This is an extension on the last tutorial (026) with hashing text. In this tutorial, I show how we can have a log in form where the password is not saved as raw text, but as a hashed fingerprint. We can compare the hashes to see if they put in the correct password, if so, they logged in correctly. This is a common practice to do with passwords. In the case your database gets compromised, your users won’t have their passwords “stolen” easily.
Here are the sources used in this tutorial:
tut027.php
<?php //PHP tutorial 027: form login with hashing. $password = "46a808cfd5beafa5e60aefee867bf92025dc2849"; $user = "kloplop321"; if(trim($_REQUEST['user']) == $user && sha1(trim($_REQUEST['pass'])) == $password){ echo "You logged in correctly!"; }else{ if(isset($_REQUEST['sub'])){ echo "you failed at logging in."; } } ?> <form method="post" action="?"> <input type="hidden" name="sub" value="1" /> Username <input type="text" name="user" /> Password <input type="password" name="pass" /><br /> <input type="submit" value="Login" /> </form> <?php //echo sha1('generic'); ?>