182x Posted July 26, 2007 Share Posted July 26, 2007 Hey guys, I have developed a login script where the users passwords are stored in the db using the crypt method of encryption. I was just wondering is the following the correct way to assign the encrypted data to a variable so it can be compared in a query? or will this method fail as it is one way encryption? $password = crypt($_POST['password'], 'salthere); //sql here i.e select * from user where uname=$uname and password=$password; Link to comment https://forums.phpfreaks.com/topic/61913-crypt/ Share on other sites More sharing options...
lightningstrike Posted July 26, 2007 Share Posted July 26, 2007 Remember that crypt is NOT encryption but rather a one-way hash. As long as the DB stores the hashes your method should work fine. Link to comment https://forums.phpfreaks.com/topic/61913-crypt/#findComment-308279 Share on other sites More sharing options...
182x Posted July 26, 2007 Author Share Posted July 26, 2007 Thanks for the reply, does the hash code have to be specifically put into the DB or is it ok to just put the variable into the db once the hash has been performed for this method to work? Link to comment https://forums.phpfreaks.com/topic/61913-crypt/#findComment-308356 Share on other sites More sharing options...
Fadion Posted July 27, 2007 Share Posted July 27, 2007 Never used crypt(), im more confident with md5 or sha1. Also from what ive read (correct me if im wrong), crypt() hashes only the first 8 characters, so you cant use it for passwords longer then 8 chars. Link to comment https://forums.phpfreaks.com/topic/61913-crypt/#findComment-308471 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.