On 31 Dec 2005, at 04:15, "Chris Payne" <chris@xxxxxxxxxxxx> wrote:
I am about to launch the website for my complex where the
homeowners can
login and check their billing status etc .. what is the best way,
with PHP
and MySQL, to store an ENCRYPTED password into the database so that if
someone got into the DB they couldn't read the password but if they
enter it
into the form on the site it still works?
The trick is not to store a plain password in the db, but an
encrypted one. When
you store the password in the user record use something like
mysql> insert into users (username, password) values ('dd',
old_password('1234'));
That gets you...
mysql> select * from users
+----------+----------------------+
| username | password |
+----------+----------------------+
| dd | 446a12100c856ce9 |
+----------+----------------------+
1 row in set (0.24 sec)
Then to check if a user is valid, you just have to do a search to
check validity:
mysql> select * from users where username = 'dd' and password =
old_password('1234');
This does require you to have a password replacement page - which
means emailing them a new one (as you can't recover the old one from
the db).
Hope that's some help,
R
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
