I am doing, a webpage that the users will introduce their credit cards and also they could get virtual money.
But i was thinking if the next type of login will be secure. For everything SQL INJECTION. And hack.
- It will be encrypted with SSL
- Paswoord md5.
- Mail will be validate with js
Login Proces Which its better?:
First one:
– SELECT * FROM users WHERE pass=’$pass’
– and the users selected i compare it with the users or mail from the username.
Second one:
– SELECT * FROM users WHERE user=’$user’
– Pass selected compare it with the pass from user
Thrird one:
– Hash md5 both user and password and compare it directly in the DB. But I need to save the username encrypted and normal
Thanks 🙂
“Thrird one: – Hash md5 both user and password and compare it directly in the DB. But I need to save the username encrypted and normal”
This one seems ok. You don’t necessarily need to save the username in both formats. In the DB use MD5 encryption which is one way. In the application (PHP), encrypt the username using some 2 way encryption and save this in the session. When you need to get your user information, simply decrypt the encrypted username in php, send the query to the database encrypting the plain text username with md5 again.
N.B. I dont know how secure you need your site, but I believe MD5 was cracked already.. dont know for sure.