The issue: Cookies can easily be modified by users.
- Do not store important information in cookies
- Can be faked very easily by automated scripts.
The solution: Use ext/session to store user data.
- If available, a session ID will be stored in a cookie automatically.
- Data will be stored on the servers filesystem or database.
Hint: Never store passwords as clear text or too simple md5 hash.
<?php
function getPasswordHash($user, $password) {
return md5('mySite' . $user . $password);
}
echo getPasswordHash('username', 'password');
?>
Output
105560c8b35eeed063e10049b74612f1