How do you store data? eg. passwords?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
m0u53m4t
Forum Contributor
Posts: 101
Joined: Wed Apr 19, 2006 7:47 am
Location: Wales

How do you store data? eg. passwords?

Post by m0u53m4t »

Say I wanted to make a php file that when someone enters their username and password in a form hashes it and compares it to the already hashed stored password, what kind of file would the hashed password have to be in?
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: How do you store data? eg. passwords?

Post by Chris Corbyn »

m0u53m4t wrote:Say I wanted to make a php file that when someone enters their username and password in a form hashes it and compares it to the already hashed stored password, what kind of file would the hashed password have to be in?
Don't use a file, use a database. If you do need to use a file then make sure you place it somewhere outside of the web root, although on many shared hosts other people will still be able to read this file using php.
User avatar
m0u53m4t
Forum Contributor
Posts: 101
Joined: Wed Apr 19, 2006 7:47 am
Location: Wales

Post by m0u53m4t »

If the passwords are stored hashed anyway, whats the problem? Anyway, I'll use a database... So how do I make a database for it?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

You have so many different threads about hashing passwords! Stick to one!
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

m0u53m4t wrote:If the passwords are stored hashed anyway, whats the problem? Anyway, I'll use a database... So how do I make a database for it?
Just because data is hashed doesn't mean you can make your list of users and passwords publically accessible.... they'd be brute forced/tunnelled pretty quickly.

Read up on MySQL or PostgreSQL if you want to learn how to use a database ;)
Post Reply