bmdsherman Posted August 19, 2009 Share Posted August 19, 2009 I have a mysql database that stores usernames and passwords and I was wondering if there is any way to hide or somehow encrypt the passwords so that I can't see them in phpmyadmin, but the login and register forms still work. Any help would be appreciated! Quote Link to comment https://forums.phpfreaks.com/topic/171066-solved-mysql-encrypthide-passwords/ Share on other sites More sharing options...
corbin Posted August 20, 2009 Share Posted August 20, 2009 You could use something like md5. Store the hashed password in the database and when ever the user submits his password, hash it and compare against the one in the database. Let's say x is the password, and h is the hashing function. Now say z = h(x) (z would be stored in the database). For user input a, if h(a) = z then allow the user to login. Quote Link to comment https://forums.phpfreaks.com/topic/171066-solved-mysql-encrypthide-passwords/#findComment-902207 Share on other sites More sharing options...
bmdsherman Posted August 20, 2009 Author Share Posted August 20, 2009 Thanks, but what about the passwords that are already in there? Quote Link to comment https://forums.phpfreaks.com/topic/171066-solved-mysql-encrypthide-passwords/#findComment-902210 Share on other sites More sharing options...
corbin Posted August 20, 2009 Share Posted August 20, 2009 Hrmmm.... Well if you wanted to MD5 them all, that would be simple. You would need to change the field to a varchar(32) field (really it could be a char(32), but since you're converting it will need to be varchar, and in this situation it doesn't make much of a difference anyway). You would want to do something like: ALTER TABLE users CHANGE password password VARCHAR(32); Then: UPDATE users SET password = MD5(password); Quote Link to comment https://forums.phpfreaks.com/topic/171066-solved-mysql-encrypthide-passwords/#findComment-902219 Share on other sites More sharing options...
bmdsherman Posted August 20, 2009 Author Share Posted August 20, 2009 I already did it manually but thanks. Quote Link to comment https://forums.phpfreaks.com/topic/171066-solved-mysql-encrypthide-passwords/#findComment-902222 Share on other sites More sharing options...
corbin Posted August 20, 2009 Share Posted August 20, 2009 Quote Link to comment https://forums.phpfreaks.com/topic/171066-solved-mysql-encrypthide-passwords/#findComment-902239 Share on other sites More sharing options...
TeNDoLLA Posted August 20, 2009 Share Posted August 20, 2009 You could also use sha1(), if you have need to restore user passwords someday. If you are using md5 there is no way you can ever retrieve a lost password, then you must reset the password. Quote Link to comment https://forums.phpfreaks.com/topic/171066-solved-mysql-encrypthide-passwords/#findComment-902326 Share on other sites More sharing options...
corbin Posted August 20, 2009 Share Posted August 20, 2009 Ermmmm.... Isn't sha1 a hashing algorithm too? Quote Link to comment https://forums.phpfreaks.com/topic/171066-solved-mysql-encrypthide-passwords/#findComment-902475 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.