If you're using PHP, you probably use or at least know of the PEAR classes at http://pear.php.net/. It's a pretty large set of classes providing lots of standard functionality. Amongst these is the Auth class, which gives you perfect start if you need username/password screens for your application. What this class is missing, is a function for adding salt to passwords. Use the simple class below to add this.
<?php
include_once 'Auth.php'; include_once 'config.php';
class MyAuth extends Auth
{
function assignData()
{
parent::assignData();
$this->password = $mysalt . $this->password;
}
}
?>Save the above code in a file called MyAuth.php and instead of including Auth in your login script, use MyAuth. Also create a file called config.php and add the variable $mysalt. It should contain two or three characters, something like:
$mysalt = 'wd3';
This should be concatenated before all passwords when saving them in the database. This code is public domain.
To understand the usefulness of salt, see Wikipedia's entry on password salt.