Web Programming with PHP

20 Storing Passwords Securely

Usernames and passwords are stored in an array in the check-login web page. The md5() function is used to calculate the MD5 hash of passwords.

Action page of login.php:

login_action.php

<?php
// Array of users: username => password
$users["admin"] = "21232f297a57a5a743894a0e4a801fc3";
$users["vadim"] = "1bbd886460827015e5d605ed44252251";

	
foreach($users as $name => $password) {
  if($name == $_POST["username"] && $password == md5($_POST["password"])) {
    // Username and password are correct
	header("Location: private.php");
	die();
  }		
}	

// Username and password are incorrect
header("Location: login.php")
?>