session_start();
ob_start();
*host detail stuff here*
mysql_connect("$host", "$dbusername", "$password") or die ("cannot connect");
mysql_select_db("$db_name") or die ("cannot select DB");
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$username = stripslashes($username);
$password = stripslashes($password);
$sql = "SELECT * FROM $tbl_name WHERE username = '$username' and password='$password'";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count == 1) {
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header('location:login_success.php');
}
if($count == 1) {
session_register('username');
session_register('password');
header('location:login_success.php');
}
else {
include("top.php");
include("style.css");
echo "<p align=center><font size=2>Login Failed. <a href=http://www.sentuamessage.com/login.php>Please Try Again</a></p>";
include("bottom.php");
}
ob_end_flush();
right now with this code my password is exposed in the database showing in it's column as "Example1" instead I want it cryptic or more secure.
I heard MD5 is a terrible choice to make for passwords so what option would be better and how would I implement it? (I haven't made a register page yet)