> The basic model for password authentication is to use one way crypt
> routines. MySql has several, PHP also has them. The basic algorithm
> would be like this:
> 1) read the password from the form.
> 2) read the password from you datastore that matches the user name or
> session
> 3) encrypt the password on the form.
> 4) do a string comparison between the database data and the encrypted
> password from the form.
> This is of course assumes that you have been encrypting your password
> when you store them (always good practice) so I think this translates to
> php as (forgive me if this is bogus, it's been a while since I've done
> any php)
> <?
> $salt = 'someglobalsaltstring'; # the salt should be the same salt used
> when storing passwords to your database otherwise it won't work
> $passwd = crypt($_GET['passwd'], $salt);
> if ($passwd == $userObject->getPassword) { return 1} else {return 0}
> ?>
> So I've not tested this obviously but you would have to have a
> $userObject which is your interface between your software and your user
> data.
> Hope it helps,
> Carl.

I am encrypting the stored password with SHA1.

I am new to programming and PHP so I am unsure what to do with this line

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to