PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
//IF COOKIES PRESENT CHECK THE DB TO SEE IF THE USERNAME AND PASS ARE LEGIT
if(isset($_COOKIE['username']) && isset($_COOKIE['password']))
{$auth = mysql_fetch_object(mysql_query("SELECT uid, username, password, status FROM $UserDB.unz_users WHERE username = '" . $_COOKIE['username'] . "' AND password = '" . $_COOKIE['password'] . "'"));
//SET USER VARIABLES
$user_properties['username'] = $auth->username;
$user_properties['uid'] = $auth->uid;
$user_properties['status_id'] = $auth->status;}
$user_properties['last_visit'] = $_COOKIE['last_visit'];
//SET LAST VISIT
setcookie ("last_visit", "$time", time()+60*60*24*30,'/','.wuggawoo.co.uk', 0);
It continues todo a few more things...
I wondered what the best way of encryption would be and how would I slot it into that. Can I encrypt the username and password after the database check and then decrypt just before the query?
There are numerous ways. I easiest and faster way I can think of is to use MD5().
This is also supported by MySQL, meaning that you can use a varchar(32) field to store passwords in the database, but before inserting them you add the md5 function;
if the encrypted value is valid as password you gain nothing from encryption. Storing the encrypted password in the database prevents stealing data from the database but does not improve security neither at the transport layer nor at the client storage.
I however have 40 registered members, it would be a pain to do it all manually or write a script...can I not just encrpty and decrypt around the cookie?