Chris Shiflett wrote:
Ben Ramsey wrote:
$clean = array();
$sql = array();
Glad to see someone spreading this habit. :-) Thanks, Ben.
if (ctype_alnum($_POST['pass']))
{
$clean['pass'] = $_POST['pass'];
}
I think it's fine to cheat a bit with the password and trust the output
format of md5():
$clean['pass'] = md5((ini_get('magic_quotes_gpc') ?
stripslashes($_POST['pass']) : $_POST['pass']));
or users with quotes in their password won't be able to log in.
$clean['pass'] = md5($_POST['pass']);
Of course, it is best to use a salt:
$salt = 'SHIFLETT';
$clean['pass'] = md5($salt . md5($_POST['pass'] . $salt));
Chris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
