Quote:
Originally Posted by Publisher Bucks
Would it be best to change the encryption method at this point to something else or do you think I'll still run into the issue because of an existing coding issue?  |
Yeah just do salted MD5.
columns username, password, and salt
salt you insert a random string when inserting the user so each one has a unique salt.
$salt = md5(uniqid());
$password = md5($_POST['password'].$salt);
and then you just go
$result = mysqli_query($dblink, "SELECT * FROM users WHERE username = '".$_POST['username']."' AND password = MD5(CONCAT('".$_POST['password']."',salt))");
(naturally, youd' protect against sql injection but just writing like that to illustrate what goes where).
If there's a result, the user is valid. If it's empty, it's wrong login details.