PHP Code:
<?php
/*
make the createSalt function which will make a randomly generated string for the password salt
a password salt is a short randomly generated string that will make a password harder to crack, increasing security
*/
function createSalt($length='')
{
// make the randomly generated string, with a few standard functions
$salt = substr(sha1(md5(uniqid(rand(), true))), 0, $length);
return $salt;
}
/*
make the getPassHash function which will use a custom algorithm to encrypt the password and salt
*/
function getPassHash($password='',$salt='')
{
// make the hash string using sha1 and md5, and add the salt in
$passhash = sha1 (md5(sha1($password) . md5($salt)));
return $passhash;
}
$con = mysql_connect("localhost","user","password1234");
if(!$con)
{
die('Could not connect: ' . mysql_error());
}
// get POST data and use mysql_escape_string to escape illegal characters
// this is to prevent SQL injection, which is a huge but easy-to-fix security risk
$username = mysql_escape_string ($_POST['username']);
$password = mysql_escape_string ($_POST['password']);
// make our salt with the createSalt() function
$salt = createSalt();
// encrypt the password with the getPassHash() function
$passhash = getPassHash($password,$salt);
mysql_select_db("database", $con);
// insert the data into the database
$sql = "INSERT INTO members (id,username, password, password_salt)
VALUES ('".$username."','".$passhash."', '".$salt."')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con);
?>
Does this help?
I'm not really good at commenting, I never do it.