On 31 Dec 2005, at 04:15, "Chris Payne" <[EMAIL PROTECTED]> wrote:

I am about to launch the website for my complex where the homeowners can login and check their billing status etc .. what is the best way, with PHP
and MySQL, to store an ENCRYPTED password into the database so that if
someone got into the DB they couldn't read the password but if they enter it
into the form on the site it still works?

The trick is not to store a plain password in the db, but an encrypted one. When
you store the password in the user record use something like

mysql> insert into users (username, password) values ('dd', old_password('1234'));

That gets you...

  mysql> select * from users
  | username | password             |
  |       dd | 446a12100c856ce9     |
  1 row in set (0.24 sec)

Then to check if a user is valid, you just have to do a search to check validity:

mysql> select * from users where username = 'dd' and password = old_password('1234');

This does require you to have a password replacement page - which means emailing them a new one (as you can't recover the old one from the db).

Hope that's some help,


PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to