In this post I want to explain how to insert encrypted password while registration and accessing the same with login time. I had implement this at labs.9lessons.info login page. I'm just storing encrypted user password in database. Demo username ='test' and password = 'test'
Download Script 
Live DemoDatabase
MySQL admin table columns id, username, passcode.
CREATE TABLE admin
(
id INT PRIMARY KEY AUTO_INCREMENT,
username VARCHAR(50) UNIQUE,
passcode VARCHAR(50)
);
(
id INT PRIMARY KEY AUTO_INCREMENT,
username VARCHAR(50) UNIQUE,
passcode VARCHAR(50)
);
Encrypted Password
Here database table admin password:test encrypted and storing like this
registration.php
Contains PHP and HTML code. Just inserting form values into database table admin
<?php
include("db.php");if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
$username=mysql_real_escape_string($_POST['username']); $password=mysql_real_escape_string($_POST['password']);
$password=md5($password); // Encrypted Password
$sql="Insert into admin(username,passcode) values('$username','$password');";
$result=mysql_query($sql);
echo "Registration Successfully";
}
?>
<form action="registration.php" method="post">
<label>UserName :</label>
<input type="text" name="username"/><br />
<label>Password :</label>
<input type="password" name="password"/><br/>
<input type="submit" value=" Registration "/><br />
</form>
login.php
Login Script accessing the encrypted password. Complete tutorials PHP Login Page Example
<?php
include("db.php");session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
$username=mysql_real_escape_string($_POST['username']); $password=mysql_real_escape_string($_POST['password']);
$password=md5($password); // Encrypted Password
$sql="SELECT id FROM admin WHERE username='$username' and passcode='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1)
{
header("location: welcome.php");
}
else
{
$error="Your Login Name or Password is invalid";
}
}
?>
<form action="login.php" method="post">
<label>UserName :</label>
<input type="text" name="username"/><br />
<label>Password :</label>
<input type="password" name="password"/><br/>
<input type="submit" value=" Login "/><br />
</form>
db.php
Database configuration file.
<?php
$mysql_hostname = "hostname";$mysql_user = "username";
$mysql_password = "password";
$mysql_database = "database";
$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password)
or die("Opps some thing went wrong");
mysql_select_db($mysql_database, $bd) or die("Opps some thing went wrong");
?>
Why not set a session/cookie, store the id in the database, timestamp, etc.?
I would recomend to have a auth class with auth methods, so we can pass the auth method to the whole page.
K, Nice. I am going to do this in Java.
nice script thanks a lot
md5 != Encryption ;)
muy basico para mi
ubieras implementado con ajax y el post te ubiera quedado chulo :P
This is good back in 1990 but things have changed since then.
use salt..
спасибо за подсказку! thanks !
Thank you srinu nice tip,
I want to encrypted password to decrypt , is that possible in php, i want to use in forgot password page.
you don't check POST submitted data for vulnerabilities, that will create major security holes
This is pretty good, but we should note two things:
1. This isn't encryption, it's hashing.
2. It would be even better to salt the hash. For more information on salting database hashes, consult Google.
@anon, he is using mysql_real_escape_string to sanitize for mysql and is NOT echoing the POST values back to the form, there isn't a strict need to htmlentities or strip tags if you are not echoing the data back to your page.
Still point taken, I sanitize all get and post data out of habit/paranoia.
As others have said using MD5 alone is not encryption, it's simply hashing. This method is very insecure if your database were to become vulnerable.
Salt!
I was also mislead by the word "encryption."
Good simple script though.
Thank you. This is really nice for a PHP learner like me. The critics should realize that anyone can enhance or extend your script based on their levels of expertise.
Keep the scripts coming!
If you can read Spanish, you will find a good post about PHP´s login system on this Blog:
http://www.juangiordana.com.ar/blog/2006/11/28/php-login-script/
Regards
I think you need also to secure the communication line between user browser and your server using HTTPS so when user click login button data transfered in encrypted format.
Do NOT use simple md5!
Check out my password hashing class with salt and random iterations:
http://juliusbeckmann.de/blog/php-easy-and-secure-password-hashing-class.html
This is a good example for a First Step in a Tutorial but for a secure and encrypted php login there are more things needed.
e.g.: http://xkcd.com/327/
Lol, why use 50 bytes for password hash
---
passcode VARCHAR(50)
---
when md5 always produces hash of the fixed 32-char width? Also, hashing without salt is one of the worst examples you can provide for beginners.
*Not recommended until rewrite and update.*
Using the crypt function in PHP to encrypt passwords and other data and keep them safe.
thanx nice script i use my web site login but char(50) why md5 = 32 char ?????
thats easy but there is no session cookie/remember me feature
next update you consider it
Hey,
Great script and works perfectly. Thanks so very very much! I searched and searched and tried others and none worked but this one!!!