Password encryption in encryption function

To do what you need the following code will work:

$password = md5($this->security->xss_clean($this->input->post('password')));

      

        
        
        
      

    

However, as pointed out in the comments, md5 is a very poor choice for storing passwords and should be avoided at all costs. You should also avoid sha1 and anything else that hash handles quickly. For more information, see Jeff Atwood's blog post, your password is too damned . Specifically the next part:

And for developers:

Pick your new password hash algorithms and move all your old password hashing systems much harder to compute hashes. You need hashes that are specifically designed for GPUs such as scrypt.

Even if you choose the "correct" hash, you may be vulnerable if your work factor is not high enough. Matsano recommends the following:

scrypt: N = 2 ^ 14, r = 8, p = 1

bcrypt: cost = 11

PBKDF2 with SHA256: iterations = 86,000

But these are only recommendations; you have to scale the hashing to what is available and reasonable on your servers or devices. For example, we had a small denial of service in Discourse where we allowed people to enter up to 20,000 character passwords in the login form and calculate the hash on that which took, uh ... a few seconds.

The post also describes how quickly password cracking attempts can be made for any given hashing algorithm (attempts per second)

• NTLM = 350,000,000,000
• MD5 = 180,000,000,000
• SHA1 = 63,000,000,000
• SHA512Crypt = 364,000
• bCrypt = 71,000

Obviously, the fewer attempts per second that can be made, the longer it takes to break the hash.

With this in mind, please rethink your hashing choice for your application and make it sensible hashing for passwords.