Encrypt password for web security using PHPEncrypting information is crucial in the world of web development. In other words securing data is vital for obvious reasons in web based services like online shopping, e-banking, emails, intranet structures ++.
For detailed description on the general topic of Encryption click here
To encrypt information like passwords PHP provides a function called md5(). In this article we will explain how to use this function to retrieve and store passwords in a database for a web based application.
md5() function converts any string supplied to it into a 128bit, 32 character string. The interesting thing about hashing is that it is impossible to decode a message by examining the hash, because the hashed result is in no way related to the content of the original plain text, to make it clear let me give you an example.
Your password=mypass
md5 converts it into a029d0df84eb5549c641e04a9ef389e5
Try this example to get the complete idea
<?
$password = "mypass";
$encrypted_password = md5($password); //encrypting the password using md5()
echo "Un-encrypted Password: $password";
echo "Encrypted Password: $encrypted_password";
?>
So everything clear there? If yes then lets move on.....
Example:
Consider this scenario
* Step1: A database table stores username and passwords where the passwords are encrypted.
* Step2: A login page where the user enters username and password
* Step3: Entered password is encrypted and compared against the stored password
* Step4: If both the password match access is granted
* Step5: Else the username and password is asked again
A database table stores username and passwords where the passwords are encrypted. Let's assume that our table name is "user" and this is the structure of our table
"user" Table with sample dataCREATE TABLE `user` (
`username` VARCHAR( 12 ) NOT NULL ,
`password` VARCHAR( 100 ) NOT NULL ,
PRIMARY KEY ( `username` )
);
# Data for table `user`
INSERT INTO user VALUES ('sam', 'a722c63db8ec8625af6cf71cb8c2d939');
INSERT INTO user VALUES ('tony', 'a029d0df84eb5549c641e04a9ef389e5');
The table has two records with the following data:
Username Password
sam pass1
tony mypass
* Note that the passwords stored in the database are encrypted using md5().A login page where the user enters username and passwordlogin.php
<HTML>
<BODY>
<form method=post action=check.php>
User Name <input type=text name=username>
Password <input type=password name=password>
<input type=submit>
</form>
</body></html> Entered password is encrypted and compared against the stored password
If both the password match access is granted
Else the username and password is asked againcheck.php
<?PHP
//from login.php page
$username = $_POST['username'];
$password = $_POST['password'];
//db connection string
$db = mysql_connect("localhost","root","pass");
mysql_select_db("my_database",$db);
//replace the above values with your actual database val
//We will now retrive the password from the database
$sql_query = mysql_query("SELECT password FROM user WHERE username='$username'",$db);
$rs = mysql_fetch_row($sql_query);
//comparing passwords
Note before we can compare the password we use md5() to encrypt the $password becuase the password that we retrive from the database is in the encrypted form.
if(md5($password) != $rs[0]) //If both the password match access is granted
echo "Access Granted";
else
echo "Enter the correct username and password!"; //Else the username and password is asked again
?>