Kosala Atapattu wrote:
> Hi Ben,
>
>> I have created a user login/registration page. As of now I
>> am using a MySQL database to store the info of the user. To
>> validate the user I also have the password stored in the same
>> DB. I was wondering if there is a way that I can store the
>> password in the DB so that it is encrypted or something.
>> Just so it is not in plain text.
>
> You can use,
>
> SQL> Insert into users_table(user_name, pass_word) values ('your_name',
> PASSWORD('your_pass'));
>
> And crypted password will be saved in the DB
>
> To verify password you can use something like...
>
> SQL> select * from users_table where user_name = 'your_name' and
> pass_word = PASSWORD('your_pass');
>
> If the select query is not empty then user credentials are matching.
>
> As others have suggested PHP crypt functions are useful when you want to
> encrypt data within the DB like credit card details, Company Executives
> Salary and stuff like that. For password encryption the best is MySQL
> inbuilt encryption. MD5 is another I use with PHP, which is not really
> necessary.
>
> Kosala
>
> www.linux.lk/~kosala/
One thing to remember, is that the password function is MySQL's way of
storing passwords for MySQL use, and that may change from one release of
MySQL to another. This happened very recently. If you want to store
application passwords, it is better to use a hash, and be independent of
MySQL changes. I use sha1 as I believe it *may* be stronger than MD5(I
am not a cryptographer), so I store my password as:
$passwordToBeStored = sha1($password);
and check the password as:
If(sha1($password) == $storedPassword) {
...
}
HTH... Dusty
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
