A common approach is to make a MessageDigest of the password (eg using MD5) and store that in the database. When the user next enters his password you again take a MessageDigest and check that it matches the one in the database. That way there's no (sensible) way to "decrypt" the password, even if a bad guy gets hold of the database.
Yup, you should never store plaintext passwords, and should never decrypt them.
Of course if your encryption mechanism doesn't guarantee an identical result for identical input (not sure if such exist, but it's I think possible) you're basically screwed, and will have to choose a different algorithm.
Many professional systems go further, delegating the entire authentication and authorisation to external services, just transmitting the credentials to that service and handling the response.