Encrypting User Passwords - On a User Registration Form

[redzonne]

How do apply a one-way cryptographic hash function to the variable '$password'? I want to be able to store the user entered passwords encrypted. Any type of encryption function is fine.

http://www.realestatenetfind.com/codebank/ownersignup.phps

I would like to add the encryotion function on this page

http://www.realestatenetfind.com/codebank/ownersignup_insert.phps

The Journey of a Thousand Miles Begins with the First Step...

 

[jpadie]

it's become pretty standard to use md5 hashes of a password and username as generally there is no need to decrypt. this is, of course, more encoding than encryption, but the net result is ok for most applications.

 

[redzonne]

Can you give a link to a tutorial maybe?

The Journey of a Thousand Miles Begins with the First Step...

 

[jpadie]

to use md5 in php just use:

$encoded_var = md5($var);

if you're after a more general tutorial on login systems:
i wrote a login handler for a thread a while ago. i also dug out a "remember me" tutorial. both are referenced in a reply by me to a recent post:
thread434-1008119

for a good discussion on php and database security you might check out the php.net site:

http://fr2.php.net/manual/en/security.database.php

hope this helps.
Justin

 

[redzonne]

JPADIE, I figured it out. The problem was in my table setting in the Mysql database. The passwords column was set VARCHAR (30) and md5 encryptions assigns encryption string 30 +.

The password encryption was saving a depricated version that ofcourse would never match the full version presented by the login script, so I just increased the VARCHAR to 50 and now the login page validation works.

Thanks lots....

The Journey of a Thousand Miles Begins with the First Step...