top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

In PHP, how to save a password in encrypted form ?

+10 votes
514 views

I want to save a password in encrypted form, so that it will not be understand by human. Is it possible ? If yes then please explain briefly.

posted Feb 10, 2014 by Hiteshwar Thakur

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+3 votes

Passwords should never be stored on your system in plain text or in a decryptable form. MD5 is a one way encryption and is an acceptable method of storing passwords. There is absolutely no need for your users passwords to be accessible by you or anyone who works for your organization. A password can always be reset by the user or by you or your employees. You must encrypt the password when it is received and then store the encrypted password in your database. This makes sure that the password is useless in the form in which it is accessed straight from the database.

Your form that takes the password should post to script which does something similar to the following. Ensuring the username is unique and that the password is protected.

$sql = "select * from usertable where username='" . $_POST['username'] . "'"; 
$result = mysql_query($sql); 
if (mysql_num_rows($result) >= 1) { 
 $error = "please enter another username"; 
 include "userform.php"; 
 exit(); 
} else { 
 $username = $_POST['username']; 
 $userpass = md5($_POST['userpass']); 
 $sql = "insert into usertable values('$username','$userpass')"; 
 mysql_query($sql); 
 include "postregister.html"; 
}

You now have a stored password which is useless to you and only usable to the user through your login form.

You can also use SHA1 to hash your passwords for storage in the database. It's the simplest, yet most effective way to store passwords:

$password = sha1($password);

It's also exceptionally safe. Though the integrity of it is beginning to creep, it's rather easy to upgrade this function to SHA-256 (which is incredibly secure).

answer Feb 10, 2014 by Amit Kumar Pandey
Similar Questions
+2 votes

Can someone give me an understanding of how the .ini settings are located and combined? I am under the impression that there is a full settings .ini file somewhere up high in my host's server tree and that
any settings I create in .ini files in each of my domain folders are appended/updated against the 'main' ini settings to give me a 'current' group of php.ini settings.

What I'm looking to find out is does an ini setting established in a test subdomain of my site affect those ini settings outside of my test subdomain?

0 votes

I have downloaded HipHop for my website, I am going through various web links which are suggesting that performance will improve 3-6 times. However I don't know the Stability of the HipHop.

Please provide your inputs so that I can decide to use HipHop.

0 votes

My webcode written in PHP and it is running in the interpreted way. My problem is it is not giving the desired performance so want to try the compiler if any.
Please suggest if we have any compiler option available for the PHP code and more important is this new option.

+1 vote

I've two machines set up with Apache2.4 and PHP5.4.15 and I'm trying to debug owncloud as it has problems with Apache2.4. This autoloader and routing 'fun' seems totally over the top, and is failing without giving any errors, but the question is "what limits the amount of text displayed using print_r() ?" Where I drop in a print statement causes crashes, but when working I'm not getting a complete printout. One machine is clipping at around 4500 characters, while the other is managing around 9000, and neither is displaying the 'TAG' labels after that block.

It's not something I've seen before ... I've been using this method for many years and normally see all the text. So can anybody throw light on why this may be happening now? Interestingly the two machines are giving different problems with this application which works correctly on Apache 2.2

...