C.1. Storing PasswordsYou should never store cleartext passwords in a database. Instead, store the hash of the password, and use a salt for best results: <?php /* $password contains the password. */ $salt = 'SHIFLETT'; $password_hash = md5($salt . md5($password . $salt)); /* Store password hash. */ ?> When you want to determine whether a user has provided the correct password, hash the provided password using the same technique, and compare the hashes: <?php $salt = 'SHIFLETT'; $password_hash = md5($salt . md5($_POST['password'] . $salt)); /* Compare password hashes. */ ?> If the hashes are identical, you are reasonably assured that the passwords are also identical.
|