Password / login in php

Question

Password / login in php

For php login system, this would be a suitable description of how it will work:

user types in username and password, click the login button.

Checks if the user exists in the database,
if so, extract the salt for this user
enter the password and password salt (will this be done on the client or server? I think the client side will be better, but php is the server side, so how would you do this?)
check the value against the value in the database,
if the values match the user has typed the correct password and they are logged in.

+3

security php login hash

Jonathan. Apr 7 '10 at 11:26

source share

5 answers

, , , ( ? , , php - ?)

, , , . -.

, , . 3 . JavaScript. JavaScript ( NoScript).

, , , , .

- , , , 5 . ( ;)). , , , .

, , , .

+6

Yacoby 07 . '10 11:33

+4

OM The Eternity 07 . '10 11:31

, .

:

/home/username/key
/home/username/public_html/login.php

() . 512- .

. , 16 .

, :

hash('sha256', $password . $salt . $key);

. MD5 SHA-1. SHA-2, SHA-256 SHA-512. , Whirlpool - .

, , :

public static function hash($algorithm, $data, $iterations = 1, $rawOutput = false)
{
    if ($iterations < 1)
        throw new Exception('There must be at least one iteration.');

    while ($iterations--)
    {
        $data = hash($algorithm, $data, true);
    }

    return ($rawOutput ? (binary) $data : bin2hex($data));
}

+1

Tower 09 . '10 12:32

?

, .
,

If you are talking about the secure transfer of passwords from client to server - this is another story, you can refer to the description of HTTP protocol authorization for the scheme. In short, this is client-side hashing using a random one-time token stored on the server side. OR SSL of course

0

Your common sense Apr 7 '10 at 11:45

source share

Quentin · Accepted Answer · 2010-04-07T11:33:27+0000

, , ,

. , .

hash ( ? ,

. , - , () , ( ) .

, JS , , .

.
SELECT some, cols FROM your_users WHERE username =? =?
, .

Password / login in php

More articles: