Busy — Wed, 09 Nov 2005 09:37:11 +0000

md5 is pretty good, but long. can be shortened

Think there is a thread around somewhere on md5 passwords

Renegade — Wed, 09 Nov 2005 08:27:39 +0000

Thanks for replying imjpriebe, I found out that it's not recommended to use the password function of MySQL.

A better way would be to encrypt the password first, and then put it into the database as text. That way, even if someone gets a hold of your database, they won't easily get the passwords. Or something like that.

After that, to check, as you say, is to encrypt the password that the user inputs.

Renegade — Wed, 09 Nov 2005 08:10:49 +0000

What algorithm does MySQL use and how can I check that the right password has been used? This is the query that I used:

INSERT INTO `user` ( `userID` , `username` , `password` , `userlevel` )
VALUES (
'', '<username>', PASSWORD( '<password>' ) , '<userlevel>'
);

timjpriebe — Tue, 08 Nov 2005 13:19:46 +0000

I find it works to do it in the SQL code itself. If it's encrypted in the database, you don't unencrypt it, you just encrypt the one the user just tried to enter.

This is pseudo code, but...

$sql = "SELECT * WHERE username = '$_POST['username']' AND 
password = password('$_POST['password']')";

$ref = $sql->execute();

if ($ref->rows())
{
  echo "You're in.";
}
else
{
  echo "Nice try, but I don't think so.";
}