I would like a tutorial on PHP-MYSQL logins using md5 I am going to use the same passwords as on my forum so that users can upload videos and they will be converted with FFMPEG to FLV.

So can anyone reccomend a PHP-MYSQL Login that uses md5 please?

I prefer videos that have downloadable code or videos.








*I hope this is posted in the correct area.(It's PHP related)

http://www.swish-db.com/tutorials/view.php/tid/601

simplified code to head you in the right direction:

PHP Code:

// your php code to check login
if ( $HTTP_POST_VARS )
{
  $username = $HTTP_POST_VARS['username'];

  $password = $HTTP_POST_VARS['password'];

  $mdpw = md5 ( $password );

  $sql = "SELECT * FROM login WHERE login_username = '" . $username . "' AND  login_password = '" . $mdpw . "'";

  // if that sql query gets results, then the un/pw match in your db.
}

// your login form
<form name="login" action="" method="post">

  Username: <input type="text" name="username" />

  Password: <input type="password" name="password" />

  <input type="submit" name="submit" value="log in sucka!">

</form> 


Isnt $_POST['username'] suposed to be much better than $HTTP_POST_VARS[]

Consider using sha1 instead of md5. It's more secure.

PHP Code:

<?php

$user = $_POST['username'];
$pass = $_POST['password'];

$pass = sha1($pass);

...

?>

PHP also supports even more secure encryptions, including all of the sha2 group, through the use of the hash command:

PHP Code:

<?php

$pass = $_POST['password'];

$pass = hash('sha512', $pass); //Applies sha512 encryption

?>

Quote:

Originally Posted by dansgalaxy

Isnt $_POST['username'] suposed to be much better than $HTTP_POST_VARS[]

yep, it is.

old (bad) habit.

i was reading about secure scripts and stuff and read about the whole $_REQUEST where its like the same so user soculd enter them through the URL and hacking in. and was just like what stupid person would use it??