Talk:PHP Programming/Building a secure user login system

Someone at Stackoverflow.com asked about the trustworthiness this page.

This Sorely Needed to Be Reworked
I have gone through and modified awkward sentences, removed unnecessary and obvious sentences (not unnecessary and obvious sentences that didn't mean anything to me but might have meant something to someone else; these sentences were actually pointless), and removed condescending language. It is condescending to speak to novices so frequently about the mistakes novices make. The wording ought to be something along the lines of, "Be sure to avoid this common mistake" rather than "This is a thing novices get wrong."

Since I'm not an expert in PHP, some more technical content remains to be fixed. If examples require the author to explain caveats, then new examples are needed. Also, the examples are only generally explained. If the author doesn't want the reader to copy and paste, then perhaps he should explain the specifics of the examples line-by-line.Spezied (talk) 16:09, 26 July 2010 (UTC)

Use of MD5 as a hash
In some later code examples on the page, MD5 is used as a hash, while it has known attacks and is discouraged by most developers. I feel as if a better hash algorithm should be used in the examples, as SHA512 or SHA256, and not MD5. Rarkenin (discuss • contribs) 22:00, 18 November 2012 (UTC)


 * From a cryptographic perspective, a KDF specifically designed for password hashing should be used. Dannyniu (discuss • contribs) 02:30, 16 August 2017 (UTC)