PHP Expert
Nilesh Pawar

If you run a serious webpage where you save login information for your members to a database it is generally a very good idea to perform some kind of encryption on these password to prevent the information to be shared in case your datebase would be hacked.

Encryption is very easy to do with PHP in fact all you need to perform a “one way encryption” is the function crypt(). As an example say that we have the variables $user and $password and we want to encrypt the $password variable before we store it in the database. To do this we use the following function:

$crypted_pass = crypt(md5($password),md5($user));

What this does is that it generates an encrypted string from the md5 encoded $password with the $user string as security salt and voila we have an encrypted string ready to be saved to the database. This string can not be decrypted so if we want to use it to verify if someone typed in a correct password for a specific user we need to encode the input in the same way and compare it to the encrypted password.

$try_password = crypt(md5($password),md5($user));
  if($crypted_pass == $try_password)
   echo "success";
else
   echo "wrong password";

Now with the passwords encrypted we will buy enough time to be able to change everyones user info in case of the database being hacked and the information leaked.