Please can anyone tell me the best way to write a php login script that will encrypt the user password when an account is created and decrypt it when the user try to login. It is a localhost system so not really concern about hackers. Thanks

Member Avatar for nileshgr

Why do you want to decrypt the password at login ?

You just encrypt the password put in at login time with the same algorithm that you used at the time of registration.

Sample code for register:

<?php
// code to verify that password and confirm password fields match
// and error handling

$username = $_POST['username'];
$password = md5($_POST['password']);

// code to insert into db
?>

Code for login page would be similar removing the confirm password piece of code and changing the code for inserting to select.

Member Avatar for diafol

If localhost - why bother with encryption? Just in case somebody looks at the db? In general, you'd want to 'salt' the password and possibly double hash it, e.g.

md5(md5("mysaltysalt" . $pw . "mylastsalt"))

Check the php manual for other encryption methods. MD5 is one-way, that is you can't "unencrypt" it with a function.

Hi

you only encrypt the password using md5....and store the md5 string in the database....the search sql would be like

$username = $_POST;
$password = md5($_POST);

$query = "SELECT * FROM users WHERE username = $username AND password = $password";

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.