Page 1 of 1

encryted password in database

Posted: Sat Jun 30, 2007 1:40 am
by Dilbert137
Dear All,

I'm developing admin side of my website. Can someone guide me how to make use of encrypted password saving it in the database.

Best Regards
Dilbert137

Posted: Sat Jun 30, 2007 3:24 am
by miro_igov
When you create new user do

Code: Select all

INSERT INTO users SET username='$username', password = md5($passord)
This will encode the password, and when you test the login input do

Code: Select all

SELECT COUNT(*) FROM users WHERE username='$username' AND password = md5($password)
Note that if you provide Forgot Password feature you cannot send the password to the user email because this md5 encoding is irreversible, so you need to build script for resetting the password.

Posted: Sat Jun 30, 2007 5:51 am
by Dilbert137
Hi miro_igov,

Thanks a lot for your counsel. It's working now. I have used AES_ENCRYPT instead but could have used MD5 but lack of time to write a decrypt coding I used AES. For anyone who wants to use it, here is the code to be applied.

AES_ENCRYPT(string, key);
AES_DECRYPT(crypted text,key);

Best Regards
Dilbert137

Posted: Sat Jun 30, 2007 7:47 am
by miro_igov
Is this secure enough? for those who know the key and encryption algorithm will be easy to get the password. I think you keep the key in your script so its easy to be obtained.

Posted: Sat Jun 30, 2007 7:54 am
by Dilbert137
Please recommend me then?

Best Regards
Dilbert137

Posted: Sat Jun 30, 2007 7:57 am
by miro_igov
I recommended above. The md5 approach is OK. The only trouble is with forgotten passwords but that makes them more secure.

Posted: Sat Jun 30, 2007 8:01 am
by feyd
There are other unidirectional encryption (hashing) algorithms available. MD5 has been weakened significantly in recent years, SHA1 is stronger, but again has been weakened in recent years. If you're running PHP 5.1+ you may have access to the hash() extension, which supports many. If not, there's also my SHA256 library. see signature for link

Posted: Sat Jun 30, 2007 8:03 am
by Dilbert137
Thanks for all.

Dilbert137