Writing a Basic Authentication System in PHP - Storing Passwords
(Page 2 of 6 )
Before we can begin coding with PHP, we need to first take a brief look at passwords. There are many different ways to manage and store a user's login ID and passwords, but one common method is to store them in a database.
For security purposes, the passwords themselves should not be stored in the database in a plain text manner. Instead, the password can be processed by a one-way, irreversible encryption or hashing function and then the jumbled result is what is actually stored. That means the password supplied later will need to be encrypted/hashed before we compare it with the stored value. If they both match then we know the password is good.
PHP's sha1 function should suffice for our purposes. It accepts a string and returns a 40 character hexadecimal hash representation. This hash cannot be converted back to the original string. The following is an example of sha1 in action:
/ 18 