[javajenius]

Could someone tell me how to protect a site using php and md5 authentication. I've looked through alot of google pages but i am truly confused. Please explain or give me a link that explains php authentication with md5 (or the most secure way to secure a site with php)

[woiwky]

Do you mean HTTP authentication?

If so, this link should answer your questions:

http://www.php.net/features.http-auth

If not, or if that link doesn't help, could you explain more on exactly what it is you want your site to do to authenticate a user? Are you talking about a user registration/login system?

And as for md5, I personally prefer hash('sha256', $str) to it. But to each his own.

[tnl2k7]

If you'd like to password protect a folder, this can be done through cPanel. Login as you usually would and somewhere is an option called Leech Protect. Once you've found it it's pretty self explanatory.

If you'd prefer to use a custom script to do it,this might help.

[LHVWB]

It sounds like you don't exactly know what you want to do.

I suggest that you install a forum or content management system using 'fantasico' from cpanel, and see if any of those systems are what you are looking for.

[tittat]

Try moving to a CMS(content management system).Iam using e107.Almost every CMS have its own inbuilt authentication system,which will helps you from the hassles of creating your own.

[javajenius]

Quote:

Do you mean HTTP authentication?

No, thats insecure.

Quote:

If you'd like to password protect a folder

Still http basic auth.

Quote:

forum or content management system

I need to build my own for the control panel =(.

Is no one good enough at php to help me secure some folders...

[woiwky]

What exactly do you mean by "secure folders"? Furthermore, what exactly is it that you plan to store in the folders? It sounds to me that you're looking in the wrong place for what you want. PHP is just a scripting language, not a server.

[konekt]

md5($var);
crypt($var, CRYPT_MD5);

...am I missing something?

[Jake]

normally you'd just store the password encrypted like $enc_pass = sha1($pass), in order to recognize that a person has entered the correct password you could just have it test the password the user supplies with the encryptions on it to see if it matches the encrypted one stored in a db or file.

you could always make your own hash... if you felt the need for it.

[konekt]

Quote:

Originally Posted by Jake

normally you'd just store the password encrypted like $enc_pass = sha1($pass), in order to recognize that a person has entered the correct password you could just have it test the password the user supplies with the encryptions on it to see if it matches the encrypted one stored in a db or file.

you could always make your own hash... if you felt the need for it.

I always do multiple encryptions using varied encryption methods (mainly md5 and blowfish). I find using encryptions as hashes for further encryption is really effective... I usually do about 5-8 encryptions, with each encryption lending to the hash of the other. Yes... I am quite paranoid