How to hash a password field

2.2k views Asked by At

bought a php software that allows users to build websites. But the guy I paid didn't build a signup form. I'm dangerous enough to do basic coding. But I feel this is past my skill level. The form I created inserts into the mysql database just fine, but it wold let the new users that use this form login because the password field isn't hashing.

HMTL signup form:

<form action="input.php" method="post" class="pcss3f pcss3f-type-hor">
            <header>Fillout the below to join.</header>

            <section class="state-normal">
                <label for="">First Name</label>
                <input type="text" name="first_name"/>
                <i class="icon-user"></i>
            </section>

            <section class="state-normal">
                <label for="">Last Name</label>
                <input type="text" name="last_name"/>
                <i class="icon-user"></i>
            </section>

            <section class="state-normal">
                <label for="">Email</label>
                <input type="email" name="email"/>
                <i class="icon-envelope"></i>
            </section>

            <section class="state-normal">
                <label for="">Password</label>
                <input type="password" name="password"/>
                <i class="icon-key"></i>
            </section>

            <footer>
                <button type="button" onclick="window.location = 'index.html'">Back</button>
                <button type="submit" class="color-blue">Submit</button>
            </footer>
        </form>

and the php script:

<?php
$con = mysql_connect("localhost","name","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("instantw_builder", $con);


$sql="INSERT INTO users (first_name, last_name, username, email, password)
VALUES
('$_POST[first_name]','$_POST[last_name]','$_POST[email]','$_POST[email]','$_POST[password]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

mysql_close($con)
?>

What do I need to do to hash the password field?

1

There are 1 answers

2
Adam Collins On

There are many different ways you can hash a password, some better than others. I'd recommend using the SHA1 hash function built into PHP.

$hash_password = sha1($_POST[password]);

You then want to store this password in the database.

When a user logs in, you want to hash the password they enter and check that the two hashes match.

For additional security, I'd suggest adding a string (known only to you), to the end of all passwords in order to limit the success of reserve hashing.

You also have other issues with this form regarding database exploits known as SQL injections. Read up on them here: http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php