>
> The basic model for password authentication is to use one way crypt
> routines. MySql has several, PHP also has them. The basic algorithm
> would be like this:
>
> 1) read the password from the form.
> 2) read the password from you datastore that matches the user name or
> session
> 3) encrypt the password on the form.
> 4) do a string comparison between the database data and the encrypted
> password from the form.
>
> This is of course assumes that you have been encrypting your password
> when you store them (always good practice) so I think this translates to
> php as (forgive me if this is bogus, it's been a while since I've done
> any php)
>
> <?
> $salt = 'someglobalsaltstring'; # the salt should be the same salt used
> when storing passwords to your database otherwise it won't work
> $passwd = crypt($_GET['passwd'], $salt);
> if ($passwd == $userObject->getPassword) { return 1} else {return 0}
> ?>
>
> So I've not tested this obviously but you would have to have a
> $userObject which is your interface between your software and your user
> data.
>
> Hope it helps,
> Carl.
>I am encrypting the stored password with SHA1. I am new to programming and PHP so I am unsure what to do with this line $userObject->getPassword -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
