I’ve got the following PHP code which is used for registering to a website. I’m trying to hash the passwords for security but whenever I submit a dummy registration the passwords are not hashed in phpMyAdmin. They appear normal. Here is my code:
<?php
//get the values from the form
$Name = $_POST['name'];
$Username = $_POST['username'];
$Password = $_POST['password'];
$RepeatPassword = $_POST['repeatpassword'];
//encrypt the passwords
md5($Password);
md5($RepeatPassword);
//query the database
$query = "INSERT INTO users VALUES ('', '$Name', '$Username', '$Password')";
if (!mysql_query($query)) {
die('Error ' . mysql_error() . ' in query ' . $query);
}
//check passwords match
if ($Password !== $RepeatPassword) {
echo "Your passwords do not match. <a href='login.php'>Return to login page</a>";
}
//check to see if fields are blank
if ($Name=="") {
echo "Name is a required field. <a href='login.php'>Return to login page</a>";
}
else if ($Username=="") {
echo "Username is a required field. <a href='login.php'>Return to login page</a>";
}
else if ($Password=="") {
echo "Password is a required field. <a href='login.php'>Return to login page</a>";
}
else if ($RepeatPassword=="") {
echo "Repeat Password is a required field. <a href='login.php'>Return to login page</a>";
}
else {
$_SESSION["message"] = "You have successfully registered! Please login using your username and password.";
header("Location: login.php");
}
?>
The tutorials I have read online have all said to do it as per the above. I’ve tried putting the two lines of md5 code in numerous places but to no avail.
This code basically does nothing. You want:
But ultimately, MD5 doesn’t do much for security. Consider bcrypt, stop using the
mysql_*functions, and start learning about SQL injection attacks.