I have developed a user login for a customer portal on my website (code below). I believe I have it md5 encrypted… (please correct me if I am wrong) – passwords on the database are still plain text… Is this secure?
Also – if this is so far the only security on my site do I also need an SSL certificate? What is the difference? Any help would be great. Thanks!
$username = $_POST['username'];
$password = md5($_POST['password']);
$connect = mysql_connect("xxxx", "xxxx", "xxxx") or die("Connection Error!");
mysql_select_db("xxxx") or die("Couldn't find db");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
while ($row = mysql_fetch_assoc($query))
$dbusername = $row['username'];
$dbpassword = $row['password'];
echo "Incorrect password!";
die ("That user doesnt exist.");
die("Please enter username and password.");