for instance, say when i sign up, i choose a password "pussycat"
this is encrypted irreversibly to produce its hash, which using PHP's crypt() function, with default salt, is $1$/9jIldg9$eqkm3uG63RSIq.xigi1j21
Note, this will be EXACTLY the same every time you encrypt the string "pussycat", as long as you use the same method, same variables etc.
Therefore, in the database stuff would be stored like this:
Username: paulfp
Password: $1$/9jIldg9$eqkm3uG63RSIq.xigi1j21
Name: Paul Freeman-Powell
Email: [email protected]
.... etc. etc.
So that's secure, because notice that the password's not being stored as plain text. So if someone finds that, whoopy doo... not much they can do with that, cos it's not "pussycat", and there's no way they can get "pussycat" from that string, cos the encryption method is IRREVERSIBLE.
So when someone logs in, first of all you encrypt the password they've entered, and if it's correct it will be extactly the same as that random gobbeldeegook stored in the database. So let them log in
Hope that's clear, once you've got your head around it, it's a very simple concept really
Enter your message below
Sign in or Join us (it's free).