Learn how to one way encrypt your passwords in PHP.

ledung · Post by **ledung** » Tue Feb 15, 2005 12:04 pm

Problem: You have or want to have a member database and want to some how encrypt their passwords and save them so that no one will know their password, not even yourself. However, you want to give them the ability to log on with their password. How do you go about it so even if someone where to steal or hack your database of passwords, they wouldn't know the member passwords?
Answer: No sweat, use the md5() function that comes with PHP, silly.

This tutorial will show you how to use the md5() function to encrypt a password, some problems with the one-way encryption technology, and how to go about checking the password. First, here is an example of how to encrypt a password:

<?
$password = md5("spoonorocks");
?>

That was fairly easy =). Now you can use our Add a New Row to mySQL to figure out how to add the password into a database. Now, lets say you have the inserted the password into the database, and the person is trying to log on to your page. Here is the HTML for a sample name and password form. This would be on a new file:

<form action="checkpw.php">
<input type="text" name="member" size=30>

<input type="password" name="password" size=30>

<input type="Submit" name="submit" value="Log On">
</form>

That's a fairly simple form that just asks for the name and password from a person. We are going to work on checkpw.php next. Alright, here is the problem: you cannot decrypt a password. Since it uses one-way encryption, no one can figure out the password. So what you must do is encrypt the password they typed on the form, and compare it to the already encrypted password on the database. I am assuming you know how to grab the password from the database. This file gets saved as checkpw.php.

<?
if (md5($password) == $dbpassword)
//where $dbpassword is the password from the database and $password it the form password
{
echo "Password verified!";
}
else
{
echo "Please try again.";
}
?>

TheCrymsonLegends · Post by **TheCrymsonLegends** » Wed Feb 16, 2005 7:33 am

That helps alot.. but if I don't know how to set up a log-in section could you help me with that? And if they apply for my site does their password get incrypted itself or do I have to go about encrypting everyone's password?