Jump to content

Login System


es131245

Recommended Posts

im re making login system on my site and i got few questions about thisis ive read on md5 wiki page that ist a good idea to usemd5(md5($psw)+$key)+$keybut how should i send key to server safely???and for md5 im planning to use JS how do i get string from JS to PHP???Or is there a better way???my database will keep login,psw,login_md5 and psw_md5 is this a good idea??? or its a good idea to keep md5 in DB and login,psw some where away???questions:1 md5(md5($psw)+$key)+$key???2 send key to server???3 get var from JS to PHP???4 DB login+psw+login_md5+psw_md5???

Link to comment
Share on other sites

You shouldn't use Javascript for security-related processing, you should leave that to the server-side.You don't send the key to the server, you create and use the key right on the server, if the key and hashing algorithms are on the client side (Javascript), you're leaving a whole lot of useful information to hackers.There's no need to store the user's password in the database, only the hashed password needs to be stored.There's no point in hashing the username before putting it in the database, because hashed strings are irreversible, you would be storing information you cannot use.So you only need two of the fields: username and password. You hash the password before storing it, and do nothing with the username.

Link to comment
Share on other sites

1 I worring about sending un hashed password to server but only way i know to hash it is by JS2 Only hashed password i dont know how safe is that...3 Third side can spy traffic and get all the passwords and hashed passwords and repeat them...i can crypt that info but when ill send to client key for uncrypting but they can trace that too... what can i do??I really trying to make safe security...

Link to comment
Share on other sites

When you want to insert the password in the database table, you just do this (imagine you want to insert all login info at once):$login_sql = "INSERT INTO login (username, password) VALUES ('".$username."',PASSWORD('".$password."'))";PASSWORD('whatever') will insert a hash of the password in the database. Note that this is a simplified version - you still need to check for duplicate usernames and sanitize input...

Link to comment
Share on other sites

1 I worring about sending un hashed password to server but only way i know to hash it is by JS
Then send it over SSL, that's what SSL is for. If you require a secure connection everything will be encrypted between the browser and the server.
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...