php - Using password_hash correctly instead of MD5 -
so want tighten security when users register, know how t utilize md5 not sure how move away onto password_hash() wondering script if able assist code how utilize in right format:
<?php include 'connect.php'; $username = mysqli_real_escape_string($con, $_post['username']); $password = md5(mysqli_real_escape_string($con, $_post['password'])); $first_name = mysqli_real_escape_string($con, $_post['first_name']); $last_name = mysqli_real_escape_string($con, $_post['last_name']); $email = mysqli_real_escape_string($con, $_post['email']); $sql="insert users (username, password, first_name, last_name, email ) values ('$username', '$password', '$first_name', '$last_name', '$email')"; if (!mysqli_query($con,$sql)) { die('error: ' . mysqli_error($con)); } header ('location: /register.php'); ?>
you're right in not wanting utilize md5. towards creating random salt, using blowfish encryption encrypt password said salt. store salt in database other variables. when go validate user, you'll take password entered, hash salt pull database (most matching username) , comparing value value within database. way, if has access database, has no thought customer's passwords are.
php mysql
No comments:
Post a Comment