Dev By Troy

I had not done any user registration type stuff in the past and needed to figure this out. I wanted to store an encrypted password in a database, and then be able to compare a submitted pw at login.

I tried using crypt() and it did successfully store the encrypted password in the db. Then I need to be able to compare it to form submitted pw to let the user login. I tried to just encrypt the submitted pw the same way, but this didn’t work.

There is a second “optional” argument (salt string) for the crypt() function, but for my purposes, this was required. I used the salt method described on the site below and it worked like a charm. I can’t pretend that I understand exactly how the salt works, but it does.

I found the solution here: http://php.ss23.geek.nz/2011/01/12/Using-crypt.html

$Salt = uniqid(); // Could use the second parameter to give it more entropy.
$Algo = ’6′; // This is CRYPT_SHA512 as shown on http://php.net/crypt
$Rounds = ’5000′; // The more, the more secure it is!

// This is the “salt” string we give to crypt().
$CryptSalt = ‘$’ . $Algo . ‘$rounds=’ . $Rounds . ‘$’ . $Salt;

$PASSWORD = crypt($PASSWORD_REG,$CryptSalt);

<?php

// the first part assigns all the MySQL/database login info to variables
$server = ‘localhost’;  // This is the server URL.
$un = ‘root’;  // This is the database user name.
$db = ‘log’;   // This is the name of the database
$pw = ”;   // This is the database password

// Connect and select.

if ($dbc = @mysql_connect ($server, $un, $pw)) // Connect MySQL
{
if (@mysql_select_db ($db)) // Selects the database

{print (‘  <p>The Database “‘.$un.’” has been selected </p>’);}

else
{die (‘<p>Could not select Datebase “‘.$un.’” <b>’ . mysql_error() . ‘</b></p>’);}
}
else
{die (‘<p>Could not connect to MySQL because: <b>’ . mysql_error() . ‘</b></p>’);}
?>