Password encryption

markyp · #1 10-Mar-2007, 12:17

hi i want to have members logging into my system using passwords! I am not sure how to do this, in the db i have put under member username and password but am not sure how this can be tied into the code?

admin · #2 14-Mar-2007, 06:36

Your message title and your actual question are 2 different things - certainly related - but not the same thing.

I'll answer one - re:the password encryption.

The simplest way to encrypt passwords in the database is to use MySQL's password() function.

So the query could look something like this:

PHP Code:


<?php

if( $_POST )
{
    if( isset($_POST['inputNew']) )
    {
        // adding a new user to the database.
        $with_errors = false;
            // screen the email address
            $email_address = mysql_escape_string( $_POST['inputEmail'] );
            // prepare the password
            if( $_POST['inputPW1']==$_POST['inputPW2'] )
            {
                $password = mysql_escape_string( $_POST['inputPW1'] );
            }
            else
            {
                $with_errors = 4; // passwords do not match!
            }

            // insert this user to the db if $with_errors is still FALSE.
            if( !$with_errors )
            {
                $sql =    "INSERT INTO `db_name`.`tbl_name` ( `email`, `password` )
                    VALUES ( '$email_address', PASSWORD('$password') )";
                // proceed with mysql_query()...
            }
            
    }
}

?>

Other MySQL functions similar to the PASSWORD() function include:
ENCRYPT()
MD5()
SHA()

and even more can be found, if you search their documentation for built-in functions that deal with encryption.

realmetrics.com · #3 15-Apr-2007, 22:12

One way of hashing data using PHP is called md5() function. md5() converts a string of text into a 32-character hash, using a secret algorithm, thus protecting the original source information. md5() hashed strings cannot be dehashed either, which presents us with the novel problem of working out if two md5-hashed strings are equal. The answer is actually quite simple.

Here i provided the both encryption and decryption using with strong algorithm.

Code:


<?php
 //encodes the string. Returns an array with the
 //string as the first element and the initialization
 //vector as the second element
 function easy_crypt($string, $key){
   $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_CBC);
   $iv = mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM);
   $string = mcrypt_encrypt(MCRYPT_BLOWFISH, $key,
                            $string, MCRYPT_MODE_CBC, $iv);

   return array(base64_encode($string), base64_encode($iv));
 }

 //decodes a string
 //the first argument is an array as returned by easy_encrypt()
 function easy_decrypt($cyph_arr, $key){
   $out = mcrypt_decrypt(MCRYPT_BLOWFISH, $key, base64_decode($cyph_arr[0]),
                         MCRYPT_MODE_CBC, base64_decode($cyph_arr[1]));

   return trim($out);
 }

 //----------------example usage-----------------------------------------

 $str = 'Super-top-secret string';
 $code = 'p@$$word';

 $cyph = easy_crypt($str, $code);
 $dec_string = easy_decrypt($cyph, $code);

 echo "The original string is: $strn";
 echo "The encoded string is: {$cyph[0]}n";
 echo "The initialization vector is: {$cyph[1]}n";
 echo "The decoded string is $dec_stringn";

?>

Have a good day!!

______________________________________________

http://www.realmetrics.com - Metrics you can count on

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Rate This Thread
Rate This Thread:

Password encryption

Re: password encryption

Re: Password encryption