Programming Forums
User Name Password Register
 

RSS Feed
FORUM INDEX | TODAY'S POSTS | UNANSWERED THREADS | ADVANCED SEARCH

Reply
 
Thread Tools Display Modes
Old Oct 18th, 2013, 9:12 AM   #1
DataG
Newbie
 
Join Date: Dec 2010
Posts: 25
Rep Power: 0 DataG is on a distinguished road
Password hashing help md5 add salt

I am looking to make my user password secure, at the moment i am using md5 hash.

I want to add salt to this, how do i go about adding salt to my password?Help please?
<?php
session_start();

require_once("database_config.php");
require_once("mysql_fix_string.php");
/*
* Prevent sql injection attack and html entities md5
*/
$myusername = mysql_entities_fix_string($_POST['username']);
$mypassword = mysql_entities_fix_string($_POST['password']);

$mypassword_md5 = md5($mypassword);

//if password is empty redirect user to login
while(empty($mypassword)){
echo"Please Enter your password";
Header("Location: login.php");

}
/*
* Set query to retrieve data
*/

$query = "SELECT * FROM tbl_users WHERE user_name = '$myusername' AND user_password = '$mypassword'";
$result = mysql_query($query);
if(!$result) die ("Database access failed: " .mysql_error());

$row = mysql_fetch_array($result);

/*
* set session data and redirect to user to index.php
*/
if($myusername){
$role = "SELECT tbl_users.user_name, tbl_users.role_id from tbl_users WHERE tbl_users.user_name='$myusername'";
$result = mysql_query($role);

if($result && mysql_num_rows($result) > 0 ){
while($row = mysql_fetch_assoc($result)){
echo $row['user_name'];
if($row['role_id'] == 1){
$_SESSION['logged_in'] = true;
$_SESSION['role'] = 1; //admin
$_SESSION['name'] =$row['user_name'];
Header("Location: index.php"); //change later to admin_account.php
}else if($row['role_id']== 2){
$_SESSION['logged_in'] = true;
$_SESSION['role'] = 2; //lighting engineer
$_SESSION['name'] =$row['user_name'];
Header("Location: account_lighting_engineer.php");
} else if ($row['role_id'] == 3){
$_SESSION['logged_in'] = true;
$_SESSION['role'] = 3; //lighting designer
$_SESSION['name'] =$row['user_name'];
Header("Location: account_lighting_designer.php");
} else if ($row['role_id'] == 4){
$_SESSION['logged_in'] = true;
$_SESSION['role'] = 4; //maintenance engineer
$_SESSION['name'] =$row['user_name'];
Header("Location: account_maintenance_engineer.php");
}
else{
Header("Location: login.php");
}
}

}
}
__________________
D@Ta-G
DataG is offline   Reply With Quote
Old Oct 18th, 2013, 6:04 PM   #2
Proxi
Programmer
 
Proxi's Avatar
 
Join Date: Aug 2013
Location: Netherlands
Posts: 39
Rep Power: 0 Proxi is on a distinguished road
Re: Password hashing help md5 add salt

You can create a simple salt by doing this:

$password = "banana";
$salt = "aB1cD2eF3G";
$password = md5($salt.$password);

Or make one that hashes again:

$password = "banana";
$salt = sha1(md5($password));
$password = md5($password.$salt);
Proxi is offline   Reply With Quote
Reply

Bookmarks

« Previous Thread in Forum | Next Thread in Forum »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Using a salt to login, cant find error. travusgonzalez PHP 8 Mar 2nd, 2012 3:53 AM
Decrypt the password Srinivasa007 Python 2 Apr 23rd, 2009 11:04 PM
[Python] Password Generator bulio Show Off Your Open Source Projects 2 Feb 28th, 2006 3:01 AM
password box ragenuub Visual Basic 5 Nov 15th, 2005 3:46 PM
Just a small password generator Jessehk Show Off Your Open Source Projects 3 Sep 16th, 2005 8:41 AM




DaniWeb IT Discussion Community
All times are GMT -5. The time now is 4:45 AM.

Powered by vBulletin® Version 3.7.0, Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright ©2007 DaniWeb® LLC