Password input help

[Drezard]

Hello, with password input fields on any big website (such as hotmail.com, yahoo.com, this site) when u input your password it automatically changes it to ******. What is the code for this?

- Cheers, Daniel

[Demonic]

its just the input type

<input type='password'>

just for security issues i think

[hostfreak]

So anyone looking over you shoulder can't see your password.

[Demonic]

yeah and when you refresh pasword field is left empty so your password wont be leaking the net :O

[redarrow]

also to add please also remeber to use md5 for the password within the code to prevent hacking.
[code]
<?php
$password=trim($password);
$password=addslashes($_POST['password']);
$password=md5($password);
?>
[/code]

there are also meny other functions to encode php passwords the best to days date is to use md5 and salt but i think md5 ok.

good luck.

[Drezard]

Then what do i do on the other end when im trying to access the password. Will it automatically un-encrypt it?

- Cheers, Daniel

[redarrow]

no md5 is one way encription you can not decript and also not show the password as the password the user put in the database.

if you need to show the password then i sugest you use mycript or you use base64_encript and base64_decript ok.

warning remember that base64 has been around for a long time and there are meny database websites with millions of cracked code that why we all use md5.

[Drezard]

How do i do that (Can u give me an example of it like encryption).

Thanks, Daniel

[HuggieBear]

The idea when using md5 is to encrypt the password before you insert it into the database.  When a user enters his username and password to log in, you encrypt the password again using md5, and then compare it with what's in the database.  You don't decrypt.

It means users cant have their old one sent to them if they forget it, but they can have it reset.

Regards
Rich

[redarrow]

what example do you want m8.

[Drezard]

Well if I use HuggieBear's example would there be any way to send users their password?

- Cheers, Daniel

[redarrow]

no.

a user will no there password what you need to do is add a colum in the database next to members and then send a link to the user to press the activate the account then the database gets example a yes in the new colum then the user can log in.

the only time you will ever need to do somethink with a md5 password is to update the database if the user has lost it.

good luck.

[extrovertive]

I noticed some membership sites where you lost you password, you have to reset it while for other sites, if you forgot your password, it will be sent to you.

The former in their database use some kind of hashing/encryption.

The latter are sites where they store your password directly in the database.