I have the following table in my database called db_pass:
id | pass
=================
1 | dalmation123
I understand that I cannot store any password in plain text format in my database, how do I go about setting up a hash? This is the code I am using below. I would appreciate some help on how to change my table db_pass as well.
if(isset($_POST['pmsubmit']))
{
LoginSubmit('pm', 'pmname', 'pmpass');
}
if(isset($_POST['tssubmit']))
{
LoginSubmit('ts', 'dept', 'tspass');
}
function LoginSubmit($pm_or_ts, $the_name_input, $the_pass_input)
{
global $pdo;
$posted_name = $_POST[$the_name_input];
$posted_pass = $_POST[$the_pass_input];
// check if password matches the one in the table
$query = $pdo->prepare("SELECT * FROM db_pass WHERE pass = :pass");
$query->execute(array(":pass" => $posted_pass));
// if there is a match then we log in the user
if ($query->rowCount() > 0)
{
// session stuff
$_SESSION[$the_name] = $posted_name;
// refresh page
header( 'Location: ' . $pm_or_ts . '/index.php' ) ;
exit;
}
// if there is no match then we present the user with an error
else
{
echo "error";
exit;
}
}
Don’t ask me which algorithm
cryptactually uses. The manual entry is totally nonsensical – apparently just checking the value of a constant changes the algorithm used bycrypt()which is ridiculous ….And it’s alright people saying bcrypt. But bcrypt isn’t a core PHP function. If they mean write your own, then it’s a stupid idea – because your implementation would undoubtedly have flaws. If they mean a library they need to point one out – PHPass is commonly recommended, but I have no knowledge to recommend it myself.
It’s hardly surprising most people still use
sha1is it?