Codeigniter strange encryption of password

Question

I'm new to Codeigniter and trying to make a user registration. And I've met strange thing. At first I'll tell what exactly I'm doing with my password value:

$password = stripslashes($password);
$password = htmlspecialchars($password);
$password = md5($password);
$password = strrev($password);

And then I'm saving it to the DB:

$data = array(
    'email'     => $email,
    'reg_type'  => $reg_type,
    'password'  => $password
);

$this->CI->db->insert('user', $data);

And no matter what password I enter, It's always saving this value: e7248fce8990089e402b00f89dc8d14d

And when I'm going to login page (code of encryption is the same), it's returning me a different md5 values (and it's look like correct).

Can somebody explain why it's happens and how to solve it? Or maybe you can propose some another method of password's encryption.

Thank you.

Answer 1

Empty variable:

e7248fce8990089e402b00f89dc8d14d is the reversed hash of an empty string.

This means your $password variable is empty, you probably have a bug somewhere with your $_POST code.

Use Blowfish:

As mentioned in the comments, you shouldn't use md5() any more.

If you have PHP 5.5+ you can use the password_hash() function:

$password = password_hash($password, PASSWORD_BCRYPT);

And use the codeigniter post() function instead of stripslashes() and htmlspecialchars().

Example:

//Get password from form
$password = $this->input->post('field_name', true); //adding true runs the XSS filter.

//Hash Password
$password = password_hash($password, PASSWORD_BCRYPT);

//Data Array
$data = array(
    'email'     => $email,
    'reg_type'  => $reg_type,
    'password'  => $password
);

//Save to DB
$this->CI->db->insert('user', $data);

EDIT:

password_hash() handles salting on it's own. I removed the additional salting from the code. (See @martinstoeckli comment)