Forum Moderators: coopster
how can you encrypt data using php before sending it to a MySQL database (e.g password) and then dycrypt it when retriving it.
Any Suggestions ( I assume there is a simple function eg: encrypt($password) )
Thanks people
How weird. I was just about to look into this myself. Will post when I find more but mycrypt is looking good.
[uk.php.net...]
strtr()
Easier to crack version. But that depends on how secure you wish the stuff to be.
If you dont need to decrypt it then MD5 it
[uk2.php.net...]
reversible encryption routine for PHP [tonymarston.net]
for details how to use it try here:
[php.planetmirror.com...]
Does that make any sense?
$username = <user input>;
$password = <user input>;
$pwcrypt = crypt ($password);
doQuery ("INSERT INTO users VALUES ('$username', '$pwcrypt')");
---
$username = <user input>;
$password = <user input>;
doQuery ("SELECT pwcrypt FROM users WHERE username='$username');
if (crypt ($password, $pwcrypt) == $pwcrypt) {
# password matches;
} else {
# does not match;
}
I'm testing a site where the user's password is encrypted using a javascript version of md5, so the data is encrypted before it even gets onto the internet, but the downside is that you have to force the user to have javascript turned on in their browser, which apaprently 10% of the browsing population do not. Still, if security is important to your db, it may be worth it.
1. over https
2. store passwords as MD5 hash
3. take input, MD5 it, compare with stored hash (as mentioned above)
passwords should never be unencryptable, no reason to. If the user forgets their password they can get a new generated one sent to the email attributed to their account and then on login they should be prompted to change it from the generated one to something they can remember.
