Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
On a user registration form, I am able store the user login and md5(password) on my mysql db. I am running into a problem of putting a script together correctly that would validate the database login and md5-ed password.
The problem was that with MD5 encryption the correct login and password entered was not being accepted/validated...
But, nevermind - I figured it out. The problem was in my table setting in the Mysql database. The passwords column was set VARCHAR (30) and md5 encryptions assigns encryption string 30 +.
The password encryption was saving a depricated version that ofcourse would never match the full version presented by the login script, so I just increased the VARCHAR to 50 and now the login page validation works.