Encrypt password

[ryanfilard]

How would I encrypt the password and encrypt all the old users passwords too?

 

Here is part of my code.

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO users (fname, username, password, email) VALUES (%s, %s, %s, %s)",
                       GetSQLValueString($_POST['fname'], "text"),
                       GetSQLValueString($_POST['Username'], "text"),
                       GetSQLValueString($_POST['password'], "text"),
                       GetSQLValueString($_POST['email'], "text"));

[fugix]

To alter passwords that are already in your database, you will need to use an ALTER TABLE statement. As fir the encryption of new passwords bring entered into your db, what type of encryption are you looking to use? Salt, sha1, hash, md5 etc

[ryanfilard]

md5

[redixx]

md5

 

MD5 is hashing not encrypting. And you should avoid it like the plague.

 

See this topic: http://www.phpfreaks.com/forums/index.php?topic=336473.0

[ryanfilard]

I will use salt

[redixx]

Even if you use salts, md5 is not a safe option. At the very very least, use sha1 instead (which has exactly the same usage as md5, so there's no excuses).

[ryanfilard]

alright

[fugix]

You'll want to use the sha1() function before insertion into your database. Since sha1 is 160, and depending on how many bits pwr character, would effect the length of the value, 20 or 40. So I recommend using BINARY(20) and the UNHEX function to convert the SHA1 value to binary.