+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Standardised user login (/showthread.php?tid=4452)
Pages:
1
2
Standardised user login - El Forum - 11-26-2007
[eluser]Phil Sturgeon[/eluser]
Ooo then we can add authentication, permissions, management, invitations, affiliates and.. wahey we have another bloated piece of junk clogging the forus and confusing people. >.<
Standardised user login - El Forum - 11-26-2007
[eluser]morph london[/eluser]
Cheers guys big help.
Standardised user login - El Forum - 11-26-2007
[eluser]Michael Wales[/eluser]
Quote:Ooo then we can add authentication, permissions, management, invitations, affiliates and.. wahey we have another bloated piece of junk clogging the forus and confusing people. >.<
If your doing this (as you suggested):
Quote:Code:// Encrypt their password before submitting (do this in the model if you preffer
$data['password'] = md5($data['password']);
$this->user_model->addUser($data);
$this->load->view('formsuccess', $data);
Then you may as well add in some resemblance of security:
Code:
$data['salt'] = now();
$data['password'] = md5($data['salt'] . $data['password']);
$this->user_model->addUser($data);
$this->load->view('formsuccess', $data);Wasn't that hard... now was it?
Standardised user login - El Forum - 11-26-2007
[eluser]mazaka[/eluser]
Maybe I misunderstood the salt concept, but dont you need to know what the salt string is if you want to compare or retrieve the password in the future?
like,
define('SECRET_SALT','mySecretStringOnlyIknowAndUseAtEveryEncryptionAndDecryption');
$data['salt'] = SECRET_SALT;
$data['password'] = md5($data['salt'] . $data['password']);
...
Upon login etc:
if(md5(SECRET_SALT . $incomingPassword) == $storedPassword) { //log him in }
Standardised user login - El Forum - 11-26-2007
[eluser]Michael Wales[/eluser]
Yes, you do. I wasn't posting a working code example - just something to get the point across.