bmdsherman Posted August 19, 2009 Share Posted August 19, 2009 I have a mysql database that stores usernames and passwords and I was wondering if there is any way to hide or somehow encrypt the passwords so that I can't see them in phpmyadmin, but the login and register forms still work. Any help would be appreciated! Link to comment https://forums.phpfreaks.com/topic/171066-solved-mysql-encrypthide-passwords/ Share on other sites More sharing options...
corbin Posted August 20, 2009 Share Posted August 20, 2009 You could use something like md5. Store the hashed password in the database and when ever the user submits his password, hash it and compare against the one in the database. Let's say x is the password, and h is the hashing function. Now say z = h(x) (z would be stored in the database). For user input a, if h(a) = z then allow the user to login. Link to comment https://forums.phpfreaks.com/topic/171066-solved-mysql-encrypthide-passwords/#findComment-902207 Share on other sites More sharing options...
bmdsherman Posted August 20, 2009 Author Share Posted August 20, 2009 Thanks, but what about the passwords that are already in there? Link to comment https://forums.phpfreaks.com/topic/171066-solved-mysql-encrypthide-passwords/#findComment-902210 Share on other sites More sharing options...
corbin Posted August 20, 2009 Share Posted August 20, 2009 Hrmmm.... Well if you wanted to MD5 them all, that would be simple. You would need to change the field to a varchar(32) field (really it could be a char(32), but since you're converting it will need to be varchar, and in this situation it doesn't make much of a difference anyway). You would want to do something like: ALTER TABLE users CHANGE password password VARCHAR(32); Then: UPDATE users SET password = MD5(password); Link to comment https://forums.phpfreaks.com/topic/171066-solved-mysql-encrypthide-passwords/#findComment-902219 Share on other sites More sharing options...
bmdsherman Posted August 20, 2009 Author Share Posted August 20, 2009 I already did it manually but thanks. Link to comment https://forums.phpfreaks.com/topic/171066-solved-mysql-encrypthide-passwords/#findComment-902222 Share on other sites More sharing options...
corbin Posted August 20, 2009 Share Posted August 20, 2009 Link to comment https://forums.phpfreaks.com/topic/171066-solved-mysql-encrypthide-passwords/#findComment-902239 Share on other sites More sharing options...
TeNDoLLA Posted August 20, 2009 Share Posted August 20, 2009 You could also use sha1(), if you have need to restore user passwords someday. If you are using md5 there is no way you can ever retrieve a lost password, then you must reset the password. Link to comment https://forums.phpfreaks.com/topic/171066-solved-mysql-encrypthide-passwords/#findComment-902326 Share on other sites More sharing options...
corbin Posted August 20, 2009 Share Posted August 20, 2009 Ermmmm.... Isn't sha1 a hashing algorithm too? Link to comment https://forums.phpfreaks.com/topic/171066-solved-mysql-encrypthide-passwords/#findComment-902475 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.