|
Posted by J.O. Aho on 01/31/06 01:56
gene.ellis@gmail.com wrote:
> I am using PHP to allow users to create profiles on our website and
> store them in a MS SQL database and I am wondering, how can I encrypt
> the passwords? Also, how would I be able to match the right password
> when it is time to retrieve the password from the database? Thank you
> very much for your help!
For a really simple encryption you can use str_rot13(), you just modify the
password before you save it to the database and decrypt it after you fetched
it from the database.
$encrypted=str_rot13($password);
$password=str_rot13($encrypted);
If you want more secure encrypting, then use mcrypt_ecb(), works pretty the
same way and allows you to choose different encryption methods.
You have the crypt() function, the name is not that good really, this code
makes a one way "encryption" and this prevents you to resend the current
password to the user, here you solve the problem by generating a random string
which you send to the user and hash it before you store it in the database.
//Aho
[Back to original message]
|