Comments on: Handling Passwords In CodeIgniter

By: Encrypting Passwords in a Database - ShiverCube

Encrypting Passwords in a Database - ShiverCube — Thu, 17 Dec 2009 21:41:46 +0000

[...] in a database as a hashed value with a salt. This is demonstrated clearly in Elliot Haughin’s Handling Passwords In CodeIgniter post. These same principles can be applied to any type of PHP [...]

By: Elliot

Elliot — Mon, 02 Nov 2009 17:32:13 +0000

“This Part $this->config->item(’encryption_key’) will generate different keys each and every time you run it.”

Actually, it won’t… it will get the $config['encryption_key']; value stored in application/config/config.php

So, that part is the same very time, and the encryption will work.

By: Max

Max — Thu, 29 Oct 2009 22:18:11 +0000

Hello Eliot
The suggestion you provided is completely wrong. You are using codeigniter encryption process which generates different encryption key at a time.

Here the code you write with concatenating with codeigniter encryption key

$password.$this->config->item(‘encryption_key’)

This Part $this->config->item(‘encryption_key’) will generate different keys each and every time you run it.

My question is if do it and store it on database how the password will be same when a user will enter his /her plaintext password.

You may answer you will do the encryption again what the user inputs on the login form. It will never same again how you have done it when a user signups. So best practice is to use one way encryption process.

When a user asked for a lost password you can give it to him in other way
like reseting the password. asking his/her security question.then store a random password on database and on session. then ask him to change the password.

By: Rajesh

Rajesh — Mon, 27 Jul 2009 11:30:11 +0000

i am not able to decrypt password please help me

By: batman

batman — Fri, 13 Mar 2009 06:46:26 +0000

excellent article – thank you. i am a code igniter/PHP newbie (come from a java background), so am just learning the PHP way of doing things.

in principle tho, things remain the same. 1-way encryption is essential, and for users who need to “recover” their passwords – sorry, but no can do. i can reset it for you, but not recover – it’s a very small priice to pay for the security offered by sha1/salt.

By: Блог World Programs » Архив блога » CodeIgniter Framework

Блог World Programs » Архив блога » CodeIgniter Framework — Fri, 12 Sep 2008 21:03:28 +0000

[...] Handling Passwords In CodeIgniter [...]

By: CodeIgniter Tutorial Links « Brandontruong’s Weblog

CodeIgniter Tutorial Links « Brandontruong’s Weblog — Fri, 27 Jun 2008 07:14:11 +0000

[...] Handling Passwords In CodeIgniter [...]

By: Some CodeIgniter Tutorial links « Afruj’s Weblog

Some CodeIgniter Tutorial links « Afruj’s Weblog — Fri, 02 May 2008 03:44:00 +0000

[...] Handling Passwords In CodeIgniter [...]

By: Michael Wales

Michael Wales — Thu, 28 Feb 2008 21:35:59 +0000

I just use CodeIgniter’s string helper to create a random string of X characters long and store that with the user’s record – giving each user a different salt.

By: Hendrik

Hendrik — Wed, 20 Feb 2008 06:43:21 +0000

Elliot, I take the timestamp of when the user was entered into the db and use it together with the global salt. At least now I don’t have to anticipate the user changing her username as the timestamp never changes.