Comments on: How to encrypt user info with php

By: Unreal Media

Unreal Media — Wed, 12 Nov 2008 15:14:10 +0000

Nice tutorial, ill give it a go.

By: CristianDeluxe

CristianDeluxe — Wed, 13 Aug 2008 16:29:38 +0000

Sorry for my bad English.

Good post. Greetings from Spain.

#3 If you need to change the nick you can regenerate the hash and save it again to database it’s easy!.

Other option is have a string saved in your “settings.php” file and use it for generate the hash.

By: Vahur

Vahur — Tue, 29 Jul 2008 19:32:14 +0000

Salt is a good idea, but i also would not use username for it.

By: vishlal parmar

vishlal parmar — Tue, 22 Jul 2008 07:59:46 +0000

a good tutorial for the novice learner like me

By: Weekend Link Roundup: Week 14

Weekend Link Roundup: Week 14 — Sat, 05 Jul 2008 14:02:26 +0000

By: Weekend Link Roundup: Week 13

Weekend Link Roundup: Week 13 — Fri, 04 Jul 2008 04:50:55 +0000

[...] How to encrypt user info with php - Something I didn’t think about when I wrote my article about hashing stored passworrds was adding the username of the hash. This along with salt creates a stronger hash. SHARETHIS.addEntry({ title: “Weekend Link Roundup: Week 13″, url: “http://www.marksanborn.net/links/weekend-link-roundup-week-13/” }); What next? [...]

By: Mark

Mark — Fri, 04 Jul 2008 04:47:45 +0000

For added security you should add salt anyways. :)

By: Scott

Scott — Fri, 04 Jul 2008 03:33:39 +0000

Or you just reset their password when they change their username too. Odds are your script is going to update username and password at the same time anyways.

Also, any reason why you chose crypt and md5 together? Just curious

By: Stefan

Stefan — Wed, 02 Jul 2008 18:50:03 +0000

Brandon: Thanks and you are right. The error message is really only for testing and for a real site you should probably do as you suggest.

Christoph: True, most sites don’t have a reason to change the username though. But if you would want to be able to change the username at will you should not use the username as SALT for the encryption.

By: christoph

christoph — Wed, 02 Jul 2008 18:47:05 +0000

Correct me if I am wrong, but you will never be able to login when you once change the username, as the password is an encrypted combination of username and pwd.