options = ['cost' => 12];
$encripted_pass = password_hash($this->input->post('password'), PASSWORD_BCRYPT, $options);
public function create_user(){
$options = ['cost' => 12];
$encripted_pass = password_hash($this->input->post('password'), PASSWORD_BCRYPT, $options);
$data = array(
'first_name' => $this->input->post('first_name'),
'last_name' => $this->input->post('last_name'),
'email' => $this->input->post('email'),
'username' => $this->input->post('username'),
'password' => $encripted_pass
);
$inser_data = $this->db->insert('users', $data);
return $inser_data;
}
public function login_user($username, $password){
$this->db->where('username', $username);
$result = $this->db->get('users');
$db_password = $result->row(6)->password;
if(password_verify($password, $db_password)){
return $result->row(0)->id;
}else{
return false;
}
}
Or:
Example 2 using md5() function in:
Function register() -> $enc_password = md5($this->input->post('password'));*
and
Function login() -> $password = md5($this->input->post('password'));
// Register user
public function register(){
$data['title'] = 'Sign Up';
$this->form_validation->set_rules('name', 'Name', 'required');
$this->form_validation->set_rules('username', 'Username', 'required|callback_check_username_exists');
$this->form_validation->set_rules('email', 'Email', 'required|callback_check_email_exists');
$this->form_validation->set_rules('password', 'Password', 'required');
$this->form_validation->set_rules('password2', 'Confirm Password', 'matches[password]');
if($this->form_validation->run() === FALSE){
$this->load->view('templates/header');
$this->load->view('users/register', $data);
$this->load->view('templates/footer');
} else {
// Encrypt password
$enc_password = md5($this->input->post('password'));
$this->user_model->register($enc_password);
// Set message
$this->session->set_flashdata('user_registered', 'You are now registered and can log in');
redirect('posts');
}
}
// Log in user
public function login(){
$data['title'] = 'Sign In';
$this->form_validation->set_rules('username', 'Username', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
if($this->form_validation->run() === FALSE){
$this->load->view('templates/header');
$this->load->view('users/login', $data);
$this->load->view('templates/footer');
} else {
// Get username
$username = $this->input->post('username');
// Get and encrypt the password
$password = md5($this->input->post('password'));
// Login user
$user_id = $this->user_model->login($username, $password);
if($user_id){
// Create session
$user_data = array(
'user_id' => $user_id,
'username' => $username,
'logged_in' => true
);
$this->session->set_userdata($user_data);
// Set message
$this->session->set_flashdata('user_loggedin', 'You are now logged in');
redirect('posts');
}else{
// Set message
$this->session->set_flashdata('login_failed', 'Login is invalid');
redirect('users/login');
}
}
}
