182x Posted July 26, 2007 Share Posted July 26, 2007 Hey guys, I have developed a login script where the users passwords are stored in the db using the crypt method of encryption. I was just wondering is the following the correct way to assign the encrypted data to a variable so it can be compared in a query? or will this method fail as it is one way encryption? $password = crypt($_POST['password'], 'salthere); //sql here i.e select * from user where uname=$uname and password=$password; Quote Link to comment Share on other sites More sharing options...
lightningstrike Posted July 26, 2007 Share Posted July 26, 2007 Remember that crypt is NOT encryption but rather a one-way hash. As long as the DB stores the hashes your method should work fine. Quote Link to comment Share on other sites More sharing options...
182x Posted July 26, 2007 Author Share Posted July 26, 2007 Thanks for the reply, does the hash code have to be specifically put into the DB or is it ok to just put the variable into the db once the hash has been performed for this method to work? Quote Link to comment Share on other sites More sharing options...
Fadion Posted July 27, 2007 Share Posted July 27, 2007 Never used crypt(), im more confident with md5 or sha1. Also from what ive read (correct me if im wrong), crypt() hashes only the first 8 characters, so you cant use it for passwords longer then 8 chars. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.