DISQUS

Building Browsergames: Building Browsergames: The Registration Page (PHP)

  • John Munsch · 1 year ago
    The MD5 hash doesn't actually protect you if someone were able to dump your table of users or gain access to the database in some fashion.

    That's because there exist large hash dictionaries available to hackers which have every word in the dictionary and all common names already pre-hashed using common hashes like MD5. The hacker can search through the list of hashed user passwords for matches in the hash dictionary and then consult the dictionary whenever there is a match to see what word or name was used as the original (unhashed) password. It won't allow them access to accounts where people used strong passwords, but think how many people use the name of a spouse or a common word as a password.

    That's why you usually use MD5 in combination with a random "salt" value. You take the user's password (e.g. porcupine), you prepend a randomly generated number or string (e.g. 352) and then MD5 hash that (e.g. 352porcupine => 'alaskdf5...') saving both the randomly generated number and the hash. Then whenever the user submits a password you again prepend the same salt value in front of it and see if it hashes to the same value again. The random value in front of each and every password stored then makes the hash dictionary useless.
  • Graham · 9 months ago
    use SHA1 instead of MD5. Event with Salts, MD5 is still vulnerable to collision attacks, and should not be used for security purposes.
  • Luke · 9 months ago
    Thanks for the heads-up, Graham!
  • Luke · 1 year ago
    Hi John, and thanks for the tips!

    I wasn't aware that md5's were vulnerable to rainbow tables - thanks for pointing that out. I'll be sure to write a follow-up post as soon as possible clearing up why you should be doing more than just md5ing your data.
  • Gradient · 6 months ago
    Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/a8891953/public_html/register.php on line 15

    That is what I get when trying to register.
  • Luke · 6 months ago
    If you're getting that error, it means that something is wrong with your
    connection to MySQL - double check the values that you passed to
    mysql_connect.
  • HughCompton · 3 months ago
    I don't understand where I shoulkd input the SQl you have posted. I signed up to a free package with PHP My Admin support and thats all set up but i dont know where to input what you have posted.

    Please Help
  • HughCompton · 3 months ago
    Here is a picture of what The PHP Admin screen looks like.

    http://yfrog.com/5sphpadminp

    I clicked on User Priviliges so thats why its Orange (I think).
  • uk company registration · 1 month ago
    Thanks for the guideline of creating browsergame. I was looking for it. I have successfully followed the first six steps. But I couldn’t create the INSERT query. I have checked the code several times. I have exactly follow what you have written. But it just didn’t work. Can you please help me to find out the error?
  • Michael · 1 month ago
    whats about the page register.php you are posting the registration data to?
    if i run this code and fill in the registration form, after clicking at "register!" theres an error, because page register.php doesnt exist
  • Luke · 1 month ago
    This code is supposed to be getting saved *into* register.php - where are
    you saving it? If you're saving it somewhere else you'll want to adjust the
    name of the script your form is POSTing to as well.