19 thoughts on “PHP Login Registration Form with md5() Password Encryption

  1. hello, i got the code working properly but i use email as the requirement for logging in so when i access the user page it displays the "welcome example@email.com", can i ask some tips on how can i change it to a name while still using email as the needed authorization? thanksss

  2. For the love of cookies WHY would ANYONE today even use MD5? PLEASE demonstrate bycrypt or blowfish hashing instead. We NEED to get away from MD5 and anything in SHA. They are NOT good for password hashing at all.

  3. Don't use MD5 to hash passwords. Don't use MD5 to hash passwords. Don't use MD5 to hash passwords. Or SHA-1, for that matter. A quick Google search on rainbow tables and data breaches will be enough to tell you why. MD5 and SHA-1 were reasons why LinkedIn's leak of 8 million+ hashes put accounts in jeopardy. http://arstechnica.com/security/2012/06/8-million-leaked-passwords-connected-to-linkedin/

    The PHP docs currently point you to a crypt() wrapper as an alternative. http://php.net/manual/en/book.password.php

    Also see http://php.net/manual/en/function.password-hash.php

Leave a Reply

Your email address will not be published. Required fields are marked *