Thread

I’m building a social network using HMVC Code Igniter and I am creating my registration form, the defaults using form_input() are really nice(displayed in the input box etc…) however for form_password I get *******, I would really prefer it to just output the word password and then once the user types the password it would hash, my other alternative is to create opaque labels that display in the input box, but if there is a solution to the former it would be a quick and easy solution, so is there a way to change the default behaviour for form_password(), so it can output the word password.

form_password() generates an input of the password type <input type=“password”>, which automatically replaces any inputted characters (including the value attribute) with the dot. That’s the point of the password input—it keeps your secret.

If you want the input to have something displayed in it as a default / label, use the placeholder attribute. You may need to add some additional javascript if you want it to work in some older browsers, though.

You could create a auth_helper library that do salt your password.
it would be something like this

$secretKey = '_myS3Cr3tK3y';
$passwd = $this->input->post(''passwd');
$hashedPass =  sha1($secretKey . sha1($passwd));

In this way, you garantee that your passwd hash will be safe.
notice that the usage of sha1 or md5 encrypt is very important.
not only this but concat and salt your string too

Hi,
You could also use

$user_password = $this->encrypt->encode($user_password);

,
But then the password will be Decodable.

Thats why the best way to do this is the usage of salt password.
password field couldn’t be decodable :D

I don’t want my password will be Decodable.

$secretKey = ‘_myS3Cr3tK3y’;
$passwd = $this->input->post(’‘passwd’);
$hashedPass =  sha1($secretKey . sha1($passwd)); 

I’ll go with that because safety is my main concern.

If security is your main concern, you shouldn’t be using SHA1. Use bcrypt. A library like this one will make it easy for you.