Jump to content

encrypting passwords


Nothadoth

Recommended Posts

I am using this to encrypt the password when the user changes his/her password:

 

$enewpass = crypt($newpass);

 

however, when i go to make the user login and do this it returns two different encrypted passwords that do not match despite the password being "test":

 

$password = crypt($_POST['password']);

 

 

 

Why? It is encrypting it differently each time. Can i make it encrypt it the same? Or decrypt it correctly?

 

Thanks

Link to comment
https://forums.phpfreaks.com/topic/59113-encrypting-passwords/
Share on other sites

At the start of your script make a salt. Here I'm going to define a constant:

define("STR_PWSALT",'fditaa7');

 

When you encrypt the password to make a 32 character hash use something like this:

$encpass=md5($password.STR_PWSALT);

 

That adds the salt onto the end of your password then encrypts the lot. That way if someone was to grab your PW hash from the database and try using a web hammer sort of thing on it the chances of them finding it out are greatly reduced. You can change th salt in the define() bit to whatever you want but make sure it stays the same to what you encrypt it as and what you are checking it with.

Link to comment
https://forums.phpfreaks.com/topic/59113-encrypting-passwords/#findComment-293543
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.