[eluser]veledrom[/eluser]
Hi,
I use code below to authenticate user login. I have questions though.
Thanks in advance
1. Is it good and/or secure approach?
2. How can I make it harder to break into?
3. Should I store any other dynamic or static data in database to make it more secure?
<b>DATABASE</b>
Code:
CREATE TABLE `users` (
`id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
`username` varchar(20) NOT NULL,
`password` varchar(40) NOT NULL COMMENT 'SHA1 encrypted password',
PRIMARY KEY (`id`)
);
<b>CONFIG.PHP</b>
Code:
$config['encryption_key'] = "A1.b2,C3?D4_E5?";
<b>LOGIN PAGE</b>
Code:
<form action="http://localhost/index.php/loginout/do_login" method="post">
Username : <input type="text" name="text_username" value="" />
<br />
Password : <input type="password" name="text_password" value="" />
<br />
<input type="submit" name="submit_button" value="Login" />
</form>
<b>CONTROLLER</b>
Code:
class Loginout extends CI_Controller {
public function __construct()
{
parent::__construct();
}
public function hash_password($password)
{
$salt = $this->config->item('encryption_key');
$hash = sha1($salt . $password . $salt);
}
public function do_login()
{
$username = $this->input->post('text_username', true);
$password = $this->input->post('text_password', true);
$this->db->where('username', $username);
$this->db->where('password', this->hash_password($password));
$query = $this->db->get('users', 1);
echo ($query->num_rows() == 1) ? 'SUCCESS' : 'FAIL';
}
}