Rather than encrypting and decrypting you probably just want to store the encrypted version. When someone logs on encrypt their password using the same function and compare the encryptewd string to the on you have in your DB.

Cheers

it's always a good thing to take a look in the manual first:

PASSWORD() encryption is non-reversible. PASSWORD() does not perform password encryption in the same way that Unix passwords are encrypted. See ENCRYPT(). Note: The PASSWORD() function is used by the authentication system in MySQL Server, you should NOT use it in your own applications. For that purpose, use MD5() or SHA1() instead. Also see RFC-2195 for more information about handling passwords and authentication securely in your application.

nevertheless i found an example [weberdev.weberdev.com] of someone who is using this function for password verification.

- hakre.

To be frank - you do not want to decrypt a password. Even if you had a working solution, it would greatly harm your security.

Instead, follow Robber's suggestion.

The crypt function would work really well. The following solution uses the first two letters of the password as salt. Finally, it only returns the last 11 characters (since the first two are the salt as plain text:

$cryptpwd = substr(crypt($pwd,substr($pwd,0,2)),2);

Now, store this value in your database. When someone logs in, simply encrypt the password the same way and compare it to the database value.