Volestar

Send encrypted passwords to your database instead of a visible password. When logging in, check if username's password input encrypts into the same thing as it is in the database. There are 3 common methods: SHA-256, SHA-512, and SHA-1. Personally, I would recommend SHA-256. If you want to filter passwords to make sure they're not dumb, (I am not trying to advertise, just helping out) I made an encrypter at my SHA256 testing site. The SHA-256 method is the most common encryption method. bin2hex(mhash(MHASH_sha256,$password)); If you like large annoying text, use SHA-512 to ensure maximum security. bin2hex(mhash(MHASH_sha512,$password)); If you like simplicity, use the crackable SHA-1. sha1($password);

Today, my dad showed me a must-have on stuff like passwords. If you have the newest version of PHP, it's SHA256(string), which is basically a method of encoding text. It was designed by the NSA itself. If you have PHP 4, use this: bin2hex(mhash(MHASH_sha256,string)) If you use this method for a password, it can simply save the result to the MySQL database, and when logging in, use the same method to check if what they entered gets encoded into the same thing as it is in the MySQL database. The best part is that this method isn't reversable, which makes it as secure as possible. Hope this helps for any future sites with passwords.