View Full Version : passwords in php/mysql

02-02-2009, 03:28 PM
hi peeps.

i have designed a new system for a client, based on a system we have currently here.

the problem is that in our system (which i administrate) i can see our passwords (due to people having the memory of a sieve) so i took out the code that encrypted/hashed/whatever-its-called passwords, so they cant be viewed.

so, how can i incorporate hiding the passwords again?

i tried password() when putting back into mysql, but then i couldnt log in with the password any more?!?!

help!!!!!!!! thanks! :confused:

02-02-2009, 03:41 PM
You can choose from md5() (http://webcheatsheet.com/php/md5_encrypt_passwords.php) or sha1() (http://phpsec.org/articles/2005/password-hashing.html).

02-02-2009, 03:59 PM
thanks mate. :)

02-03-2009, 07:06 AM
If you have the ability to, I would use salted, hashed passwords. You could use a random individual salt for each user (new database table possibly), and concatenate the salt and password being submitted together and see if it matches the md5/sha1 sum in the database.

02-03-2009, 09:16 AM
the basic one above will work fine - this isnt on the web, its just a little system to sit on a box at one of my clients. if it were web enabled i might look into more security