Many people are store password directly on database. Due to which risk of misusing is increased. We mist need to perform certain operations on password before storing it, which is know as hashing or encryption of password. There are various range of hashing functions are available such as md5(), sha1(), crtyp(), hash().
In this article i am using md5(). However many developers suggest instead of using md5() create custom hashing.
Create MD5 for string
Before storing in data we need to calculate md5() hash of password. md5() will return string of 32 characters, so if your database has less size then update it’s length first.
... // Hashing Password $hashed_pass = md5($pass); // Now store this hashed password in database. ...
Checking for password
If you are noticed that we are not stored original password in database we are stored hash value. The question arise is that how to check whether enter password is correct or not?
The answer is simple you need to again use md5() on entered password on login page. and compare those 2 hash!
... // Hashing Password $hashed_pass = md5($pass); $db_pass = $row->pass; if($hashed_pass == $db_pass) ...