08-26-2009, 01:25 PM
Nice, clean code. Haven't tested it, but it looks good.
You might want to use a salt (random string) with the md5 hashes, to prevent a hacker from reverse md5'ing all passwords.
So just generate a string like 'o93#Y.2' and prepend it to the password. If my password is 'usuk' it will become 'o93#Y.2usuk'. That value is hashed by the md5 function. If I login with /login usuk, it will prepend the salt again and check if my password == md5('o93#Y.2usuk').
There are various sites to lookup md5 hashes, like this one. If someone is able to access the hashes, users will be a lot safer if you used a salt in the passwords.
You might want to use a salt (random string) with the md5 hashes, to prevent a hacker from reverse md5'ing all passwords.
So just generate a string like 'o93#Y.2' and prepend it to the password. If my password is 'usuk' it will become 'o93#Y.2usuk'. That value is hashed by the md5 function. If I login with /login usuk, it will prepend the salt again and check if my password == md5('o93#Y.2usuk').
There are various sites to lookup md5 hashes, like this one. If someone is able to access the hashes, users will be a lot safer if you used a salt in the passwords.