PHP Tip, using crypt()

If you need to keep track of users’ passwords for authentication – for example, if members have to login to your site – consider storing their password in an encrypted format instead of plaintext. This way, if your database somehow becomes compromised, the passwords for your user accounts are still somewhat safe.

One way to accomplish this is to run each newly created user’s password through PHP’s crypt() function and store the result:

$password = crypt($_POST[password]);

When the user attempts to login, crypt() the password they provide and compare it against the stored encrypted value. If they match, the password provided by the user was valid.

Comments are closed.