Here is the login system to which the secure login is to be implemented/ Show
Checklogin.php
login_success.php
logout.php
the problem is that I want to make this secure login by password encryption or any other method (if any). I am beginner to PHP asked Aug 28, 2010 at 9:18
SurajSuraj 9325 gold badges24 silver badges43 bronze badges 2 You can encrypt the password to a degree with md5. You would need to md5 the password from when the user signs up and before the login md5.... Example: You would also need to use this whenever you have a user sign up. answered Aug 28, 2010 at 9:35
1 As a beginner, most likely you do not need any encryption. Especially because it would be Javascript, not PHP.
There are a lot of Javascript MD5 hashing algorithm implementations over internet. Of course, an SSL certificate would be preferred over this homemade implementation. But to get proper answer, you still need to clarify what exactly you want to encrypt and why. And why don't you concerned about securing something else. Your whole database for example. Some notes for a while.
because there is no $myusername
variable to compare. answered Aug 28, 2010 at 9:33
Your Common SenseYour Common Sense 156k39 gold badges208 silver badges331 bronze badges 3 To make this a little more secure, you should store encrypted passwords in your database and then compare the encrypted entered password with the stored hash. This way if someone somehow accesses the members table, they cannot see the actual passwords. Suppose the password is For more secure approach, use SSL. answered Aug 28, 2010 at 9:24
Hamid NazariHamid Nazari 3,7912 gold badges27 silver badges30 bronze badges 1 You can use md5($password) or sha1($password) while inserting the signup data to table. to match again for login login $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='".md5($mypassword)."'"; $result=mysql_query($sql); There is some other way too, to protect further. Using combination of sha1 and salt. By the way why dont you use some quick php framework coz these small things are already built with them. Thanks answered Aug 28, 2010 at 9:28
Pramendra GuptaPramendra Gupta 14.4k4 gold badges32 silver badges34 bronze badges 1 Normally you would store a hash of the passwords in the database see md5 however this doesn't make it secure between the webpage and server - for this you need to use https. There are two things here. 1. If I'm a dumb user and when I sign up for your site I have to give a password I might give the same password as I used elsewhere so your site should really store a hash of the password instead of the real thing so if they get hacked the attackers won't get my password that I used everywhere. To do this you store the hash in your members table and in the query that checks it is valid you pass a hash instead of the real thing. 2. Under http the password will get sent from the browser to the server in plain text. If this is over the internet and an attacker has access to any networks in between the browser and client then they can see the password - if you hash it in the browser using javascript the attacker can pick up the hash and possibly use this to login to your site. That is why we have https. For a low cost (especially compared to development costs) you can buy a certificate that will secure the connection. If you don't want to do this you can self sign a certificate and use this. If your hosting does not allow you to use a certificate then it might be possible to create a home brew solution but it is much better to just find other hosting. answered Aug 28, 2010 at 9:24
Adam ButlerAdam Butler 3,0134 gold badges34 silver badges39 bronze badges 3 md5 would be the best in this case. Run the Input Details such as Password through the MD5 function and insert into your database. Its nearly unreverseable so the only way to use it is to use MD5 on login also and compair the md5 password from login with the version stored in the database. answered Sep 24, 2014 at 8:31
How do you carry out password encryption in PHP?The process looks like so:. Generate a data encryption key (DEK). Encrypt the data using secret key encryption.. Send the unique encryption key (DEK) to Cloud KMS for encryption, which returns the KEK.. Store the encrypted data and encrypted key (KEK) side-by-side.. Destroy the generated key (DEK). Which command do you use to encrypt a password in PHP?PHP encompasses a hash algorithm to encrypt the password. For the most part it is used in functions for password encrypting are crypt(), password_hash() and md5().
How do I encrypt my username and password?If you send the encryption key from the server to the client or the other way around you need to encrypt your symmetric encryption key. The easiest way to do this would be to use TLS. If you use TLS, then the data as well as key are encrypted, so you don't need to encrypt it yourself.
How can I secure my login page in PHP?Getting Started. There are a few steps we need to take before we create our secure login system. ... . Creating the Login Form Design. ... . Creating the Database and setting-up Tables. ... . Authenticating Users with PHP. ... . Creating the Home Page. ... . Creating the Profile Page. ... . Creating the Logout Script.. |