Encrypting Passwords

Today I have encrypted the passwords of my site.

On reflection, I should have done this at the very beginning of the project, not only for security reasons, but also for convenience. I was unaware that once a users profile had already been created before the encryption function had been implemented the database will not automatically encrypt these passwords after the function has been added. Every new users password after the encryption functionality is implemented is scrambled, however the previous user passwords will not be updated and encrypted.

Therefore I have had to carry out the following task on each users password.

By using this site: http://md5encryption.com/ I have had to encrypt the users passwords manually by using the following format: lg9[password]7sn. The lg9 part is ‘salt1’ of the password encryption and 7sn is the ‘salt2’ part of the encryption.

<?php

function encrypt($password)
{
$salt = “1g9”;
$salt2 = “7sn”;
$password = md5($salt . $password . $salt2);
return $password;
}

?>

Although this took some time updating the database, it was a quicker task than deleting every user and re-creating them again!

Advertisements
This entry was posted in Code, Improvements, Issues. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s