If I have a password field in a MySQL database administered by PhpMyAdmin and they type of the field is password, how do I encrypt the password from the form the user enters the password in the application so that it matches the password field in the database? I hope that made sense. An example would be:

MySQL password field = 12saqjjDho2034
User entered in form = password

How would I encrypt password to equal the 12saqjjDho2034 that is stored in mySQL?

Thanks for any help.

When you post the password to the verification page would you do md5($_POST['password']?

If the password is stored in MYSQL Encrypted using MD5() , then to validate it against a form you would need to do somthing like this

$password = $_POST['password'];
$password = md5($password);

Now your $password variable is Md5 Encrypted , ready for you to check it against the database.

it looks like the mysql password function. but im not sure since putting 'password' to it results in a different string. its not md5 since md5 is 32 characters 0-9A-F.
try "SELECT PASSWORD('YOURPASSWORD')" and see if it matches.

http://dev.mysql.com/doc/mysql/en/encryption-functions.html

So are you saying you don't believe that the password field type in mySQL uses md5?

the password field type in mysql doesnt use md5.

Drew is right , That was my mistake , it is NOT MD5 , it is Password ... Well , it looks like password , so just change md5 to password like this

$password = $_POST['password'];
$password = password($password);

Now $password will be encrypted with password() and NOT md5()

password is a mysql function though, not php so the only way to do it is directly in your sql statement.

$query = "SELECT * FROM users WHERE username = '$user' AND pass = PASSWORD('$pass')";
or
$query = "INSERT INTO users VALUES('$username', PASSWORD('$password'))";

Didnt know that , thanks.

Treeleaf , in the future id recommend using php's MD5() Function , as this is Much More secure then password().

If security is your concern , you could even use a stronger function for encryption , sha1()

Just to let you know for the future.

Would this idea work, do something like:

$password = $_POST['password'];
$password = md5($password);

And then inserted $password into the database would that be secure? Also would it be secure enough when the user posts the form to that page, wouldn't it be oepn to see until it gets to the page and gets encrypted?

If you just inserted $password into the db would you use something like VARCHAR as the field type or would you have to use something else?

Thanks for the continued help.

If you're using md5 for the password then use CHAR(32) as the column type, not varchar. You can also let MySQL do the work for you like this

$query = "INSERT INTO mytable (username, password) VALUES ('$username', MD5('$password'))";

Ok I got it to insert into the database good and encrypted with md5, now my problem is that when I enter the same password into the login.php field and do the same thing that I did on the register.php page, the code is below the encrypts it:

$password = $_POST['Password'];
$password = md5($password);

The login script that I have creates a different set of values and says I didn't enter the right username and password when I know I did, does anyone know how to fix this?

Thanks.

I use shared SSL with my hosting server when I insert the new user and when I allow the user to login so I don't believe that is the problem, anyone have any ideas about this problem? Thanks