I have developed a PHP based site that requires users to login. Their login information is kept in a MYSQL database. Currently, I am using an IF statement to verify what the user enters as their password with what is in the the database. If they are the same a session is created and they have access to the content of the site.
As far as I know the password is being sent to the script in clear text and I was wondering what a good way would be to get this to be encrypted. My first thought is to encrypt the password in the database using crypt(). So if I view the table I will see the encrypted characters. Then change the IF statement to encrypt the password that the user enters and then just check if its the same as what is in the database. That sounds like the same as I am doing now only instead of checking a password that is a name, its checking the encrypted characters of the name. So it seems my idea would hide the real characters. Can anyone tell me if this is a bad idea. And maybe point me toward a good one. Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
