- Joined
- Sep 2, 2011
- Messages
- 2,171
- Reaction score
- 916
MD5 isn't anymore secure. Use password_hash() or at least bcrypt() or something else.I will change to MD5, Thanks!
Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!
Join Today!MD5 isn't anymore secure. Use password_hash() or at least bcrypt() or something else.I will change to MD5, Thanks!
I will change to MD5, Thanks!
$password = password_hash('password');
if (password_verify('inputpassword', $hash))
You should as others suggested as well use password_hash. It will become like:
PHP:$password = password_hash('password');
Where as 'password' is the password you want to hash.
You can verify using password_verify:
PHP:if (password_verify('inputpassword', $hash))
Where as 'inputpassword' is the input password you want to check the user inserts (non-hashed) and $hash is the hashed password from the database.
$hash = password_hash('password', PASSWORD_BCRYPT);
$hash = password_hash('password', PASSWORD_BCRYPT, 'my-hash');
$hash = RECOVER_HASH_FROM_DATABASE();
if(password_verify('password', $hash)) {
//SEEMS LEGIT
}
Regarding, that by default password_hash() will use RANDOM Salts. Because that, recommend to use "PASSWORD_BCRYPT" flag.
***
Warning
The salt option has been deprecated as of PHP 7.0.0. It is now preferred to simply use the salt that is generated by default.
The salt option is the third argument from the function, the second one "PASSWORD_BCRYPT" still recommended.So, shouldn't use custom salts.
YOU SHOULD NEVER ENCRYPT PASSWORDS; HASH THEM INSTEAD.
HASHING IS A ONE WAY OPERATION AND CANNOT BE REVERSED.
DO NOT USE OLD TUTORIALS FOR PASSWORD HASHING; LOOK UP RECENT ONES.
The salt option is the third argument from the function, the second one "PASSWORD_BCRYPT" still recommended.
password_hash("test", PASSWORD_BCRYPT, ["cost" => 10]);
Sorry, but the fact that he used str_replace to "prevent" SQL injections.lol this section turned to Ducking poop. look at you all acting like you're 10x better than him and are naturally born web developers, stfu
i don't quite get why u all overcomplicate cms' now adays, it's not that deep bro. just use ubercms or idk make one from scratch, use joopies mysqli class, use raintpl and bobs your uncle fannys your aunt.