Re: [PHP] Encrypt Password for Session

Thu, 17 May 2001 09:44:01 -0700 

I fully understand what you are saying.  The problem is that I'm storing
their password so that they don't have to re-enter it on each new page
visited.  If I can't decrypt it, then I can't pass that password for the
user.  How do I keep passing the password then w/o having to write it to the
session.  Is that the right way to do it??

Thanks again!

Troy Moreland

""Ethan Schroeder"" <[EMAIL PROTECTED]> wrote in message
012f01c0deeb$684950d0$e46c28ce@biff">news:012f01c0deeb$684950d0$e46c28ce@biff...
> What I do is md5() encrypt the password and store it in the text file or
> database.  Md5 is a one way algorithm, though, so you can never decrpyt
the
> password.  What you do, is when you want to authenticate a user, you md5
> encrypt the text they typed in and compare that to the md5 hash in your
file
> or database or wherever.  If they match, you let them in.
>
> Ethan Schroeder
>
> ----- Original Message -----
> From: "Troy Moreland" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, May 17, 2001 10:41 AM
> Subject: [PHP] Encrypt Password for Session
>
>
> > All,
> >
> > I am currently using sessions to store a user's ID, password and current
> > login status.  All works fine.  The only issue is that the session file
on
> > the server is storing the password in plain text.  How do I encrypt that
> > password and how to I decrypt it for comparing?
> >
> > Thanks in advance!!
> >
> > Troy Moreland
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to