0

so I created this login in form using HTML and PHP. I used md5 encryption to encrypt the password on the database. Now when a user tries to login the database is only accepting the encrypted password. What is the best course for this?

$user_name = $_POST['user_name'];
    $password = md5($_POST['password']);

    if(!empty($user_name) && !empty($password) && !is_numeric($user_name))
    {

        //save to database
        $user_id = random_num(20);
        $query = "insert into users (user_id,user_name,password) values ('$user_id','$user_name','$password')";

What is the best course of action to use here.

mahdimaster
  • 11
  • 2
  • 1
    a) MD5 is not an _encryption_. b) You are not supposed to use it for such purposes any more anyway. _"What is the best course of action to use here."_ - to go read up on some _current_ practices first of all, before we have to explain things like the aforementioned for the x-thousandths time again. – CBroe Sep 20 '21 at 12:17
  • 1
    CBroe is right. There is a standard way of doing this in PHP. See: [Password Hashing](https://www.php.net/manual/en/book.password.php). You can find extensive explanations on how to implement secure subscription and login pages with one easy search. The standard thing you will always hear is: _"Don't try to build it yourself if you don't know what you're doing."_. – KIKO Software Sep 20 '21 at 12:46
  • 2
    another thing: Don't ever use variables in an sql string like that. It's wide open to sql injection. use prepared statements. – Gert B. Sep 20 '21 at 13:17
  • https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – ADyson Sep 20 '21 at 16:45

0 Answers0