For user’s password entered in a form before post, I simply just do <?php

Question

0

Asked: May 28, 20262026-05-28T19:24:42+00:00 2026-05-28T19:24:42+00:00

For user’s password entered in a form before post, I simply just do <?php

0

For user’s password entered in a form before post, I simply just do

<?php
   $pass=crypt($_POST['memberpwd']);   
?>

But how can I later get the plaintext of that password in case the user may request ? Thank you.

EDIT: I found How can I encrypt password data in a database using PHP? and http://www.securityfocus.com/blogs/262, but I would just want to learn about this at a more basic level to understand the ways as to how it actually works.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-28T19:24:44+00:00

Look at my answer to a related question.

Basically, you never ever ever store plaintext passwords. Databases can be compromised and most users use a universal password, which will allow the attacked to have access to tons of data. And it will be your fault (to some extent).

Hashing (in your case) works on this principle:

if hash(session.password) == database.hashed_password:
   # You can safely assume session.password == database.password.
   # Notice that I don't store database.password, but instead store:
   #
   #    database.hashed_password = hash(register.password)
   #
   # when the user registers. That way nobody will ever know the password.

You can also use salts to make your hashes more secure. The same principle holds:

if hash(session.password + 'imasalt') == database.hashed_password_with_salt:
   # Same as above.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

For user’s password entered in a form before post, I simply just do <?php

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply