MySQL has a PASSWORD() function which encrypts passwords for you!!! Retrieving the user records using the username and encrypted password as selection criteria will either bring back the appropriate record (ie the log in worked) or no record (ie password/username supplied were incorrect)
HTH Richy -----Original Message----- From: Justin French [SMTP:[EMAIL PROTECTED]] Sent: 06 December 2001 12:33 To: php Subject: [PHP] encryption Hi, Can someone give me a brief over view of how to encrypt a password and store it in a MySQL DB, then be able to validate thier plain text password on login against the encrypted one on the DB? I'm guessing I: 1. encrypt the desired password with some sort of key (eg "blahblah") which is hidden in a protected directory 2. write the encrypted password to the database Next time the user logs in: 1. take thier plain-text password they submit to login 2. encrypt it with the same key 3. compare it to the one on the database Or, is there something i'm missing, some sort of gaping big arse security hole, or some set of functions which take care of a heap of this stuff for me? If someone could point me to the right encryption tools / links / tutorials, i'd be gratefull. TIA Justin French -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]