It doesn't matter much, but it isn't necessary to nest the md5() function within mysql_real_escape_string() as you will never have to escape a hexadecimal string.
While it usually works regardless, HTTP/1.1 requires you to use an absolute URL in header redirects. Example from php manual below:
/* Redirect to a different page in the current directory that was requested */ $host = $_SERVER['HTTP_HOST']; $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); $extra = 'mypage.php'; header("Location: http://$host$uri/$extra"); exit();
MrLollige
· 8 months ago
you could(and probably should) turn the salt into a configuration parameter
Why? I mean, if I change the salt value (if someone figured it and modified his dictionary to it), noone would be able to login any more....
Luke
· 8 months ago
The benefits of turning it into a configuration value aren't so much in securing it, as they are in not repeating it everywhere - if your salt is 'thequickbrownfoxjumpedoverthelazydog', do you really want to type that everytime you need it?
MrLollige
· 8 months ago
Ah ok :). Anyway, my salt (which I made before I read this thanks to the user comments on other pages) is short, and I probably do not need it anywhere else than on the login and register page. Thanks for your reply!
All Comments
While it usually works regardless, HTTP/1.1 requires you to use an absolute URL in header redirects. Example from php manual below:
/* Redirect to a different page in the current directory that was requested */
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'mypage.php';
header("Location: http://$host$uri/$extra");
exit();
Why? I mean, if I change the salt value (if someone figured it and modified his dictionary to it), noone would be able to login any more....
securing it, as they are in not repeating it everywhere - if your salt is
'thequickbrownfoxjumpedoverthelazydog', do you really want to type that
everytime you need it?
Anyway, my salt (which I made before I read this thanks to the user comments on other pages) is short, and I probably do not need it anywhere else than on the login and register page.
Thanks for your reply!