Please can anyone tell me the best way to write a php login script that will encrypt the user password when an account is created and decrypt it when the user try to login. It is a localhost system so not really concern about hackers. Thanks

7 Years
Discussion Span
Last Post by Arianna

Why do you want to decrypt the password at login ?

You just encrypt the password put in at login time with the same algorithm that you used at the time of registration.

Sample code for register:

// code to verify that password and confirm password fields match
// and error handling

$username = $_POST['username'];
$password = md5($_POST['password']);

// code to insert into db

Code for login page would be similar removing the confirm password piece of code and changing the code for inserting to select.


If localhost - why bother with encryption? Just in case somebody looks at the db? In general, you'd want to 'salt' the password and possibly double hash it, e.g.

md5(md5("mysaltysalt" . $pw . "mylastsalt"))

Check the php manual for other encryption methods. MD5 is one-way, that is you can't "unencrypt" it with a function.



you only encrypt the password using md5....and store the md5 string in the database....the search sql would be like

$username = $_POST;
$password = md5($_POST);

$query = "SELECT * FROM users WHERE username = $username AND password = $password";

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.