The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
Password Encryption - Have a for that allows users to register, need some way of encrypting the passwords though, is there a built in function with php to do it or would I need to write one to do it? Also you know when you enter passwords in forms they you get **** instead of the characters being entered - how do you do that?
Sessions - How tricky is using sessions in php? Need to make sure that only registered users can access certain parts of my site, is it something that is going to take a while to do or is it straightforward enough to do?
Cheers
It's quite apparent that none of the posters in this thread know anything about cryptography.
Say md5(a) == c, and md5(b) == c. Then say you take otherHash(c) == d.
Therefore,
otherHash(md5(a)) == d == otherHash(md5(b))
What you have to appreciate is, however, there are only a handful of known handful of collisions known, ever. Moreso, the hash of any string less than some high order of magnitude is completely unique. Honestly, I can't stress this enough, that if you hash your passwords with md5 they will be COMPLETELY secure.
Read: http://en.wikipedia.org/wiki/Md5
Much appreciated
With that said, it shoulnd't be an issue anyway, as long as usernames are kept unique (with good script and database design), two different passwords being hashed the same should't cause many problems - in the same way that two people choosing to use the same password shouldn't cause a system problem.
> MySQL also includes a PASSWORD() function if you're interested.
>
> I'm not to sure how the two compaire, but comments on the PHP manual
> page for md5 suggest it isn't reliable, due to more than one string
> being given the same hash output.
MySQL's PASSWORD is less secure than MD5. The probability of a string collision with MD5 is extremely, extremely low, to the point that MD5 is the standard way of hashing passwords.
I'm not to sure how the two compaire, but comments on the PHP manual page for md5 suggest it isn't reliable, due to more than one string being given the same hash output.
To get the *** in input fields, just use rather than type="text"
Sessions aren't too tricky in PHP, just try a few examples from the manual and get used to how they work. On a slight aside, can someone explain the difference to me between session cookies (i.e. those that only last the duration of the session) and sessions.