inserting and retriving the passwords

Anon

Hi,

I am running PHP+MySQL+Apache on a UNIX box. I am creating an application which inserts the password information for the users in a MySQL table. I want this password to be encrypted when inserted in the table.

I am also creating a web interface which allows select users to view username and password information using the browsers.

Is there a way to encrypte and decript the password using any PHP or MySQL function.

Thanks in advance.

Vijay

deckrdx

In my experience there is no way to decrypt the password, and if you did find a way, I would consider that a serious security issue. You can use md5() to store the hash of the password in the database, but you wouldn't be able to look it up, just change it if you need to reset it. This operates just as NT or UNIX user accounts operates.

Anon

You can just use mcrypt to encrypt/decrypt the passwords, but as Chad says, it should only be 1-way, so no-one can get your password.

$sql="select id from users where (username='$username', password='".md5($password)."')";

if you have a return, your user is ok.

Anon

I think that it is a bad idea to have a hash of a password stored in a database if this hash can be reversed.

MySql has password() as its internal function that generates one way hash. The great thing with one way encryption that if anybody will crack your database they won't be able to get passwords since the hashes are irreversable.

You can use MySql internal function password() or md5().