I fully understand what you are saying. The problem is that I'm storing
their password so that they don't have to re-enter it on each new page
visited. If I can't decrypt it, then I can't pass that password for the
user. How do I keep passing the password then w/o having to write it to the
session. Is that the right way to do it??
Thanks again!
Troy Moreland
Ethan Schroeder [EMAIL PROTECTED] wrote in message
012f01c0deeb$684950d0$e46c28ce@biff">news:012f01c0deeb$684950d0$e46c28ce@biff...
What I do is md5() encrypt the password and store it in the text file or
database. Md5 is a one way algorithm, though, so you can never decrpyt
the
password. What you do, is when you want to authenticate a user, you md5
encrypt the text they typed in and compare that to the md5 hash in your
file
or database or wherever. If they match, you let them in.
Ethan Schroeder
- Original Message -
From: Troy Moreland [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, May 17, 2001 10:41 AM
Subject: [PHP] Encrypt Password for Session
All,
I am currently using sessions to store a user's ID, password and current
login status. All works fine. The only issue is that the session file
on
the server is storing the password in plain text. How do I encrypt that
password and how to I decrypt it for comparing?
Thanks in advance!!
Troy Moreland
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]