Members only bit on a website

chrisxuk

chrisxuk

chrisxuk

Soldato
Joined
24 Nov 2008
Posts
3,745
Location
ctf_2Fort
How would i go about doing this? :) And also would it be possible to set up a database with say 3 or 4 usernames and password for a members only bit of a website for tomorrow? Thanks
 
chrisxuk said:
How would i go about doing this? :) And also would it be possible to set up a database with say 3 or 4 usernames and password for a members only bit of a website for tomorrow? Thanks
Click to expand...

Yer, its a quick thing to do really, even if you follow a tutorial :) Also, depending on how secure you need this to be, you should also look into hashing/salting the passwords - have a quick read of robm's php article - explains it very well.
 
Last edited:
Ok use PHP and MYSQL, Easiest way possible, Use a MD5 encyption on that, use a salt if you want to, but MD5 is unbreakable :), then simply use their password they entered use a MD5 encode then match it with the MD5 password already saved on the db then if they match they can login :) (if the usernames are the same of course).
 
mase said:
Ok use PHP and MYSQL, Easiest way possible, Use a MD5 encyption on that, use a salt if you want to, but MD5 is unbreakable :),
Click to expand...

Wrong! Firstly, MD5 is a hashing algorithm, not an encryption algorithm. Secondly, it's a relatively simple matter to generate collisions for an MD5 digest.

Read the link suarve provided.
 
mase said:
Ok use PHP and MYSQL, Easiest way possible, Use a MD5 encyption on that, use a salt if you want to, but MD5 is unbreakable :)
Click to expand...

Without a salt and access to the MD5 you can run the MD5 hash through a dictionary look-up table. It's best practice to salt.
 
Last edited:
Ah fair enough didn't realise they could crack it now :o, guess theres always a way around everything.
 
If you think about the English dictionary words and popular first and last names, you can probably get a ridiculous amount of passwords with a look-up table of only a couple of thousand values. :o
 
Yeah good point :o It could be possible to generate a random salt? then loop round until you find it for a more secure hash value?
 
mase said:
Yeah good point :o It could be possible to generate a random salt? then loop round until you find it for a more secure hash value?
Click to expand...

Just read the link, it's all explained very well.

You only generate a single salt btw....
 
Inquisitor said:
Though it's considered best practice to use a per-user salt stored alongside the password.
Click to expand...

I thought the idea of salting was to have the salt stored somewhere other than your database, effectively making whatever is stored in the database useless without the salt. Surely if your store a salt alongside the hashed password that's just as bad as storing plain text passwords? Or have I missed something major here? :)
 
suarve said:
I thought the idea of salting was to have the salt stored somewhere other than your database, effectively making whatever is stored in the database useless without the salt. Surely if your store a salt alongside the hashed password that's just as bad as storing plain text passwords? Or have I missed something major here? :)
Click to expand...

well you could have some sort of script to generate the salt which is based on what is stored in the database. ie generate a random number such as 12392434, store it in database, then have a script which takes 3rd number, times it by 5th and 6th, plus 1st etc. maybe this is bad idea but first thing i could think of. of course will only work for as long as the person doesn't know how to work out the salt from the numbers.
 
You must log in or register to reply here.
Back
Top Bottom