Skip navigation
Currently Being Moderated

How to password encrypt so I never see users passwords

Apr 8, 2012 12:35 AM

Hi I have been testing my site (very rough no design yet). I want a site for a lottery syndicate at my work where by members can log in and submit numbers etc.

All works well except for the password field.

When i register a user (test case no real users yet) and I go to phpmyadmin I can see exactly what ive filled in for a password. I can then hash it with MD5 or SHA1, this then gives me a 32 or 40 character password, however when I go to log on with the original password it denies me and will only use the "encrypted key". So I am guessing there is code I need to insert in DW CS5 to allow the user to use their original password.

To me though that would only be a part solution as I would like to hash the users password as soon as they register as I really do not want to see their passwords. I did try blob but that just allowed me to download the passwords as a .bin file.

 

Please though I am very much wysiwyg, am able to check and edit snippets of code.

Any help much appreciated. Below in case you need the code.

 

http://www.stuartskelton.co.uk/register.php

http://www.stuartskelton.co.uk/login.php

 

like I said there is no design, i want to get the DB basics working first.

Thankyou for looking.

 
Replies
  • Currently Being Moderated
    Apr 8, 2012 6:05 AM   in reply to stuartskeltonuk

    . . .I am very much wysiwyg

    The David Powers book PHP Solutions 2nd Ed. offers a method of doing this in the last chapter. However, you will need more than just a wysiwyg familiarity with PHP to make it work. But if you work through the whole book you should be able to handle it. It does store passwords as BLOB.

     
    |
    Mark as:
  • Currently Being Moderated
    Apr 13, 2012 1:40 AM   in reply to stuartskeltonuk

    What you need to do is basically:

    1. Get password via form in plain text (e.g. user registration)
    2. Encrypt it (I recommend PHP Mcrypt)
    3. Put it into database (No MySQL encryption required!)

     

    And when you need to check the password (e.g. user login)

    1. Get user password via form in plain text
    2. Get encrypted password from database, decrypt it the same way you encrypted (e.g. Mcrypt) and compare with the user input password.
     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points