Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is it alright to post the isset password like this?
I think it should be if(isset($_POST['username']) && isset(md5($_POST['password']))) – since it posts it encrypted, but if I wrap md5 around the password w/i the conditional, it does not work properly.
if(isset($_POST['username']) && isset($_POST['password'])) {
//run authentication
} else {
//show form
}
Brad, yes it’s ok. There is really no benefit to posting the password hashed (not encrypted). First, you have to use javascript to do that, and it’s easily circumvented. Hashing of the submitted password should be done server side to compare with the stored hashed value.
Edit:
Plus, run the following and see what you get:
Thus, md5 always returns a value.
On top of that try running the following:
You’ll see the following:
Fatal error: Can't use function return value in write contextisset() can only be used with a variable.
Edit:
There is a difference between hashing and encryption. MD5 is a simple hash, one that isn’t even cryptographically secure.
Yes, you should not submit passwords in plaintext to your server, but hashing them client side is the same thing. You should be using HTTPS for password form submissions, this is how you encrypt communications between your server and the client.