What type of authorization is more secure?

U

Urushi Go2015-10-10 14:51:08

PHP

Urushi Go, 2015-10-10 14:51:08

Task: creating a secure authorization for just one user.
1. Create a table in the database with a username and password
2. Create a check like 'if (text== "text")' with the specified password and username in the check file itself
So which is better to choose?

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

I

Ivanq, 2015-10-10
@UrushiGo

1. If there is only one user and no one can access the php code, you can do so.
2. But in other cases, I would suggest the second option.
In general, it is better not to place any critical information in php files.

O

Orzubek Rakhimov, 2015-10-10
@orzubek

If you create to a file, then try the following code:

<form method="post" action="check.php">
Ваш логин: <input type="text" name="user">
Ваш пароль: <input type="password" name="pass">
Ваш соль: <input type="text" name="salt">
<input type="submit">
</form>

check.php

<?php
$user = $_POST['user'];
$pass = $_POST['pass'];
$salt = $_POST['salt'];
$hash = file_get_contents('ZmlsZQ==.dat');
if(md5($user).md5(md5($pass)).md5(sha1(base64_encode($salt))) == $hash){
....
}else{
die('Hacking Attempt');
usleep(2);
header("Location: http://tebe.dostupa.net");
}
?>

K

Kukushkin Ivan, 2015-10-10
@deleted-webter

'if (text=== "text")
is enough in php. just hash with good algorithms (not md5)

A

Artem, 2015-10-10
@ulkoart

'if (text==="text")

Well, not feng shui at all.

D

Dmitry K, 2015-10-12
@gospodinmir

2. Create a check like 'if (text== "text")' with the specified password and login in the check file itself,
well, that's generally hello :D