Please can anyone tell me the best way to write a php login script that will encrypt the user password when an account is created and decrypt it when the user try to login. It is a localhost system so not really concern about hackers. Thanks
achiman 0 Junior Poster in Training
nileshgr
Why do you want to decrypt the password at login ?
You just encrypt the password put in at login time with the same algorithm that you used at the time of registration.
Sample code for register:
<?php
// code to verify that password and confirm password fields match
// and error handling
$username = $_POST['username'];
$password = md5($_POST['password']);
// code to insert into db
?>Code for login page would be similar removing the confirm password piece of code and changing the code for inserting to select.
diafol
If localhost - why bother with encryption? Just in case somebody looks at the db? In general, you'd want to 'salt' the password and possibly double hash it, e.g.
md5(md5("mysaltysalt" . $pw . "mylastsalt"))Check the php manual for other encryption methods. MD5 is one-way, that is you can't "unencrypt" it with a function.
prateekshaweb 0 Newbie Poster
Hi
you only encrypt the password using md5....and store the md5 string in the database....the search sql would be like
$username = $_POST;
$password = md5($_POST);
$query = "SELECT * FROM users WHERE username = $username AND password = $password";
Arianna 1 Light Poster
I used this script:
http://www.daniweb.com/forums/post951182.html#post951182
It worked really well, complete with member areas and the like. If you're not an expert, I recommend trying it. :D
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.