Jump to content

Archived

This topic is now archived and is closed to further replies.

Drezard

Password input help

Recommended Posts

Hello, with password input fields on any big website (such as hotmail.com, yahoo.com, this site) when u input your password it automatically changes it to ******. What is the code for this?

- Cheers, Daniel

Share this post


Link to post
Share on other sites
yeah and when you refresh pasword field is left empty so your password wont be leaking the net :O

Share this post


Link to post
Share on other sites
also to add please also remeber to use md5 for the password within the code to prevent hacking.
[code]
<?php
$password=trim($password);
$password=addslashes($_POST['password']);
$password=md5($password);
?>
[/code]

there are also meny other functions to encode php passwords the best to days date is to use md5 and salt but i think md5 ok.

good luck.

Share this post


Link to post
Share on other sites
Then what do i do on the other end when im trying to access the password. Will it automatically un-encrypt it?

- Cheers, Daniel

Share this post


Link to post
Share on other sites
no md5 is one way encription you can not decript and also not show the password as the password the user put in the database.

if you need to show the password then i sugest you use mycript or you use base64_encript and base64_decript ok.

warning remember that base64 has been around for a long time and there are meny database websites with millions of cracked code that why we all use md5.

Share this post


Link to post
Share on other sites
The idea when using md5 is to encrypt the password before you insert it into the database.  When a user enters his username and password to log in, you encrypt the password again using md5, and then compare it with what's in the database.  You don't decrypt.

It means users cant have their old one sent to them if they forget it, but they can have it reset.

Regards
Rich

Share this post


Link to post
Share on other sites
Well if I use HuggieBear's example would there be any way to send users their password?

- Cheers, Daniel

Share this post


Link to post
Share on other sites
no.

a user will no there password what you need to do is add a colum in the database next to members and then send a link to the user to press the activate the account then the database gets example a yes in the new colum then the user can log in.

the only time you will ever need to do somethink with a md5 password is to update the database if the user has lost it.

good luck.

Share this post


Link to post
Share on other sites
I noticed some membership sites where you lost you password, you have to reset it while for other sites, if you forgot your password, it will be sent to you.

The former in their database use some kind of hashing/encryption.

The latter are sites where they store your password directly in the database.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.