Here is my table
CREATE TABLE members (
id SMALLINT NOT NULL AUTO_INCREMENT,
PRIMARY KEY(id),
username VARCHAR(50),
password CHAR(50)
);
And here is my insert statement
INSERT INTO members (id,username,password) VALUES (1,“Paul_Magnatto”,md5(“letmein”));
I’ve heard that md5() is not a very good encryption method to use, what method should I use to use better encryption?
Is there a primer out there to help me learn how to do it?
There is also code available that allows it to be implemented on 5.3 - then when you upgrade to 5.5 you simply remove the extra file containing that code.
Yes, use the ircmaxell password_compat library as @felgall noted.
One thing to point out though is that you should avoid trying to create your own salt. Just let bcrypt do it for you as it will provide a very good salt for you.
Also, you’ll need to “widen” the password column as CHAR(50) won’t be enough. I’d actually go straight for VARCHAR(255) so that you’re “future-proofed” if the recommended algo changes and that one yields a longer hash.
simply copy the password.php file from there and include that in the scripts you want to do password processing. You then write your actual password processing the way the php.net web site says to use for PHP 5.5+ as the file you are adding provides compatible functions for those calls. When you then filally upgrade to 5.5 you just delete the include statement.
HI,
i am also about to do similar although i have found PH-Pass which does all the hard work for you from what i can tell https://sunnyis.me/blog/secure-passwords and uses similar encryption to that which is used in the later versions of Drupal.
The other things you should consider adding to your table if this is for more users than just yourself are:
Creation date - so you know when someone registered
last login date - so you know when they last logged in
account type - is it a general user or admin
email - you’ll need to send out password reminders etc