You rang?
Time for the boilerplate:
The sample code is vulnerable to
SQL injection via
$_POST['username'], which is a very serious
security risk. To fix this hole, switch from the outdated mysql extension to
PDO and use
prepared statements. If you need a PDO tutorial, try "
Writing MySQL Scripts with PHP and PDO". The site you save may just be your own.
MD5 is considered broken by security professionals. Use a newer hashing function, such as whirlpool or something from the SHA2 family (SHA256, SHA512). No less than Bruce Schneier has written:
But -- come on, people -- no one should be using MD5 anymore.
Your password scheme is also vulnerable to
rainbow tables. Add
salt to fix this. You could use the username + a system salt, or give each user a unique salt (a "
nonce") and store that in a column in table `users`.
To update your code without impacting existing users:
- Add a new column to your users table indicating which hash function was used. It could be a BOOLEAN value indicating that the p/w needs updating, or a string naming the hash function:
- `md5` BOOLEAN NOT NULL DEFAULT TRUE,
- `hash` VARCHAR(16) NOT NULL DEFAULT 'md5',
The latter option allows you to easily support whatever hashing functions are available on the host.
- Register new users using the newer hashing function.
- When a user logs in, check whether their password is hashed using MD5 or not. If it is, expire their password. This is a good chance to have users enter new passwords.
- If using the 1st column option, drop the column when there are no more MD5 hashed passwords (SELECT COUNT(*) FROM users WHERE `md5`=TRUE is 0)
