0

Hi, I need to have passwords encrypted whenever a user signs up. How can I attain that? Any ideas?

Thanx in advance.

10
Contributors
14
Replies
60
Views
5 Years
Discussion Span
Last Post by Dini_1
Featured Replies
0

As for encryption i would personally use md5 and a salt.

<?php
$user = "webville123";
$pass = "rockzorz";
$salt = "skkgf4dfg!";

$enc_pass = md5(md5($user . $pass) . $salt);
?>
0

It's a one way encipher, i think you cannot decipher it anymore. so if the user forgot his/her password, he/she must provide a new one :)

$encrypt_pass= md5($password);

hope this will help, Cheers! :)

0

Thank you for all the posts. Problem is that I have been able to encrypt, but I can not select it from a mysql database when a user logs in.

For reference, here is my code:

if (isset($_POST["username"]) && isset($_POST["password"]))
{
// check if the username and password combination is correct
//and exists in the database
$username = $_POST["username"];
$password = md5($_POST["password"]);
$userType = $_POST;

//session_register("userId");

$eaconn = @mysql_connect("localhost","root","")
or die("Could not connect to the database!");
$eadb = @mysql_select_db("sunrise", $eaconn) or die ("Invalid Login!");

//create query to check n c if staff exists
$finduser = "SELECT * FROM users
WHERE userName = '$username'
AND password = '$password' AND userType = '$userType'";
$result = @mysql_query($finduser, $eaconn)
or die ("Invalid Login!" .mysql_error());
if (@mysql_num_rows($result) == 1) {
// the username and password match,
//open apporiate pages
$row = mysql_fetch_array($result);

$_SESSION=$row;
$_SESSION=$row;
$_SESSION=$row;

if ($_SESSION == "Administrator"){
// set the session

//$_SESSION = true;
// after login we move to the main page
header('Location: admin_home.php');
exit;
}
elseif($_SESSION == "Staff"){
// set the session
//$_SESSION = true;
// after login we move to the main page
header('Location: staff_home.php');
exit;
}
elseif($_SESSION == "Parent"){
// set the session
//$_SESSION = true;
// after login we move to the main page
header('Location: parent_home.php');
exit;
}
elseif($_SESSION == "Student"){
// set the session
//$_SESSION = true;
// after login we move to the main page
header('Location: student_home.php');
exit;
}
}
else
{
$errorMessage = "<center><font color='red'> Please Enter a correct Username or Password!!</center><font face='Verdana' size='2' color=red>$msg</font><br><center></center>";
}

0

Hi Webville312, Just use base64_encode(), base64_decode() for best result,

Thanx for your reply, but wen I included themm functions in my code, I could still not login. The encryption does work fine, but the decryption seems not to be working. Here is how I used the functions; tell me if I have used them wrongly.


$username = $_POST["username"];
$password = base64_encode($_POST["password"]);
$userType = $_POST;

// session_register("userId");

$eaconn = @mysql_connect("localhost","root","")
or die("Could not connect to the database!");
$eadb = @mysql_select_db("sunrise", $eaconn) or die ("Invalid Login!");

//create query to check n c if staff exists
$finduser = "SELECT * FROM users
WHERE userName = '$username'
AND password = 'base64_decode($password)' AND userType = '$userType'";
$result = @mysql_query($finduser, $eaconn)
or die ("Invalid Login!" .mysql_error());
if (@mysql_num_rows($result) == 1) {
// the username and password match,
//open apporiate pages
$row = mysql_fetch_array($result);

0

Can you please wrap your code in [ code ] tags for our convenience? ;)

As for your question: If you store a password encrypted in your database, you will also have to retrieve it encrypted.

So for example if you do this:

mysql_query('INSERT INTO table (username, password) VALUES ("' . $_POST['username'] . '", '" . md5($_POST['password']) . '")

Then you would have to retrieve it like this

mysql_query('SELECT username, password FROM table WHERE username = "' . $_POST['username'] . '" AND password = "' . md5($_POST['password']) . '"

So both in your insert and select query, you should use the encrypted password. To explain this: if you insert an md5'd password, your database will contain a password like 26lj2asdf8y80sdf8y (which is an md5 encrypted password). Then, when you retrieve that password, you cannot simply retrieve the password as the user submitted it. User password "mypw" will be jasdo8gyas80ga9sg79asg6 in md5 encryption, so beware that you dont match "mypw" against the md5 version in your db. You should first encrypt the password that the user submitted when he logs in and THEN match it against the encrypted password in your database.

Edited by minitauros: n/a

0

Thanx minitauros .

Am sorry, about not wrapping my codes, bt anyways, thanx, coz it has finally worked.

1

Hi Webville312, Try ,
$key = "HaiHello";
$enc = base64_encode ($key);
$dec = base64_decode ($enc);
echo 'Encrypted : '.$enc.'<br>';
echo 'Decrypted : '.$dec.'<br>';

0

Wow, that worked too!! Thanx Mohamedasif. Now at least I can attempt the rest of my project.

Your posts have been so helpful. Thanx a bunch.

0

You might want to create a new post with more details. This thread was solved 2 years ago, and your question does not have enough information.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.