(adsbygoogle = window.adsbygoogle || []).push({});

What do you mean 'crack'? How are they getting into your database to begin with? If you're just talking about a secure way of storing passwords, upgrade to PHP 5.5+ and use password_hash and password_verify. It uses BCrypt (aka Blowfish) with a random salt. It's the best you can get and it's super easy to set up. If you need help just quote back and I can provide an example.

They get into my database.

And i'd like an example :y:

If they keep getting into your database, you're probably not sanitizing their inputs properly, thus leading to sql injection. At the very least, you need to use mysql_real_escape_string or just go with the most secure way which is PDO with prepared statements: You must login or register to view this content..

Here's a creating account example using password_hash and PDO with prepared statements:

    

<?php

//you probably should create an include file with this pdo object creation so you don't need to put this code in every file

$db_host = "localhost";

$db_user = "myuser";

$db_password = "mydbpass";

$database_name = "mydbtable";



//our pdo object

$pdo = new PDO("mysql:host=".$db_host.";dbname=".$database_name, $db_user, $db_password);



//no need to sanitze their inputs since we're using prepared statements

$username = $some_post_variable_with_username;

$password = $some_post_variable_with_password;



$q = "SELECT * FROM users WHERE username = :name";

$query =  $pdo->prepare($q);

$query->execute( array( 'name'=>$username) );

if ($query->rowCount() == 0) //no user found, create...

{

	$password_hash = password_hash($password, PASSWORD_BCRYPT);

	$q = "INSERT INTO users(username, password) VALUES name,:pass)";

	$query = $pdo->prepare($q);

	$query->execute( array( 'name'=>$username, 'pass'=>$password_hash) ); //ALWAYS store the hash, not the plaintext!!

} 

else

{

	//user exists. throw some error here

}



?>

Now that you've stored the password, here's how to check it:

    

<?php

//you probably should create an include file with this pdo object creation so you don't need to put this code in every file

$db_host = "localhost";

$db_user = "myuser";

$db_password = "mydbpass";

$database_name = "mydbtable";



//our pdo object

$pdo = new PDO("mysql:host=".$db_host.";dbname=".$database_name, $db_user, $db_password);



//no need to sanitze their inputs since we're using prepared statements

$username = $some_post_variable_with_username;

$password = $some_post_variable_with_password;



$q = "SELECT * FROM users WHERE username = :name";

$query =  $pdo->prepare($q);

$query->execute( array( 'name'=>$username) );

if ($query->rowCount() > 0) //found a user with the name

{

	$pass_hash = $query->fetch()['password']; //the hash from the db

	if (password_verify($password, $pass_hash)) //checks if they match

	{

		//they match!! =D

	}

	else

	{

		//no match, throw some error or use some login limit to prevent bruteforce

	}

} 

else

{

	//user doesn't exist, throw some error

}



?>

Hopefully it's not too complex for you. This is what I use and it's really great. PDO with prepared statements is technically (as of now) impossible to exploit with standard sqli techniques. This might have some syntax errors as I just wrote this up real quick without testing.

If the code looks like shit for you, copy and paste it into a text editor to see it better :p.

Thanks man