I need a function that will create and store usernames and passwords for different students. Their programme should ask the user for their name and age and a username should be created, consisted of their name and age eg. Jack16. They then can make up their own password which then will be stored in an external file using pickle maybe. The programme should then be able to check if the username and password is valid from the external list in a log in section. If they are valid they should be allowed in. I'm sort of stuck on this and would appreciate any help.

11 Months
Discussion Span
Last Post by benanamen

When this question comes up, I reply with "never store passwords in a database." You can store the names but never the passwords.

So you may wonder how to verify that password? We store the one way encrypted password and then encrypt the offered password and then compare.

This way if your database is leaked they don't get the passwords that as you know folk tend to use the same all over.

More at https://www.google.com/search?q=never+store+passwords

Votes + Comments
This is the approach I used when developing FACTORYworks back in the 1990's. Doubly encrypted passwords are pretty hard to crack.

Just to be more precise, it is not a "one way encrypted password" but a "one-way hashing algorithm using "password_hash.

Per the manual:

password_hash() creates a new password hash using a strong one-way hashing algorithm.

You would then use password_verify to "Verify that the given hash matches the given password."

More info on Password Hashing from the Manual.

OP, as stated, you need to make an attempt at coding this. If you are going to just grab some code off the net that uses a database, stay away from anything that has mysql_* in the code.

For a Database, you optimally will want to use PDO. Here is a tutorial to get you going.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.