2009/2/9 Michael Kubler <mdk...@gmail.com>:
> These days SHA should really be used instead of MD5, and you should be
> SALTing the password as well.
> Here's a great guide : http://phpsec.org/articles/2005/password-hashing.html
Good advice. I would also advise against stripping and trimming
anything from passwords. By removing characters you're significantly
reducing the number of possible passwords.
-Stuart
> Jan G.B. wrote:
>>
>> 2009/2/9 Andrew Williams <andrew4willi...@gmail.com>:
>>
>>>
>>> Can some body help out on how to validate user password from the
>>> database?
>>>
>>
>> There are several possibilities. This would be one.
>> <?
>> $query = 'SELECT 1 from `usertable` where `name` = ' .
>> mysql_real_escape_string(STRIPPED_AND_TRIMMED_REQUEST_VAR_HERE)
>> . ' AND `pass` = md5("' .
>> mysql_real_escape_string(STRIPPED_AND_TRIMMED_REQUEST_VAR_HERE) .
>> '");';
>> ?>
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
