md4

[mbvo]

I'm working on writing a forum and would like to store the passwords as hashes.  is there some function built into php to do so?  or is there a php file i could download containing that function?

[extrovertive]

MD5 or SHA1 would work.

You can try this http://www.openwall.com/phpass/

[mbvo]

I don't get this, I downloaded phpass-0.0 and extracted to my htdocs, and ever time i refresh test.php it gives me something differant.  are these the password hashes that would be saved to the database? and if so why do they keep changing and how do i compare 2 hashes that rn't identical?

[radar]

Personally I would use MD5 -- its the most secure that ive found.. 

So when they register you run this..

$pw = md5($_POST['password']);

then when they log in you do this...
[code]
<?php
$pw = md5($_POST['password']);
$un = $_POST['username'];
$query = mysql_query("SELECT * FROM users WHERE username LIKE BINARY '$un' AND password = '$pw'");
$query = mysql_fetch_assoc($query);
if (sizeof($query) == "" || sizeof($query) == "0") {
// invalid user
} else {
// valid user
}
?>
[/code]

Thats a quick type job and might contain some errors though for the most part should work.. 

note: using LIKE BINARY in your query will make it so the username is case sensitive..  its the same I way I do mine.

[mbvo]

isn't the correct syntax:

"SELECT * FROM users WHERE username LIKE BINARY '" . $un . "' AND password = '" . $pw . "'"

not:

"SELECT * FROM users WHERE username LIKE BINARY '$un' AND password = '$pw'"

or will both work?

[radar]

Both will work...  now if you did it like this..

'SELECT * FROM users WHERE username LIKE BINARY '$un' AND password = $pw'

it would not...  if you are going to submit strings in your query you have to use " at the beginning and end and escape the string by using ' around it...  Thats the way I've always done it though sometimes I'll do it like the way you've shown -- well almost..