PDA

View Full Version : encrypting passwords


owner
09-10-2007, 02:19 AM
how can you encrypt a users password so in the database it doesnt show the users exact password.

davidj
09-10-2007, 06:03 AM
ok

you can do this in a number of ways.

i use md5() which is a standard algorithm and used widely. It will return a 32 char hash of anything you process with it from a 5 char password to a whole 30 page text file.

try it...


$string = "dreamweaverclub"; //<<< try anything you want in here and at any length

echo md5($string);


ok

when setting up users you need to wrap your $password var in this function

$password = md5($password);

you need to do this before you insert into the db and make sure you have your password field length set to 32 varchars.

you need to also compare md5 when logging in...


$password = md5($_POST['password']);

if ($password == $row['password']){
//let me in
}


you cant decrypt an md5 string but you dont need to.

owner
09-10-2007, 12:27 PM
Thank you, I will give this a shot.

Also, I could barely find this topic :P

davidj
09-10-2007, 12:29 PM
sorry

had to split the thread down as it could become confusing

try creating separate posts for different questions

owner
09-10-2007, 12:34 PM
sorry, I didnt want to be clogging up the forums with a bunch of random questions.

I have a question though. Right now I have an account with a normal password. How can I change that from the normal password to the new md5 encrypted password in the database?

davidj
09-10-2007, 12:57 PM
you will have to manually change these

md5 the password and cut & paste the string into your db then build the md5 functionality into your admin account creation page

davidj
09-10-2007, 01:04 PM
sorry, I didnt want to be clogging up the forums with a bunch of random questions.


err thats all this forum contains

dont worry you dont get charged for the questions you ask so ask away

its refreshing dealing with coders

owner
09-10-2007, 11:03 PM
Cool! I got this working! Thank you very much! This should be a little more secure now :)