Thanks for the tip, it worked great, however everything I have been reading says that md5 is only one way. The way I have setup my app is the database contains the encrypted version of what the user entered as their password. Then on my login page there is an if statement that encrypts what the user is entering as their password and then checking that against what is in the database for them. This is working great!...Thanks again.
My registration page is where the password gets encrypted and then sent to the database. After the user registers and I accept them as a user they recieve an email containing their username and password. But the password is encrypted. Is there a way to decrypt the encrypted password in the database? Or am I going about this wrong? Thanks again for your help. Aaron "Torsten Roehr" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > "Aaron Todd" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] >> I have developed a PHP based site that requires users to login. Their > login >> information is kept in a MYSQL database. Currently, I am using an IF >> statement to verify what the user enters as their password with what is >> in >> the the database. If they are the same a session is created and they >> have >> access to the content of the site. >> >> As far as I know the password is being sent to the script in clear text > and >> I was wondering what a good way would be to get this to be encrypted. My >> first thought is to encrypt the password in the database using crypt(). > So >> if I view the table I will see the encrypted characters. Then change the > IF >> statement to encrypt the password that the user enters and then just >> check >> if its the same as what is in the database. That sounds like the same as > I >> am doing now only instead of checking a password that is a name, its >> checking the encrypted characters of the name. >> >> So it seems my idea would hide the real characters. >> >> Can anyone tell me if this is a bad idea. And maybe point me toward a > good >> one. >> >> Thanks, >> >> Aaron > > Hi Aaron, > > encrypting passwords in the database is generally a good idea. You can use > md5() as an alternative to crypt(). MySQL itself has an MD5 function you > can > directly use in your SQL statements. > > Regards, Torsten Roehr > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
