If you are developing a website then you must have a login sign-up page that stores the users information in the database then it is responsibility of the person to make the database more secure i.e. the password must be secured so that nobody can hack the details of the specific user. So we use the encryption. So make the password visible in such a way that nobody could understand it.
What do we mean by secure? Security basically means the data in your database must be so secure that nobody could read it. What if the password to the database is compromised? Then your entire user password database will be compromised as well. You know that the data in the database must be placed in such a manner that it is readable to the admin of your website, you should have to code in such a way that nobody could read the password that you stored in the database you can use various algorithm to make your passwords more secure and other approach would be to encrypt all passwords in your database using some industry-standard cipher, such as the Message-Digest Algorithm 5 (MD5).
MD5 encryption is a hashing algorithm that uses the important properties of the MD5 algorithm required to encrypt the passwords stored on the server which cannot be deciphered by anyone. By doing the encryption even if the user has been given the reading permission to the user table, still the user cannot read the password.
By doing the password encryption it will protect your passwords but it will not protect your website. If your website does not have sufficient protection, password encryption will not make your website safe. Cracking an encrypted password takes a large amount of time and processing power, even on today's computers.
First of all, we need to create a new account to your database with the help of below code.
<?php
define("DB_SERVER", "localhost");
define("DB_USER", "your_name");
define("DB_PASS", "your_pass");
define("DB_NAME", "your_db");
define("TBL_USERS", "users_table_name");
$connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error());
mysql_select_db(DB_NAME, $connection) or die(mysql_error());
...
function addNewUser($name, $password){
global $connection;
$password = md5($password);
$sql = "INSERT INTO ".TBL_USERS." VALUES ('$name', '$password')";
return mysql_query($sql, $connection);
}
?>
When a new user completes the registration form, his password will be encrypted automatically.
<?php
function checkUserPass($username, $password){
global $connection;
$username = str_replace("'","''",$name)
$password = md5($password);
// Verify that user is in database
$q = "SELECT password FROM ".TBL_USERS." WHERE username = '$name'";
$result = mysql_query($q, $connection);
if(!$result || (mysql_numrows($result) < 1)){
return 1; //Indicates username failure
}
// Retrieve password from result
$dbarray = mysql_fetch_array($result);
// Validate that password is correct
if($password == $dbarray['password']){
return 0; //Success! Username and password confirmed
}
else{
return 1; //Indicates password failure
}
}
?>
0 Comment(s)