Hi there, Thank you for your help I really appreciate it :-) I have one last question and you may (Or may not) be able to answer :-) Do you know how to sort the FTP nlist command? I have it listing the FTP directory once a video is uploaded and using nlist I can view the ENTIRE listing, but I just need to be able to grab the latest filename from the directory so that it can be added to a database. Any help on that would be fantastic, I've read the PHP manual which is how I managed to grab the entire directory listing on the server, but I just need the last modified date to display (The last file uploaded). Chris You can store an MD5, or SHA hash of the password, and then compare.. This is not an encrypted version of the password, rather a calculated hash of it. You can't (well, not without a bit of effort) decrypt this back into the password. The idea is when you store the password, you create the hash. Store the hash in the database. When the user logs in, take their password entry, generate a hash in the same way, and compare the two values. SHA2 is the most secure method to use of these two, I'd use that. The advantage is, the hash could be freely accessable to anyone, and it doesn't cause a security issue, where as all a hacker needs is the key to an encrypted database of passwords to reveal them all. That's the route I take anyhow.. This will likely start a huge conversation about how to secure your system up super tight, but remember the most secure server is one that isn't turned on. :) A realistic solution is somewhere in-between this and no security at all. -Micah On Friday 30 December 2005 8:15 pm, Chris Payne wrote: > Hi there everyone, > > > > I am about to launch the website for my complex where the homeowners can > login and check their billing status etc .. what is the best way, with PHP > and MySQL, to store an ENCRYPTED password into the database so that if > someone got into the DB they couldn't read the password but if they enter > it into the form on the site it still works? > > > > I'm not sure on the best way to do this and any help would be really > appreciated. > > > > Happy New Year everyone. > > > > Chris -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.9/216 - Release Date: 12/29/2005 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
