pb1uk Posted November 10, 2010 Report Share Posted November 10, 2010 Hi all, I'm looking at how best to store user login details in a database. Currently i'm just working locally on my laptop using xampp (phpmyadmin). At the moment the password column is just a varchar field, when this goes online I assume this won't be safe. Is there a different method of storage, maybe a blob? Thanks, pb1uk Quote Link to comment Share on other sites More sharing options...
falkencreative Posted November 10, 2010 Report Share Posted November 10, 2010 Using a varchar column type is fine. However, it's considered bad practice to store passwords in plain text in the database. For example, if the password is "password1" you would want to store an encrypted version rather than just "password1" so if anyone gets access to the database, they don't immediately have access to everyone's usernames/passwords. There are a range of ways to encrypt passwords... I usually use MD5 plus a salt (a random couple characters added to the end of the password to make it more random. For example: $password = $_POST['password']; $salt = "8dC_9Kl?"; $encrypted password = md5($password . $salt); The encrypted password would be stored in the database. Then, if you wanted to log the user in and compare what they entered against the database: $db_password = ""; //get the password from the database if (md5($password . $salt) == $db_password) { // continue... } I cover this in my PHP login series. Quote Link to comment Share on other sites More sharing options...
pb1uk Posted November 11, 2010 Author Report Share Posted November 11, 2010 Brilliant, thanks falken. I'll have a crack at that over the weekend. Quote Link to comment Share on other sites More sharing options...
Guest khalida Posted November 11, 2010 Report Share Posted November 11, 2010 Very Nice I'm also interested in knowing more about this Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.