pratkal Posted April 16, 2011 Share Posted April 16, 2011 Ok guys while learning i decide to create a login script now issue i have faced is when i encroupt the pass using MD5 pass never ever matches twisewhenever i use same pass to register / loginmd5 does not match the passhow to convert back pass to normal form to check if pass is correct or not Link to comment Share on other sites More sharing options...
thescientist Posted April 16, 2011 Share Posted April 16, 2011 if you save passwords, you should just try and only save the hashed/encrypted version. then when people login, you hash/encrypt the password they've just inputted and compare it the one you have saved.edit: it would be helpful to post the code you have to get a better idea of what's going on. Link to comment Share on other sites More sharing options...
pratkal Posted April 16, 2011 Author Share Posted April 16, 2011 nvm fixed them all thanks please also tell me what is best methord to encrypted a pass Link to comment Share on other sites More sharing options...
justsomeguy Posted April 16, 2011 Share Posted April 16, 2011 First, there's no reason to use MD5 anymore, at a minimum you should use SHA-1.These are not encryption functions. One of the properties of encryption is that it can be decrypted, and you cannot decrypt what you produce from something like SHA-1. These are hash functions, not encryption functions. You cannot get the original value back, you need to hash the value they log in with and check to see if it matches the hash you stored in your database when they registered. A certain string will always hash to the same value, you won't get different hashes if you keep hashing the same string. Link to comment Share on other sites More sharing options...
pratkal Posted April 16, 2011 Author Share Posted April 16, 2011 what is the best encropt methord support by php 5also please check error in the code $status = $row['STATUS'];echo $status;if ($status = '3' ){ echo " you are banned user if you think its a mistake please email the admin $aemail"; die ();}if ($status = '4'){ echo " Your account is not activated if you think this is a mistake Or your didn't recieved the account activation key please email the admin at $aemail using the email you used at the time of registration thank you "; die ();} no metter what does status value come $status = 3 run Link to comment Share on other sites More sharing options...
justsomeguy Posted April 16, 2011 Share Posted April 16, 2011 You can use the mcrypt extension to encrypt and decrypt. There should be several different ciphers supported by your server:http://www.php.net/manual/en/function.mcrypt-encrypt.phpKeep in mind that if anyone got ahold of your database and code, they could decrypt everyone's passwords. That's not possible with a hash like SHA-1. In this:if ($status = '3' )You need to use the == operator to compare. The = operator is for assignment, not comparison. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.