function encodePwd($salt, $string) {
return sha1( $salt . $string );
}
think about salt randomization for a minute though. Password encoding specifically.
If i have salt of "random" and a password of "complex", my sha1 would be
e55ec45f2873a04d2b888a5f59dd3f9d3bb25329
that's stored in the database. I want to check against that.
So when a user supplies me "complex" as a password, i tag "random" in front of it and encode it to get the same hash. If they equal, then bazinga! i'm set.
But what if that was random?
salt when it was stored: "random"
SHA1: e55ec45f2873a04d2b888a5f59dd3f9d3bb25329
salt when the user put it in: "apple"
SHA1: e07b207d77a0bd27d321552fc934b186559f9f42
how am i going to match those?
If you are looking for a more secure method, use data that you have and that is constant like the username or id of user or something (preferably something that won't change). You need a pattern you can rely on.
username would work good (you'd have to make sure to update password if they ever changed the username) that way authentication could look like
`WHERE `username` = '&username' AND `password` = '" . encodePwd( $username, $password ) . "'"`
function encodePwd( $username, $password) {
// maybe modify username on a non-random basis? - like
// $username = sha1( substr($username, 2)); // assuming usernames have a min-length requirement
return sha1( $username . $password ) ;
}